This Privacy Policy explains how Simbion collects, uses, discloses, and safeguards personal information in connection with AvyraCall, an AI-powered receptionist and business assistant service that answers, routes, and responds to calls and messages on behalf of our business customers, wherever in the world they and their callers are located.
This policy applies to two groups of people, whose personal information we handle differently:
Where the distinction matters, this policy says so explicitly. If you are a Caller and want to know how a specific business uses your information beyond what AvyraCall does on their behalf, please contact that business directly — see Section 14 for more on this division of responsibility.
| Term | Meaning |
|---|---|
| Personal Information / Personal Data | Information about an identifiable individual. Used interchangeably in this Policy to reflect terminology used under Canadian law (PIPEDA, PIPA) and comparable foreign law (e.g., "personal data" under the GDPR). |
| Service | The AvyraCall AI receptionist and business assistant platform, including any related mobile, web, or telephony components. |
| Business Customer | The organization or individual that subscribes to AvyraCall and configures it to answer calls/messages on its behalf. |
| Caller / End User | A third party who contacts a Business Customer through a channel handled by AvyraCall. |
| Sub-processor | A third-party service provider Simbion engages to help deliver the Service (e.g., cloud hosting, telephony carriage, AI model inference). |
We do not retain call audio recordings or full call transcripts as a standing feature of the Service. Audio is processed transiently to generate the AI response and is not stored once the interaction is complete, except as described in Section 11 (e.g., a short-form summary or message that the Business Customer has configured AvyraCall to deliver to them, or transient logs kept briefly for quality and abuse-prevention purposes).
We use personal information to:
We do not use Caller information collected on a Business Customer's behalf for our own independent marketing purposes, and we do not use it to build advertising profiles. We do not sell or "share" personal information for cross-context behavioural advertising, as those terms are used under California and other regional privacy laws (see Section 13).
AvyraCall uses artificial intelligence, including third-party large language model and speech-processing providers (see Section 9), to interpret calls and messages and generate automated responses, call routing decisions, and summaries. This involves automated decision-making that determines, for example, how a call is routed, what response is given, or whether a message or appointment request is created.
We aim to design the Service so that:
Canada permits recording of a call with the knowledge or consent of at least one party to it, but privacy law (PIPEDA and PIPA) separately requires that individuals be given notice and, in most circumstances, an opportunity to consent before their personal information — including their voice and the content of a call — is collected. Because AvyraCall interacts with Callers as an AI system rather than a human receptionist, transparency at the start of every call is central to how we and our Business Customers meet that requirement, and to meeting comparable notice/consent expectations in other regions (Section 13).
Business Customers are responsible for ensuring their own use of the Service, and any additional recording, monitoring, or scripting they configure, complies with applicable law in the jurisdictions where their Callers are located — including two-party/all-party consent recording rules in some U.S. states, and any sector-specific requirements. See Section 14.
We collect, use, and disclose personal information only with the knowledge and consent of the individual, or as otherwise permitted or required by law. Consent may be express (e.g., when a Business Customer agrees to our Terms of Service and this Policy) or implied by conduct (e.g., a Caller proceeding with a disclosed AI-handled call). We follow the meaningful-consent principles published by the Office of the Privacy Commissioner of Canada. Where the GDPR or UK GDPR applies (Section 13), we rely on the lawful bases of contract performance, legitimate interests, and consent, as applicable to the specific processing activity.
We do not sell personal information. We share personal information only as follows:
We use third-party service providers to deliver core parts of the Service, including cloud hosting/infrastructure, telephony and messaging carriage, AI model inference, and payment processing. Because we serve Business Customers and Callers across multiple regions, personal information may be processed or stored outside the country in which a Business Customer or Caller is located, including in Canada, the United States, or elsewhere, and may be accessible to courts, law enforcement, and national security authorities of those jurisdictions under their local laws.
Where we transfer personal information across borders, we use appropriate safeguards for the origin of the data, which may include: standard contractual clauses or an equivalent recognized transfer mechanism for transfers out of the EEA/UK; contractual protection comparable to Canadian privacy law standards for transfers out of Canada; and other mechanisms as required by local law. A current list of categories of sub-processor (e.g., cloud hosting, telephony carrier, AI inference provider, payment processor) is available on request — see Section 20.
We use administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification, including encryption in transit, access controls, and logging. No system is completely secure, and we cannot guarantee absolute security. If you have reason to believe your interaction with the Service is no longer secure, please contact us immediately using the details in Section 20.
