Legal

Privacy Policy

Fonda AI — www.fondaai.com

1. Introduction

Fonda AI (“we,” “us,” or “our”) is a Canadian AI automation agency and consultancy headquartered in Canada. We specialize in providing artificial intelligence automation solutions, AI consulting, workflow automation, and related technology services to businesses and organizations. We are committed to protecting the privacy and personal information of our clients, website visitors, and all individuals who interact with our services. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy legislation.

By accessing our website at www.fondaai.com or using our services, you consent to the practices described in this Privacy Policy. We encourage you to read this document carefully so that you understand your rights and our obligations regarding your personal information.

2. Definitions

Personal Information means any factual or subjective information, recorded or not, about an identifiable individual. This includes, but is not limited to: name, email address, phone number, mailing address, billing information, IP address, device identifiers, usage data, and any other information that can be used to identify an individual, as defined under PIPEDA.

Commercial Activity means any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, as defined under PIPEDA.

3. Our Commitment to the Ten Fair Information Principles

Fonda AI is committed to compliance with the ten fair information principles set out in Schedule 1 of PIPEDA, which form the foundation of our privacy practices:

Accountability: Fonda AI is responsible for personal information under our control and has designated a Privacy Officer to oversee compliance.

Identifying Purposes: We identify the purposes for collecting personal information at or before the time of collection.

Consent: We obtain meaningful consent for the collection, use, or disclosure of personal information, except where permitted or required by law.

Limiting Collection: We limit the collection of personal information to what is necessary for the identified purposes.

Limiting Use, Disclosure, and Retention: Personal information is used or disclosed only for the purposes for which it was collected, except with consent or as required by law, and is retained only as long as necessary.

Accuracy: We keep personal information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.

Openness: We make readily available specific information about our policies and practices relating to the management of personal information.

Individual Access: Upon request, we will inform an individual of the existence, use, and disclosure of their personal information and provide access to that information, subject to certain exceptions.

Challenging Compliance: An individual may challenge our compliance with these principles by contacting our Privacy Officer.

4. Information We Collect

4.1 Information You Provide to Us

We may collect personal information that you voluntarily provide to us when you:

Contact us through our website, email, phone, or other communication channels
Request a consultation, quote, or proposal for our AI automation or consulting services
Enter into a contract or service agreement with us
Subscribe to our newsletter, blog, or other communications
Participate in surveys, promotions, or events
Apply for employment, freelance, or contract positions with Fonda AI

This information may include your name, email address, phone number, mailing address, company name, job title, project details, business process information, system and workflow data, billing and payment information, and any other information you choose to provide in connection with our AI automation and consulting engagements.

4.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including:

IP address and approximate geographic location
Browser type, operating system, and device information
Pages visited, time spent on pages, and navigation patterns
Referring website or source
Cookies and similar tracking technologies (see Section 10 below)

4.3 Information from Third Parties

We may receive personal information about you from third-party sources, including business partners, analytics providers, and publicly available sources. We only use this information in accordance with this Privacy Policy and applicable law.

4.4 SMS Communications and Mobile Opt-In Information

We may collect your mobile phone number when you voluntarily provide it to us through our website forms, consultation requests, service agreements, event registrations, or other communication channels and expressly opt in to receive SMS (text message) communications from us.

By providing your mobile number and opting in, you consent to receive SMS communications from Fonda AI related to:

Appointment confirmations and reminders
Consultation scheduling and project updates
Service-related notifications
Responses to inquiries you have submitted
Limited marketing or promotional communications (where you have expressly consented)

We do not send unsolicited SMS messages. Message frequency will vary depending on your interaction with us and the nature of our services. Standard message and data rates may apply depending on your mobile carrier.

You may opt out of receiving SMS communications at any time by replying “STOP” to any message you receive from us or by contacting our Privacy Officer. Upon opting out, you will no longer receive text communications from Fonda AI unless you re-subscribe or initiate further communication.

We take SMS consent seriously and maintain records of opt-in preferences in accordance with applicable anti-spam legislation, including Canada’s Anti-Spam Legislation (CASL), where applicable.

