Privacy Policy
Last Updated: May 4, 2026
Key Points
Before reading the full policy, here are the essentials:
- Your conversations are encrypted. We encrypt your messages before they are stored. Our cloud infrastructure provider cannot read them, even under a warrant directed at them.
- We don't train AI models on your data. We don't use your conversations, files, or any other content to train, fine-tune, or develop AI models. Neither do our AI providers. We've verified and opted out where required.
- Your data stays in Canada. Your account information and encrypted conversations are stored in Canadian data centres. When you chat with an AI model, your messages are sent to that model's provider for processing. We tell you exactly where.
- We don't sell your data. We don't sell, rent, or share your personal information for advertising or marketing purposes. We have no ads, no tracking pixels, and no third-party analytics.
- You're in control. You can export your data, delete individual conversations, or delete your entire account at any time. Deleted data is permanently removed within 30 days.
- Canadian company, Canadian law. Rideau AI is a Canadian company governed by Canadian privacy law, including PIPEDA and Quebec's Law 25.
Privacy Policy
Effective Date: May 4, 2026
This Privacy Policy describes how Level47 Ventures Inc., a Canadian federal corporation operating as Rideau AI ("Rideau AI," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use the Rideau AI platform at rideau.ai and all related services (the "Service").
This Privacy Policy is part of our Terms of Service. Terms defined in the Terms of Service have the same meaning here.
1. Who We Are
Data Controller: Level47 Ventures Inc., operating as Rideau AI
Privacy Officer: Mike Brown
Email: privacy@rideau.ai
Mailing Address: 1 Rideau St., 7th Floor, Ottawa, ON, K1N 8S7, Canada
If you have any questions about this Privacy Policy, how we handle your personal information, or if you wish to exercise any of your rights, contact our Privacy Officer at the address above.
2. Information We Collect
We collect only the information necessary to provide the Service, secure your account, and comply with the law. We describe below what we collect, organized by how we obtain it.
2.1. Information You Provide
| Information | Why We Collect It | Required? |
|---|---|---|
| Email address | Authentication (magic link login), transactional communications | Yes |
| Display name | Personalization within the Service | No |
| Age attestation | Verifying you meet our minimum age requirement (18+). We store a confirmation, not your date of birth. | Yes |
| Country and province/state | Localization, applicable law determination, and compliance | Yes |
| UI language preference | Displaying the Service in your preferred language | Yes |
| Chat language preference | Directing AI responses in your preferred language | Yes |
| Account-closure timestamp (set when you close your account) | Anchoring the 6-year audit-log retention period described in Section 4.5 | Generated automatically on closure |
2.2. Information Generated by Your Use
| Information | Why We Collect It | Protected? |
|---|---|---|
| Conversation content (messages, prompts, AI responses) | Providing the Service: displaying your conversation history | Yes (ALE) |
| File uploads and extracted text | AI processing of documents you upload | Yes (ALE) |
| AI model selections | Routing your requests to the correct model | No |
| Usage events | Tracking your Usage Limits and billing | No |
| Session metadata (login times, IP address, device/browser) | Authentication, security, and showing you a list of where you are signed in (Settings → Security) | Partial (IP stored in plain text for the 7-day session lifetime so you can recognize your own sessions; visible only to you and our staff handling a security request) |
| Security events (rate limiting, CAPTCHA, auth failures) | Protecting your account and the Service | Partial (IP hash retained for analytics; encrypted raw IP retained for 72 hours for incident response, then automatically purged) |
| Consent audit records (acceptance of these Terms, marketing consent grants and revocations) | Demonstrating valid consent under PIPEDA and CASL s. 13 (burden of proof on sender) if challenged | Yes (your email address, billing and card-issuing country, browser language preference, and IP are recorded; IP and consent text are encrypted with per-record keys; retained for the life of your account plus 6 years post-closure, see Section 4.5) |
| Payment-method fingerprint (a non-reversible identifier of your payment card supplied by our payment processor; not your card number) | Enforcing the eligibility rules for our 7-day Starter money-back guarantee and preventing its abuse (Terms of Service §4.7.2) | No (the fingerprint itself is non-reversible and cannot be used to recover a card number) |
| Violation history | Enforcing our Acceptable Use Policy | No |
| Client telemetry (page load performance, errors, generalized page paths) | Monitoring Service health and performance. Page paths are generalized (unique identifiers replaced), emails are scrubbed, and only allowlisted metric and event names are accepted. | No |
2.3. Information We Do NOT Collect
We want to be explicit about what we don't do:
- Passwords. We use passwordless authentication (magic links). There is no password to store or breach.
