Privacy Policy

Effective date: July 12, 2026
Applies to: the AvyraCall AI receptionist and business assistant service ("AvyraCall" or the "Service"), provided by Simbion Technology Inc. ("Simbion," "we," "us," or "our"), a company incorporated under the laws of British Columbia, Canada, with a registered/records office at 32623 Hollywood Ave, Abbotsford, BC V2T 1R9, Canada.

Contents
  1. Who this policy covers
  2. Definitions
  3. Information we collect
  4. How we use information
  5. AI and automated processing
  6. Call handling, disclosure, and recording
  7. Legal basis and consent
  8. How we share information
  9. Cross-border data transfers and sub-processors
  10. Data storage and security
  11. Data retention
  12. Your privacy rights
  13. International users and regional rights
  14. Business customer responsibilities
  15. Children's privacy
  16. Marketing communications
  17. Breach notification
  18. Changes to this policy
  19. Governing law
  20. How to contact us

1. Who This Policy Covers

This Privacy Policy explains how Simbion collects, uses, discloses, and safeguards personal information in connection with AvyraCall, an AI-powered receptionist and business assistant service that answers, routes, and responds to calls and messages on behalf of our business customers, wherever in the world they and their callers are located.

This policy applies to two groups of people, whose personal information we handle differently:

Where the distinction matters, this policy says so explicitly. If you are a Caller and want to know how a specific business uses your information beyond what AvyraCall does on their behalf, please contact that business directly — see Section 14 for more on this division of responsibility.

2. Definitions

TermMeaning
Personal Information / Personal DataInformation about an identifiable individual. Used interchangeably in this Policy to reflect terminology used under Canadian law (PIPEDA, PIPA) and comparable foreign law (e.g., "personal data" under the GDPR).
ServiceThe AvyraCall AI receptionist and business assistant platform, including any related mobile, web, or telephony components.
Business CustomerThe organization or individual that subscribes to AvyraCall and configures it to answer calls/messages on its behalf.
Caller / End UserA third party who contacts a Business Customer through a channel handled by AvyraCall.
Sub-processorA third-party service provider Simbion engages to help deliver the Service (e.g., cloud hosting, telephony carriage, AI model inference).

3. Information We Collect

3.1 Information about Business Customers

3.2 Information about Callers / End Users, collected on your behalf

We do not retain call audio recordings or full call transcripts as a standing feature of the Service. Audio is processed transiently to generate the AI response and is not stored once the interaction is complete, except as described in Section 11 (e.g., a short-form summary or message that the Business Customer has configured AvyraCall to deliver to them, or transient logs kept briefly for quality and abuse-prevention purposes).

3.3 Technical and usage data

4. How We Use Information

We use personal information to:

We do not use Caller information collected on a Business Customer's behalf for our own independent marketing purposes, and we do not use it to build advertising profiles. We do not sell or "share" personal information for cross-context behavioural advertising, as those terms are used under California and other regional privacy laws (see Section 13).

5. AI and Automated Processing

AvyraCall uses artificial intelligence, including third-party large language model and speech-processing providers (see Section 9), to interpret calls and messages and generate automated responses, call routing decisions, and summaries. This involves automated decision-making that determines, for example, how a call is routed, what response is given, or whether a message or appointment request is created.

We aim to design the Service so that:

6. Call Handling, Disclosure, and Recording

Canada permits recording of a call with the knowledge or consent of at least one party to it, but privacy law (PIPEDA and PIPA) separately requires that individuals be given notice and, in most circumstances, an opportunity to consent before their personal information — including their voice and the content of a call — is collected. Because AvyraCall interacts with Callers as an AI system rather than a human receptionist, transparency at the start of every call is central to how we and our Business Customers meet that requirement, and to meeting comparable notice/consent expectations in other regions (Section 13).

Business Customers are responsible for ensuring their own use of the Service, and any additional recording, monitoring, or scripting they configure, complies with applicable law in the jurisdictions where their Callers are located — including two-party/all-party consent recording rules in some U.S. states, and any sector-specific requirements. See Section 14.

7. Legal Basis and Consent

We collect, use, and disclose personal information only with the knowledge and consent of the individual, or as otherwise permitted or required by law. Consent may be express (e.g., when a Business Customer agrees to our Terms of Service and this Policy) or implied by conduct (e.g., a Caller proceeding with a disclosed AI-handled call). We follow the meaningful-consent principles published by the Office of the Privacy Commissioner of Canada. Where the GDPR or UK GDPR applies (Section 13), we rely on the lawful bases of contract performance, legitimate interests, and consent, as applicable to the specific processing activity.

8. How We Share Information

We do not sell personal information. We share personal information only as follows:

9. Cross-Border Data Transfers and Sub-Processors

We use third-party service providers to deliver core parts of the Service, including cloud hosting/infrastructure, telephony and messaging carriage, AI model inference, and payment processing. Because we serve Business Customers and Callers across multiple regions, personal information may be processed or stored outside the country in which a Business Customer or Caller is located, including in Canada, the United States, or elsewhere, and may be accessible to courts, law enforcement, and national security authorities of those jurisdictions under their local laws.

Where we transfer personal information across borders, we use appropriate safeguards for the origin of the data, which may include: standard contractual clauses or an equivalent recognized transfer mechanism for transfers out of the EEA/UK; contractual protection comparable to Canadian privacy law standards for transfers out of Canada; and other mechanisms as required by local law. A current list of categories of sub-processor (e.g., cloud hosting, telephony carrier, AI inference provider, payment processor) is available on request — see Section 20.