5. Purposes for Collecting Personal Information

We collect and use personal information for the following purposes:

To provide, deliver, and improve our AI automation solutions, consulting services, and fulfill contractual obligations
To communicate with you about your inquiries, AI automation projects, consulting engagements, and our services
To process payments and manage billing
To send you marketing and promotional communications (with your consent)
To personalize and improve your experience on our website
To analyze website usage and optimize our digital presence
To comply with legal obligations and enforce our agreements
To protect against fraud, unauthorized transactions, and other liabilities
To consider applications for employment or contract work

We will not use your personal information for any purpose other than those identified at or before the time of collection, unless we obtain your further consent or are otherwise permitted or required by law.

6. Consent

We rely on the following forms of consent as appropriate under PIPEDA:

Express Consent: We obtain your explicit agreement before collecting, using, or disclosing sensitive personal information, or when required by law. This may include opt-in mechanisms for marketing communications or service-specific consent forms.

Implied Consent: In certain circumstances, your consent may be implied by your actions or the context of the interaction. For example, providing your email address when submitting a business inquiry implies consent for us to respond to that inquiry.

Withdrawal of Consent: You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, please contact our Privacy Officer using the contact details in Section 15. We will inform you of the implications of withdrawing consent.

7. Disclosure of Personal Information

We may disclose your personal information in the following circumstances:

Service Providers: We may share personal information with trusted third-party service providers who perform services on our behalf, such as cloud hosting, AI and machine learning platforms, payment processing, analytics, project management tools, and marketing services. These providers are contractually bound to protect your personal information and use it only for the purposes we specify.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your personal information.

Legal Requirements: We may disclose personal information where required by law, regulation, court order, or governmental authority, or where disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

With Your Consent: We may disclose your personal information for other purposes with your express consent.

7.1 Mobile Information and No Sale of Phone Numbers

Fonda AI does not sell, rent, trade, or otherwise share your mobile phone number or SMS opt-in information with third parties for their marketing or promotional purposes.

Mobile contact information collected through SMS opt-in forms, service inquiries, or other communications is used solely for internal business purposes, including responding to inquiries, providing requested services, and communicating regarding our AI automation and consulting engagements.

We do not share mobile numbers with third parties except:

With authorized service providers who assist us in delivering SMS services (such as messaging platforms or communication providers), and only under contractual obligations that require confidentiality and appropriate safeguards
Where required by law, regulation, court order, or governmental authority

If you choose not to proceed with business services, your phone number will not be used for unsolicited future calls, spam, or marketing messages. You will only receive communications that you have expressly consented to receive, and you may withdraw your consent at any time.

We implement appropriate administrative, technical, and physical safeguards to protect mobile information from unauthorized access, misuse, or disclosure.

8. Cross-Border Transfers of Personal Information

In the course of providing our AI automation and consulting services, personal information may be transferred to, stored, or processed in jurisdictions outside of Canada, including the United States or other countries where our service providers and AI platform partners operate. When personal information is transferred outside of Canada, it may be subject to the laws of the jurisdiction in which it is held, including lawful access requests by courts, law enforcement, and national security authorities.

We take reasonable steps to ensure that any third party to whom we transfer personal information provides a comparable level of protection. Contractual agreements with our service providers require them to implement appropriate safeguards and comply with applicable privacy laws.

9. Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. When personal information is no longer needed, we will securely destroy, erase, or anonymize it using appropriate methods.

Factors that determine retention periods include the nature of the information, the purposes for which it was collected, legal and regulatory requirements, and ongoing business needs such as maintaining records for auditing, dispute resolution, or enforcement of agreements.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand how visitors interact with our site. Cookies are small text files placed on your device when you visit a website.

10.1 Types of Cookies We Use

Essential Cookies: Required for the basic functioning of the website. These cannot be disabled.

Analytics Cookies: Help us understand how visitors use our website by collecting aggregated, anonymous data.

Functional Cookies: Allow us to remember your preferences and provide enhanced features.

Marketing Cookies: Used to deliver relevant advertising and track campaign performance.

10.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Under PIPEDA, we obtain your consent before placing non-essential cookies on your device where required.