- Full payment card numbers. Our payment processor handles all card data directly. We receive only a customer identifier and subscription status, never your card number.
- Browsing history or clickstream data. Our marketing pages log anonymous page views (page path, referrer, approximate country and city, and a daily-rotating IP hash that cannot identify you). The country and city are derived from your IP address at the time of the page view; your IP address is then hashed and the original discarded. The authenticated application collects lightweight performance telemetry (page load times, errors, and generalized page paths with unique identifiers removed) to monitor Service health. This is our own first-party system, not a third-party analytics service. We do not track clicks, scrolling, or mouse movements.
- Device fingerprints. We do not create unique identifiers based on your browser, screen size, or installed fonts.
- Precise location. We store only the country and province/state you provide during signup. We do not use GPS, Wi-Fi, or cell tower data.
- Third-party cookies or tracking pixels. We use only strictly necessary cookies. We have no advertising cookies, no analytics scripts, and no tracking pixels. See our Cookie Policy.
- Contact lists or address books. We never request access to your contacts.
3. How We Use Your Information
We use your information only for the purposes listed below. We do not use your information for advertising, profiling, or any purpose unrelated to providing and securing the Service.
| Purpose | Legal Basis | Information Used |
|---|---|---|
| Providing the Service: processing your AI requests, displaying conversations, managing your account | Contract performance | Email, conversation content, model selections, usage events |
| Billing: processing payments, managing subscriptions, sending renewal notices | Contract performance | Email, usage events, payment processor customer ID |
| Refund anti-abuse: enforcing the 7-day Starter money-back guarantee and preventing repeated free-trial abuse | Legitimate interest | Email address, payment-method fingerprint |
| Security: authenticating your identity, preventing fraud, rate limiting, protecting against unauthorized access | Legitimate interest | Email, session metadata (including session IP), security events, IP hash |
| Consent recordkeeping: demonstrating that you accepted these Terms and that you granted or revoked marketing consent if challenged | Legal obligation (PIPEDA, CASL s. 13) | Email address, billing and card-issuing country, browser language preference, encrypted IP, browser/device, the consent text shown to you, version, and timestamp |
| Content safety: detecting and preventing prohibited content as described in our Acceptable Use Policy | Legitimate interest + legal obligation | Conversation content (decrypted only during active processing) |
| Legal compliance: responding to lawful requests, mandatory CSAM reporting under the Mandatory Reporting Act (S.C. 2011, c. 4), law enforcement cooperation per PIPEDA sections 7(3)(d) and 7(3)(e) | Legal obligation | As required by the specific obligation |
| Transactional communications: sending magic links, welcome emails, renewal reminders, security alerts | Contract performance | Email address |
| Service improvement: understanding aggregate usage patterns to improve the Service (never using conversation content) | Legitimate interest | Aggregate, de-identified usage statistics only |
We do not use your conversation content for any purpose other than displaying it to you and processing your AI requests. Conversation content is encrypted at rest and decrypted only when you access it or when it is transmitted to an AI provider for processing.
4. How We Protect Your Data
We use a layered security architecture that goes significantly beyond industry standard practices. This section explains each layer in plain language.
4.1. Encryption in Transit (TLS)
All connections to Rideau AI are encrypted using TLS (Transport Layer Security). This is standard for any HTTPS website and prevents anyone from intercepting your data as it travels over the internet.