10. Data Storage and Security

We use administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification, including encryption in transit, access controls, and logging. No system is completely secure, and we cannot guarantee absolute security. If you have reason to believe your interaction with the Service is no longer secure, please contact us immediately using the details in Section 20.

11. Data Retention

We retain personal information for as long as the Service remains active on the relevant Business Customer's account — that is, for as long as AvyraCall is in service to that Business Customer — and for a limited additional period after account closure or termination as needed to meet legal, accounting, tax, security, or dispute-resolution obligations. After that additional period, we delete or anonymize the information.

CategoryRetention
Business Customer account, configuration, and billing recordsFor as long as the account is active and the Service is being provided; retained after closure only as needed for legal, accounting, tax, or dispute-resolution purposes, then deleted or anonymized
Call/message metadata and summaries delivered to a Business CustomerFor as long as the account is active, per the Business Customer's configuration and export choices; deleted or anonymized within a reasonable period after account closure
Raw call audio (transient processing)Not retained beyond the live interaction, except brief operational buffering for quality and abuse-prevention purposes
System, security, and diagnostic logsRolling retention tied to operational and security needs, then deleted or anonymized

12. Your Privacy Rights

Subject to limited exceptions under applicable law, you have the right to:

To exercise these rights, contact our Privacy Officer using the details in Section 20. We will respond within 30 days as a matter of policy; if a request is complex and we need more time, we will notify you of the extension and the reason for it. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner for British Columbia, or the equivalent authority in your own jurisdiction (Section 13).

If you are a Caller rather than a Business Customer, some of your information is held by us as a service provider to the Business Customer rather than as the party primarily responsible for it. We will still help route your request appropriately — see Section 14.

13. International Users and Regional Rights

Simbion is a Canadian company and PIPEDA/BC's PIPA are our baseline privacy framework. Because AvyraCall is used by Business Customers and Callers in multiple regions, the following additional, region-specific rights apply on top of that baseline where the relevant law applies to you. This section is a general-practice summary, not a jurisdiction-by-jurisdiction legal opinion.

13.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you have additional rights including data portability and the right to lodge a complaint with your local supervisory authority. We process personal data on the lawful bases described in Section 7. Where required under Art. 27 GDPR or UK GDPR, we will appoint an EU/UK representative and publish their contact details in this section.

13.2 California and other U.S. states

If you are a California resident, you have rights under the CCPA/CPRA to know, delete, and correct your personal information, and to opt out of "sale" or "sharing" — we do not sell or share personal information as those terms are defined under California law. Residents of other U.S. states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah, and others) have comparable rights, which we honour on request.

13.3 Other jurisdictions

If mandatory local law in your jurisdiction grants you rights beyond those described in this Policy, those rights apply and are not limited by this Policy. Contact us using Section 20 and we will address your request under the law that applies to you.

14. Business Customer Responsibilities

When AvyraCall handles calls or messages on your behalf, you (the Business Customer) are the party primarily responsible for your relationship with your own Callers, and Simbion acts as your service provider in processing their personal information to deliver the Service to you. You are responsible for:

15. Children's Privacy

AvyraCall is intended for business use and is not directed at, or knowingly used to collect personal information from, children. We do not knowingly collect personal information directly from individuals under the age of majority in their jurisdiction for the purpose of creating a Business Customer account. If we become aware that we have inadvertently collected personal information from a child in a manner not permitted by law, we will take reasonable steps to delete it. A parent or guardian who believes their child has provided us with personal information may contact us using the details in Section 20.

16. Marketing Communications

If we send you commercial electronic messages (such as product updates or promotional emails), we do so in compliance with Canada's Anti-Spam Legislation (CASL) and comparable marketing/e-communications law in other regions (e.g., CAN-SPAM in the U.S., PECR in the UK), including obtaining the necessary consent, identifying ourselves, and providing a functional unsubscribe mechanism in every message. You may withdraw consent to marketing communications at any time by using the unsubscribe link or contacting us directly; this will not affect service-related communications necessary to operate your account.

17. Breach Notification

If we become aware of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm, we will notify the affected individuals and the Office of the Privacy Commissioner of Canada as required under PIPEDA, notify the relevant supervisory authority and affected individuals where the GDPR or other applicable regional law requires it, and will notify affected Business Customers without undue delay so they can meet any notification obligations they may have to their own Callers. We will also maintain records of security breaches as required by law.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. We will post the updated policy with a revised effective date and, for material changes that affect how we handle previously collected personal information, we will provide additional notice (such as an email or in-app notice) before the change takes effect. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy, to the extent permitted by law.

19. Governing Law

This Privacy Policy is governed by the laws of British Columbia and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. Nothing in this Policy limits any rights you have under mandatory law that cannot be waived, including PIPEDA, BC's Personal Information Protection Act, the GDPR/UK GDPR, U.S. state privacy law, or other privacy law that applies to you based on your location.

20. How to Contact Us

Simbion Technology Inc. has designated a Privacy Officer accountable for compliance with this Policy and applicable privacy law. For privacy-related inquiries, access/correction/deletion requests, or to report a suspected privacy or security incident, contact our Privacy Officer:

Privacy Officer
Simbion Technology Inc.
32623 Hollywood Ave, Abbotsford, BC V2T 1R9, Canada
Email: support@simbiontechnology.com
General support: support@avyracall.com