Plain language summary: We collect your business contact information when you request a demo. We store and process all data on Canadian servers only. We never sell your data. We never use your data to train AI models. We comply with PIPEDA (federal) and are PHIPA-ready for healthcare environments.
1. Who We Are
Nerdle Communications Inc. ("Nerdle," "we," "our," or "us") operates the Riley AI receptionist service and the nerdle.ai website. We are incorporated in Canada and operate entirely within Canada.
Contact for privacy matters: hello@nerdle.ai
2. What Information We Collect
Information you provide directly
- Business name and contact person name
- Business email address
- Phone number and WhatsApp number (if provided)
- Your response to our intake question about what you would like Riley to handle
Information collected automatically when Riley is active
- Call transcripts and recordings (with caller awareness, as required by Canadian law)
- SMS and WhatsApp message content
- Appointment and booking information
- Usage logs including call times, durations, and response times
Information we do not collect
- Payment card information (processed by Stripe — we never see your card details)
- Government identification numbers
- Information about individuals under the age of 18
3. How We Use Your Information
- To set up and deliver your Riley demo and service
- To send you communications about your account and service
- To improve the Riley service based on aggregate, anonymised usage patterns
- To comply with our legal obligations under Canadian law
We never use your data or your customers' data to train AI models. Your conversations belong to you.
4. Where Your Data Is Stored and Processed
All data is stored and processed on Canadian servers located in Toronto and Montreal, Ontario and Quebec, Canada. We use Microsoft Azure Canada East region for AI processing, which means inference also occurs on Canadian soil.
Your data never crosses the Canadian border. This is not a marketing claim — it is a technical architecture decision that is verifiable and auditable.
5. PIPEDA Compliance
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private sector privacy law. This means:
- We collect only the information we need
- We use it only for the purposes we have identified
- We keep it only as long as necessary
- We protect it with appropriate safeguards
- We give you access to it upon request
- We correct it if it is inaccurate
- You can withdraw consent at any time
6. PHIPA Readiness (Healthcare Environments)
For clients operating in Ontario healthcare environments — medical clinics, dental offices, physiotherapy practices, optometry clinics — Riley is built on infrastructure that meets the requirements of the Personal Health Information Protection Act (PHIPA).
Healthcare clients receive additional data handling protections including enhanced access controls and retention limits aligned with PHIPA requirements. Contact hello@nerdle.ai to discuss your specific healthcare compliance needs before activating Riley for a clinical environment.
7. Data Retention
- Demo request data: Retained for 12 months or until you request deletion
- Call transcripts and recordings: Retained for 90 days by default, configurable by client
- Account data: Retained for the duration of your subscription plus 30 days
- Billing records: Retained for 7 years as required by Canadian tax law
8. Who We Share Data With
We do not sell your data. We share data only with the service providers required to operate Riley:
- Twilio Inc. — telephony, SMS, and WhatsApp messaging (Canadian routing where available)
- Microsoft Azure Canada East — AI processing and storage (Canadian servers)
- Stripe Inc. — payment processing (PCI-DSS compliant, no card data touches our servers)
All service providers are bound by data processing agreements that restrict use of your data to service delivery only.
9. Your Rights
Under PIPEDA you have the right to:
- Know what personal information we hold about you
- Access your personal information
- Correct inaccurate information
- Withdraw consent and request deletion
- File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, email hello@nerdle.ai with the subject line "Privacy Request."
10. Cookies and Tracking
The nerdle.ai website uses no third-party tracking cookies. We use no advertising pixels, no Google Analytics, and no social media tracking scripts. The only data collected on the website is what you submit through the demo request form.
11. Security
We protect your information using industry-standard security measures including encryption in transit (TLS 1.3) and encryption at rest (AES-256). Access to client data is restricted to Nerdle team members who require it to deliver the service.
12. Changes to This Policy
We will notify active clients of material changes to this Privacy Policy by email at least 30 days before the changes take effect. The current version is always available at nerdle.ai/privacy.html.
13. Contact
Privacy questions or requests: hello@nerdle.ai
Nerdle Communications Inc.
Canada
Office of the Privacy Commissioner of Canada: priv.gc.ca
Note to legal reviewer: This document was drafted as a working placeholder for Nerdle Communications Inc. It requires review and approval by qualified Canadian technology and privacy counsel before the service is marketed to healthcare clients. Particular attention should be paid to sections 5, 6, and 7 given PHIPA obligations.