4.2. Application-Layer Transit Encryption
We add a second layer of encryption on top of TLS. Your browser and our application establish a separate encrypted channel using strong cryptographic methods before any conversation data is exchanged. This protects your data even at points where standard TLS connections are terminated and re-established within our cloud infrastructure, such as load balancers and content delivery networks. Your conversation content is never visible to these intermediary systems in readable form.
4.3. Application-Layer Encryption at Rest (ALE)
Your conversation content (every message, every AI response, every uploaded file) is encrypted by our application using AES-256-GCM before it is written to our database. The data stored in our database is ciphertext that cannot be read without our encryption keys.
Where the keys are stored: Encryption keys are stored exclusively in Canada on infrastructure controlled by Rideau AI, separate from the systems that store your encrypted data.
What this means in practice:
- Our cloud infrastructure provider (Microsoft Azure) cannot read your stored conversations. They do not hold the encryption keys and have no means to decrypt the data. A warrant or legal order directed at them cannot compel them to produce something they are technically unable to access.
- In the ordinary course of operations, we cannot casually browse your conversations. Decryption occurs only when you request your own data through the Service or when your messages are transmitted to an AI provider for processing.
- If someone were to gain unauthorized access to our database, they would obtain only encrypted data that is useless without the keys.
What this does NOT mean: Our application holds the encryption keys, not you. This means that Rideau AI has the technical ability to decrypt your data when required to operate the Service or comply with a valid Canadian legal order directed at us. Because we are a Canadian company and our encryption keys are held exclusively in Canada, foreign governments cannot compel us or our infrastructure provider to decrypt your data. They would need to obtain a Canadian court order through mutual legal assistance processes. Our commitment not to misuse this access is a policy commitment backed by our Terms of Service, not a technical impossibility. We are honest about this because we believe trust is built on accuracy, not overclaiming.
4.4. PII Shield (Optional)
When you enable PII Shield for a conversation, your messages are scanned for personal information (names, addresses, phone numbers, emails, and other identifiers) before being sent to the AI provider. Detected personal information is replaced with placeholders so the AI provider processes your request without seeing identifying details.
PII Shield is currently opt-in per conversation. It introduces additional processing time and may reduce the AI's ability to respond to context that depends on personal details. We recommend enabling it for conversations that contain sensitive personal information about yourself or others.
Important: PII Shield uses automated detection (Named Entity Recognition) and is not guaranteed to identify all personal information. Unusual formats, misspellings, or context-dependent identifiers may not be detected. You should exercise caution when sharing sensitive personal information even with PII Shield enabled.
When PII Shield is disabled (the default), your full conversation content is sent to the AI provider for processing. Your content is still encrypted at rest on our servers (ALE), and our providers are contractually prohibited from using it for training, but the provider does see the content during processing.
4.5. Active Sessions and Consent Records
Active sessions. In Settings → Security, you can see the sessions currently signed in to your account. Each row shows the device and browser (parsed from the User-Agent), the time of last activity, and the IP address that the session was last seen from. The IP is shown in plain text so you can recognize your own sessions and spot ones that aren't yours; we keep it for the 7-day session lifetime and discard it when the session expires or you revoke it.
Consent records. When you accept these Terms, accept a new version of them, or grant or revoke marketing consent, we write an append-only audit record so we can show, if challenged, that you actually agreed to what was on the page at that moment. Each record contains: the version of the document, the verbatim consent text that was on screen, the timestamp, your email address at the time of acceptance, the billing country and card-issuing country associated with your payment method (if available), your browser language preference, your User-Agent, and your IP address. The IP and consent text are encrypted with a per-record key. We retain these records for the life of your account and for six (6) years after your account is closed, in a restricted archive that is not used for any other purpose. After six years, they are permanently deleted. This retention period is the minimum needed to defend against potential litigation (Quebec contract prescription is three years under Civil Code art. 2925; CRA tax recordkeeping is six years under Income Tax Act s. 230) and CASL enforcement, which can be brought up to three years after the CRTC becomes aware of an alleged violation, even if that occurs years after the consent event. It is permitted under PIPEDA Principle 5 (clause 4.5.2 of Schedule 1), Quebec Law 25 s. 28, and GDPR Article 17(3)(e) (establishment, exercise, or defence of legal claims).