We retain personal information for as long as the Service remains active on the relevant Business Customer's account — that is, for as long as AvyraCall is in service to that Business Customer — and for a limited additional period after account closure or termination as needed to meet legal, accounting, tax, security, or dispute-resolution obligations. After that additional period, we delete or anonymize the information.
| Category | Retention |
|---|---|
| Business Customer account, configuration, and billing records | For as long as the account is active and the Service is being provided; retained after closure only as needed for legal, accounting, tax, or dispute-resolution purposes, then deleted or anonymized |
| Call/message metadata and summaries delivered to a Business Customer | For as long as the account is active, per the Business Customer's configuration and export choices; deleted or anonymized within a reasonable period after account closure |
| Raw call audio (transient processing) | Not retained beyond the live interaction, except brief operational buffering for quality and abuse-prevention purposes |
| System, security, and diagnostic logs | Rolling retention tied to operational and security needs, then deleted or anonymized |
Subject to limited exceptions under applicable law, you have the right to:
To exercise these rights, contact our Privacy Officer using the details in Section 20. We will respond within 30 days as a matter of policy; if a request is complex and we need more time, we will notify you of the extension and the reason for it. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada, the Office of the Information and Privacy Commissioner for British Columbia, or the equivalent authority in your own jurisdiction (Section 13).
If you are a Caller rather than a Business Customer, some of your information is held by us as a service provider to the Business Customer rather than as the party primarily responsible for it. We will still help route your request appropriately — see Section 14.
Simbion is a Canadian company and PIPEDA/BC's PIPA are our baseline privacy framework. Because AvyraCall is used by Business Customers and Callers in multiple regions, the following additional, region-specific rights apply on top of that baseline where the relevant law applies to you. This section is a general-practice summary, not a jurisdiction-by-jurisdiction legal opinion.
If you are located in the EEA or UK, you have additional rights including data portability and the right to lodge a complaint with your local supervisory authority. We process personal data on the lawful bases described in Section 7. Where required under Art. 27 GDPR or UK GDPR, we will appoint an EU/UK representative and publish their contact details in this section.
If you are a California resident, you have rights under the CCPA/CPRA to know, delete, and correct your personal information, and to opt out of "sale" or "sharing" — we do not sell or share personal information as those terms are defined under California law. Residents of other U.S. states with comprehensive privacy laws (e.g., Virginia, Colorado, Connecticut, Utah, and others) have comparable rights, which we honour on request.
If mandatory local law in your jurisdiction grants you rights beyond those described in this Policy, those rights apply and are not limited by this Policy. Contact us using Section 20 and we will address your request under the law that applies to you.
When AvyraCall handles calls or messages on your behalf, you (the Business Customer) are the party primarily responsible for your relationship with your own Callers, and Simbion acts as your service provider in processing their personal information to deliver the Service to you. You are responsible for:
AvyraCall is intended for business use and is not directed at, or knowingly used to collect personal information from, children. We do not knowingly collect personal information directly from individuals under the age of majority in their jurisdiction for the purpose of creating a Business Customer account. If we become aware that we have inadvertently collected personal information from a child in a manner not permitted by law, we will take reasonable steps to delete it. A parent or guardian who believes their child has provided us with personal information may contact us using the details in Section 20.
If we send you commercial electronic messages (such as product updates or promotional emails), we do so in compliance with Canada's Anti-Spam Legislation (CASL) and comparable marketing/e-communications law in other regions (e.g., CAN-SPAM in the U.S., PECR in the UK), including obtaining the necessary consent, identifying ourselves, and providing a functional unsubscribe mechanism in every message. You may withdraw consent to marketing communications at any time by using the unsubscribe link or contacting us directly; this will not affect service-related communications necessary to operate your account.
If we become aware of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm, we will notify the affected individuals and the Office of the Privacy Commissioner of Canada as required under PIPEDA, notify the relevant supervisory authority and affected individuals where the GDPR or other applicable regional law requires it, and will notify affected Business Customers without undue delay so they can meet any notification obligations they may have to their own Callers. We will also maintain records of security breaches as required by law.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. We will post the updated policy with a revised effective date and, for material changes that affect how we handle previously collected personal information, we will provide additional notice (such as an email or in-app notice) before the change takes effect. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy, to the extent permitted by law.
This Privacy Policy is governed by the laws of British Columbia and the federal laws of Canada applicable therein, without regard to conflict-of-law principles. Nothing in this Policy limits any rights you have under mandatory law that cannot be waived, including PIPEDA, BC's Personal Information Protection Act, the GDPR/UK GDPR, U.S. state privacy law, or other privacy law that applies to you based on your location.
Simbion Technology Inc. has designated a Privacy Officer accountable for compliance with this Policy and applicable privacy law. For privacy-related inquiries, access/correction/deletion requests, or to report a suspected privacy or security incident, contact our Privacy Officer:
Privacy Officer
Simbion Technology Inc.
32623 Hollywood Ave, Abbotsford, BC V2T 1R9, Canada
Email: support@simbiontechnology.com
General support: support@avyracall.com