11. Safeguards

We implement physical, organizational, and technological security measures to protect personal information against unauthorized access, disclosure, copying, use, modification, loss, or theft. These safeguards include:

Encryption of data in transit and at rest
Access controls and authentication measures to limit access to personal information to authorized personnel
Secure storage systems and firewalls
Regular security assessments and vulnerability testing
Employee training on privacy and data protection practices
Confidentiality agreements with employees and contractors

The level of protection we apply is proportionate to the sensitivity of the personal information in our care.

12. AI-Specific Data Practices

As an AI automation agency and consultancy, Fonda AI may process data on behalf of our clients in the course of developing, implementing, and managing AI-powered automation solutions. The following practices apply specifically to our AI-related services:

Client Data Processing: When we build or deploy AI automation solutions for clients, we may process personal information on their behalf as a service provider. In such cases, the client remains the data controller, and our processing is governed by the terms of our service agreement with the client. We process client data only as instructed and for the purposes specified in our engagement.

Third-Party AI Tools and Platforms: Our services may involve the use of third-party AI platforms, machine learning tools, cloud computing services, and automation software. We carefully select providers that maintain appropriate privacy and security standards, and we ensure contractual safeguards are in place to protect any personal information processed through these tools.

Automated Decision-Making: Where our AI automation solutions involve automated decision-making that may significantly affect individuals, we work with our clients to ensure that appropriate transparency, human oversight, and recourse mechanisms are in place in accordance with PIPEDA and applicable law.

Data Minimization in AI Development: We apply the principle of data minimization to all AI projects. We use only the minimum amount of personal information necessary to achieve the objectives of the automation solution, and we anonymize or de-identify data wherever possible.

13. Breach of Security Safeguards

In accordance with PIPEDA and the Breach of Security Safeguards Regulations (SOR/2018-64), Fonda AI will:

Report to the Office of the Privacy Commissioner of Canada (OPC) any breach of security safeguards involving personal information under our control that creates a real risk of significant harm to individuals
Notify affected individuals as soon as feasible when a breach creates a real risk of significant harm
Notify any other organizations or government institutions that may be able to reduce the risk of harm resulting from the breach
Maintain a record of every breach of security safeguards involving personal information under our control, regardless of whether the breach triggers reporting and notification obligations

“Significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on credit records, and damage to or loss of property.

14. Your Rights Under PIPEDA

As an individual whose personal information is held by Fonda AI, you have the following rights:

Right of Access: You have the right to request access to your personal information held by us. We will respond to your request within 30 days of receipt.

Right to Correction: You may challenge the accuracy and completeness of your personal information and have it amended as appropriate.

Right to Withdraw Consent: You may withdraw your consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions.

Right to Complain: If you believe that we have not handled your personal information properly, you have the right to file a complaint with our Privacy Officer. If the matter is not resolved to your satisfaction, you may file a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, please contact our Privacy Officer using the information provided in Section 15. We may require you to verify your identity before processing your request.

15. Privacy Officer Contact Information

Fonda AI has designated a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy legislation. If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Privacy Officer:Fonda AI

Organization:Fonda AI

Website:www.fondaai.com

Email:info@fondaai.com

16. Office of the Privacy Commissioner of Canada

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Website:www.priv.gc.ca

Phone:1-800-282-1376

Mailing Address:30 Victoria Street, Gatineau, Quebec K1A 1H3

17. Provincial Privacy Legislation

In addition to PIPEDA, Fonda AI acknowledges that certain provinces have enacted their own private-sector privacy legislation that may apply to our activities, including Alberta’s Personal Information Protection Act (PIPA), British Columbia’s Personal Information Protection Act (PIPA), and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Quebec’s Law 25). Where applicable, we comply with the requirements of these provincial laws in addition to PIPEDA.

18. Children’s Privacy

Our AI automation and consulting services are directed at businesses and organizations and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete it promptly. If you believe a child has provided us with personal information, please contact our Privacy Officer.

19. Third-Party Links

Our website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit, as we are not responsible for their privacy practices or content.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will post the updated policy on our website with a revised effective date. We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

21. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Canada, including PIPEDA and applicable provincial privacy legislation. Any disputes arising under this Privacy Policy shall be subject to the jurisdiction of the courts of Canada.