4.6. Infrastructure Security
Beyond encryption, we implement:
- Private endpoints for database and key management services. These systems are not accessible from the public internet.
- Network segmentation isolating different parts of the Service.
- Proof-of-Work CAPTCHA that does not rely on third-party tracking services.
- Self-hosted fonts and icons. No requests to external CDNs that could track you.
Backups and recovery. Encryption keys are stored on hardware we own and operate in Canada, with a backup on separate Canadian hardware that we also own and operate. We do not maintain key escrow, backdoors, or copies of these keys outside Canada or with any third party. Your encrypted account data and conversation history are stored in our cloud provider's Canadian data centres; we do not currently maintain copies of this data outside the cloud provider's infrastructure. The architectural consequences of these choices, including the scenarios in which data may be unrecoverable, are described in our Terms of Service, Sections 8.2.1 and 8.2.2. The Service is designed as a workspace, not a system of record; you should keep your own authoritative copies of any inputs and outputs that matter to you. Export functionality (JSON and Markdown) is available within the Service at any time.
5. AI Model Providers and Training
This section explains what happens to your data when you use an AI model through the Service.
5.1. How AI Processing Works
When you send a message in a conversation, your Input is transmitted to the AI model provider you have selected. The provider processes your Input and returns an Output (the AI's response), which we display to you. Your Input and the provider's Output are then encrypted and stored in your conversation history.
5.2. No Training by Rideau AI
We do not use your Content (including your messages, files, AI responses, or any other data) to train, fine-tune, or develop AI models. We do not maintain any pipeline, process, or system for doing so. We do not sell, license, or share your Content with anyone for training purposes.
5.3. No Training by Our Providers
We have verified the training practices of every AI provider we use and confirmed that none of them train on data submitted through our Service:
- Where a provider's commercial terms contractually prohibit training on customer data, we rely on that contractual commitment.
- Where a provider offers a dashboard control to opt out of training, we have disabled training and monitor these settings on a quarterly basis.
- Where a provider operates a paid API tier that excludes training by default, we use only that tier.
We review provider terms and settings whenever we add or update a provider and on a regular schedule. For the current list of providers and the specific basis for each no-training commitment, see our Sub-Processor List.
5.4. Provider Safety Retention
AI providers typically retain your Input and Output for a limited period (up to 30 days) solely for abuse monitoring and safety compliance. This retention is used to enforce the provider's usage policies. It is not used for model training. It is standard across the AI industry. Provider-specific retention periods are listed in our Data-Flow Matrix.
5.5. Private Inference
Some AI models available through the Service run on infrastructure controlled by Rideau AI in Canada. When you use a privately hosted model, your data never leaves our infrastructure and is not transmitted to any third party. These models are identified in the Service.
6. Cross-Border Data Transfers
Your account information and encrypted conversations are stored in Canada. However, when you use certain features of the Service, some data is transmitted outside Canada for processing.
6.1. When Data Leaves Canada
| When You... | Data Sent | Where It Goes | Why |
|---|---|---|---|
| Chat with a third-party AI model | Your messages (full content, or PII-stripped if Shield is enabled) | Provider infrastructure (varies by model; see Data-Flow Matrix) | AI processing (ephemeral; providers retain up to 30 days for safety monitoring only) |
| Use web search within a conversation | Search query text and your country code (AI-generated; PII-stripped if Shield is enabled) | United States | Web search results |
| Receive a magic link email | Your email address and a single-use authentication token | United States | Email delivery |
| Make a payment | Tokenized card data (handled directly by payment processor, never touches our servers) | United States | Payment processing |
6.2. When Data Stays in Canada
- Your encrypted conversation history
- Your account information (email, name, preferences)
- Your usage history
- Uploaded files (encrypted)
- File text extraction (processed via private endpoint in Canada)
6.3. Safeguards for Cross-Border Transfers
When your data is processed outside Canada, we ensure it is protected by:
- Contractual protections: Data Processing Agreements (DPAs) or equivalent contractual terms with our processors that restrict how your data may be used, require appropriate security measures, and prohibit use for training. See our Sub-Processor List for the current DPA status of each processor.
- Data minimization: We send only the minimum data necessary. For example, web search queries contain only the search text and your country code. No user identifiers, no conversation history.
- PII Shield: When enabled, detected personal information is stripped from your messages before they leave Canada (see Section 4.4 for details and limitations).
- Application-Layer Encryption: Your data remains encrypted at rest on our servers. Providers see your content only during active processing of your request and do not store it beyond their safety retention windows (up to 30 days).
We acknowledge that data processed in other jurisdictions may be subject to the laws of those jurisdictions, including lawful access requests by foreign governments. Our encryption architecture is designed to minimize the useful data available in such scenarios.
For a complete list of processors and the data each one receives, see our Sub-Processor List.
7. Data Retention
We retain your data only as long as necessary. Below are our specific retention periods.
7.1. Data You Control
| Data | Retained Until | How to Delete |
|---|---|---|
| Conversations and messages | You delete them | Through the Service |
| File uploads | The conversation or project containing them is deleted | Through the Service |
| Your account | You close it. Operational account data is purged within 30 days. A minimal identity record (email, identifiers, closure timestamp) and consent audit records are archived for 6 years and then permanently deleted (see Section 4.5 and Terms of Service Section 8.5). | Through the Service |
When you delete a conversation, it is immediately hidden from your account. Permanent deletion (including all messages and files in that conversation) occurs within 30 days via an automated process.
When you close your account, your conversations, files, sessions, and other operational account data are permanently deleted within 30 days, subject to the retention periods below. A minimal identity record (your email address, account identifiers, and the date your account was closed), together with the consent audit records described in Section 4.5, is moved to a restricted archive and retained for six (6) years after closure to support the legal-evidence purposes described in Section 4.5. After six years, the archived record is permanently deleted. The archive is not used for any operational purpose and is not accessible to operational staff. See our Terms of Service, Section 8.5.
7.2. Data We Retain for Defined Periods
| Data | Retention Period | Why |
|---|---|---|
| Usage events | 12 months | Billing records, chargeback disputes, subscription history |
| Security events (rate limiting, CAPTCHA, auth failures) | 90 days for the event row; encrypted raw IP purged after 72 hours, IP hash retained for the 90-day window | Security monitoring and fraud prevention |
| Violation history | 365 days | Enforcing our Acceptable Use Policy; preventing repeat violations |
| Session data (including session IP shown to you in Settings → Security) | 7 days (sliding window) | Authentication; surfacing active sessions to you |
| Consent audit records (Terms acceptance; marketing grant or revoke events) | Life of account, plus 6 years after account closure in a restricted archive, then permanently deleted | Legal obligation (CASL s. 13/s. 23; Quebec CCQ art. 2925; ITA s. 230); GDPR Art. 17(3)(e) carve-out for legal-claim defence |
| Payment-method fingerprints (for refund anti-abuse) | Retained while the associated refund-eligibility rule is in force; deleted when no longer needed for that purpose | Enforcing the 7-day Starter money-back guarantee (Terms of Service §4.7.2) |
| Trusted device cookies | 30 days | Reducing friction for two-factor authentication |
| Magic link tokens | 15 minutes (single-use) | Authentication |
| Client telemetry | 90 days raw; 12 months aggregated | Service health monitoring |
| Marketing page views | 90 days raw; 12 months aggregated | Anonymous usage analytics |
| IP address hashes (marketing pages) | 24 hours (daily salt rotation) | Security analytics; hash is irreversible |
7.3. Data Retained by Third Parties
| Processor | Data | Retention |
|---|---|---|
| AI model providers | Your Input and Output | Up to 30 days (safety monitoring only; see Data-Flow Matrix) |
| Payment processor | Tokenized payment data, transaction records | Per PCI DSS requirements |
| Email delivery service | Email addresses, delivery metadata | 45 days |
7.4. Data Retained for Legal Obligations
We may retain specific data beyond the periods above when required by law. For example, financial records required for tax compliance, or evidence preserved under the Mandatory Reporting Act (S.C. 2011, c. 4). In these cases, the data is retained only for the duration required by the specific legal obligation and is segregated from normal operations.
8. Your Rights
You have rights over your personal information under Canadian federal and provincial privacy law. Depending on where you live, you may have additional rights under other laws (see Schedules A, B, and C).
8.1. Rights Available to All Users
| Right | What It Means | How to Exercise It |
|---|---|---|
| Access | Request a copy of the personal information we hold about you | Through the Service (data export) |
| Correction | Update or correct inaccurate personal information | Through the Service (account settings) |
| Deletion | Delete your conversations, your files, or your entire account | Through the Service |
| Data portability | Export your data in a machine-readable format | Through the Service (data export) |
| Withdrawal of consent | Withdraw your consent to our processing of your personal information at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. | Close your account through the Service |
| Automated decisions | Know when an automated decision has been made about you, what information was used, and how it was made, and request human review | See Section 9 (Automated Decision-Making) |
For any right that cannot be exercised through the Service, or if you need assistance, contact our Privacy Officer at privacy@rideau.ai.
8.2. How to Make a Request
Contact our Privacy Officer at privacy@rideau.ai. We will acknowledge your request within 10 business days and respond within 30 days. If we need more time (up to 60 additional days for complex requests), we will tell you why and when to expect a response.
We will verify your identity before fulfilling any request. We will never charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.
8.3. Complaints
If you are not satisfied with our response, you may file a complaint with the applicable privacy authority:
- Canada (federal): Office of the Privacy Commissioner of Canada (OPC), priv.gc.ca
- Quebec: Commission d'accès à l'information du Québec (CAI), cai.gouv.qc.ca
- European Union / EEA: Your local supervisory authority. Find yours via the EDPB directory.
- United Kingdom: Information Commissioner's Office (ICO), ico.org.uk
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch
- California: Office of the Attorney General, oag.ca.gov/privacy
9. Automated Decision-Making
The Service uses automated systems to make certain decisions that may affect you. Under Quebec's Act respecting the protection of personal information in the private sector (Law 25) and similar laws, you have the right to be informed about these decisions.
9.1. Automated Decisions We Make
| Decision | What Happens | How It Works |
|---|---|---|
| Content moderation | Messages may be blocked, flagged, or redirected if they violate our Acceptable Use Policy | Multi-layer safety pipeline including keyword detection, classifiers, and AI-based safety scanning |
| Provider safety filters | AI responses may be refused or modified by the AI provider's own built-in safety systems | Each AI provider applies its own content filtering independently of ours. These are controlled by the provider. We cannot override or review these decisions. |
| Rate limiting | Login and usage requests may be temporarily throttled | Escalating limits based on request patterns, with Proof-of-Work challenges |
| Usage management | Access to certain AI models may be restricted when your Usage Limits are reached | Automatic checks against your current usage allowance |
| Violation escalation | Repeated safety violations may result in warnings, suspension, or termination | Automated tracking of violation history with escalating consequences |
9.2. Your Rights Regarding Automated Decisions
You have the right to:
- Be informed that an automated decision was made about you (this section and our Automated Decision Disclosure serve this purpose);
- Know what personal information was used in the decision;
- Request that a person at Rideau AI review the decision; and
- Correct any personal information that was used in the decision.
To request human review of an automated decision, contact privacy@rideau.ai. We will review your request and respond within 30 days.
10. Data Breach Notification
If we become aware of a security breach that creates a real risk of significant harm to you, we will:
- Notify the applicable privacy authority within 72 hours of becoming aware of the breach, as required by Quebec Law 25 and consistent with PIPEDA breach reporting obligations.
- Notify you directly as soon as feasible, by email or through the Service, describing: what happened, what personal information was affected, what we have done in response, and what steps you can take to protect yourself.
- Maintain a breach register as required by law.
Our application-layer encryption significantly limits the impact of a database breach. An attacker who gains access to our database would obtain only encrypted data. A breach of our encryption keys would be treated as the most severe category of incident.
11. Children's Privacy
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18.
During account creation, you must attest that you are at least 18 years of age. We store only a confirmation of this attestation, not your date of birth.
If we become aware that someone under 18 has created an account, we will close the account and delete the associated data.
12. Cookies
We use only strictly necessary cookies: those required for authentication, security, and basic Service functionality. We do not use advertising cookies, analytics cookies, or tracking pixels of any kind.
For details, see our Cookie Policy.
13. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing them with any personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time.
- Material changes (such as new categories of data collection, new purposes for processing, or changes to your rights): The Service will require you to review and acknowledge the updated policy before continued use.
- Non-material changes (such as clarifications, formatting, or updated contact details): We will update the "Effective Date" at the top of this page.
Previous versions of this policy are available upon request.
15. Contact
Privacy Officer: Mike Brown
Email: privacy@rideau.ai
Mailing Address: 1 Rideau St., 7th Floor, Ottawa, ON, K1N 8S7, Canada
General support: support@rideau.ai
Legal inquiries: legal@rideau.ai
Schedule A: Quebec (Law 25)
This schedule applies to you if you are a resident of Quebec. These provisions supplement the main policy and, where they conflict, take precedence for Quebec residents.
A.1. Applicable Law
Your personal information is protected by the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1), as amended by Law 25 (Act to modernize legislative provisions as regards the protection of personal information, 2021, c. 25).
A.2. Privacy Impact Assessment
We have conducted a Privacy Impact Assessment ("PIA") in accordance with Law 25 before collecting personal information through the Service. The PIA evaluates the risks associated with our processing activities, including cross-border data transfers, and identifies the safeguards we have implemented.
A.3. Cross-Border Transfers
When your personal information is transferred outside Quebec for processing (as described in Section 6), we have conducted an assessment to determine that the receiving jurisdiction provides adequate protection for personal information, or that sufficient contractual safeguards are in place. The results of this assessment are documented in our PIA.
A.4. Automated Decision-Making
As described in Section 9, we use automated systems to make certain decisions. Under Law 25 (Section 12.1), you have the right to:
- Be informed at the time of the decision or beforehand that the decision will be made exclusively by automated processing;
- Be informed of the personal information used to make the decision, as well as the reasons, principal factors, and parameters that led to the decision; and
- Have the decision reviewed by a person.
A.5. De-Indexation
You have the right to request that we cease disseminating your personal information or that any hyperlink to your information be de-indexed, if the dissemination contravenes the law or a court order, or if the conditions for the processing of the information are no longer met (Law 25, Section 28.1).
A.6. Right to Data Portability
You have the right to receive, in a structured, commonly used technological format, the personal information you have provided to us, as well as any personal information generated in the course of providing the Service (Law 25, Section 27). You may exercise this right through the Service's data export feature.
Schedule B: European Economic Area, United Kingdom, and Switzerland (GDPR)
This schedule applies to you if you are a resident of the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland. These provisions supplement the main policy and, where they conflict, take precedence for residents of these jurisdictions.
B.1. Data Controller
The data controller for the purposes of the General Data Protection Regulation (EU 2016/679) ("GDPR") and the UK GDPR is:
Level47 Ventures Inc., operating as Rideau AI 1 Rideau St., 7th Floor, Ottawa, ON, K1N 8S7, Canada Email: privacy@rideau.ai
B.2. Legal Bases for Processing
| Purpose | Legal Basis (GDPR Article 6(1)) |
|---|---|
| Providing the Service, billing, transactional communications | (b) Contract performance: necessary for the performance of our contract with you |
| Security, fraud prevention, content safety | (f) Legitimate interest: protecting the Service and our users |
| Service improvement (aggregate, de-identified data only) | (f) Legitimate interest: improving the Service |
| Mandatory reporting (CSAM), law enforcement cooperation | (c) Legal obligation: compliance with Canadian law |
| Marketing communications | (a) Consent: only with your explicit opt-in |
B.3. Data Transfers Outside the EEA/UK
Canada has been recognized by the European Commission as providing an adequate level of data protection (Commission Decision 2002/2/EC). Your data is stored in Canada.
When data is transferred from our Canadian servers to AI providers or other processors outside Canada (including in the United States), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
- Data Processing Agreements or equivalent contractual terms with our processors that include obligations consistent with the GDPR. See our Sub-Processor List for the current DPA status of each processor.
B.4. Your Rights Under GDPR
In addition to the rights described in Section 8, you have the following rights under GDPR:
| Right | GDPR Article |
|---|---|
| Right of access | Article 15 |
| Right to rectification | Article 16 |
| Right to erasure ("right to be forgotten") | Article 17 |
| Right to restriction of processing | Article 18 |
| Right to data portability | Article 20 |
| Right to object to processing based on legitimate interest | Article 21 |
| Right not to be subject to solely automated decision-making | Article 22 |
| Right to withdraw consent at any time | Article 7(3) |
You may exercise these rights as described in Section 8. We will respond to requests within 30 days (extendable by up to 60 days for complex requests, with notice to you).
B.5. Data Protection Officer
Our Privacy Officer also serves as our point of contact for GDPR purposes. You may reach the Privacy Officer at privacy@rideau.ai.
B.6. EU and UK Representatives (Article 27)
As a Canadian company offering services to data subjects in the EEA and the UK, we are required under Article 27 of the GDPR and the equivalent provision of the UK GDPR to appoint representatives in each jurisdiction. We are in the process of appointing EU and UK representatives and will update this section with their contact details. In the interim, you may direct all inquiries to our Privacy Officer at privacy@rideau.ai.
Schedule C: California (CCPA/CPRA)
This schedule applies to you if you are a California resident. These provisions supplement the main policy and, where they conflict, take precedence for California residents. Terms used in this schedule have the meanings defined in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA").
C.1. Categories of Personal Information We Collect
| CCPA Category | Examples from Rideau AI | Business Purpose |
|---|---|---|
| A. Identifiers | Email address, display name, IP hash | Authentication, personalization, security |
| B. Personal information (CCPA § 1798.140, incorporating Cal. Civ. Code § 1798.80(e)) | Name, email address | Account management |
| D. Commercial information | Subscription status, usage events | Billing, service delivery |
| F. Internet or electronic network activity | Session metadata, security events | Security, fraud prevention |
| G. Geolocation data | Country and province/state (user-provided, not precise) | Localization, compliance |
We do not collect categories C (protected classifications), E (biometric information), H (sensory data), I (professional/employment information), J (education information), or K (inferences drawn to create a profile).
C.2. We Do Not Sell or Share Your Personal Information
We do not "sell" your personal information as defined by the CCPA. We do not "share" your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.
C.3. We Do Not Use Sensitive Personal Information for Prohibited Purposes
To the extent any personal information we collect constitutes "sensitive personal information" under the CCPA (such as the contents of your communications), we use it only for purposes permitted under Section 1798.121(a) of the CCPA: specifically, to provide the Service you requested.
C.4. Your California Privacy Rights
| Right | Description |
|---|---|
| Right to know | Request the categories and specific pieces of personal information we have collected about you |
| Right to delete | Request deletion of your personal information |
| Right to correct | Request correction of inaccurate personal information |
| Right to opt-out of sale/sharing | Not applicable. We do not sell or share your information. |
| Right to limit use of sensitive personal information | Not applicable. We do not use sensitive personal information for secondary purposes. |
| Right to non-discrimination | We will not discriminate against you for exercising your rights |
To exercise your rights, contact privacy@rideau.ai. We will verify your identity and respond within 45 days (extendable by up to 45 additional days with notice).
C.5. Authorized Agents
You may designate an authorized agent to make a request on your behalf. We may require written proof of the agent's authorization and may verify your identity directly.
C.6. Retention
We retain each category of personal information for the periods described in Section 7. We do not retain personal information longer than is reasonably necessary for the disclosed purposes.