Privacy
Policy

Desmios Inc. ("Desmios", "we", "us", or "our") is an AI technology company based in Brampton, Ontario, Canada. We provide AI-powered phone answering services to businesses of all types — including restaurants, pharmacies, salons, clinics, and retail — across the Greater Toronto Area and beyond.

This Privacy Policy explains how we collect, use, store, and protect personal information in connection with our services. It applies to anyone who calls a business using our AI phone answering service, as well as to the business owners and staff who use our platform.

We are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and all applicable Canadian privacy and anti-spam laws.

Privacy questions? Contact us at: wecreate@desmios.ca

When someone calls a business powered by our AI phone answering service, we may collect:

• Your phone number (from caller ID)

• Your name, if you provide it during the call

• Your order or booking details (items, quantities, appointment time, pickup or delivery preference)

• Your delivery address, if you provide one

• A text transcript of what was said during the call (not the audio — see Section 04)

When a business owner signs up for our service, we collect business contact information including name, email address, business name, and phone number.

We only collect what is strictly necessary to provide our services. We do not collect sensitive personal information such as payment card numbers, health information, or government ID.

We collect personal information for the following purposes, which we identify at or before the time of collection:

• To process and confirm orders or bookings placed over the phone

• To send a one-time SMS confirmation to the phone number you provide (see Section 05 for CASL details)

• To display order, booking, and call information on the business owner's dashboard

• To recognize returning callers and speed up their experience (e.g., recalling a saved address or preferences)

• To provide customer support and respond to inquiries

We do not use your information for advertising, profiling, or any purpose beyond what is listed above.

CONSENT: By calling a business that uses our AI phone answering service, you are providing implied consent for us to collect and use your information as described in this policy, solely for the purpose of fulfilling your request.

For business clients who sign up for our platform, we obtain express consent at the time of account creation.

RIGHT TO WITHDRAW CONSENT: You may withdraw your consent to our collection or use of your personal information at any time by contacting us at wecreate@desmios.ca. Withdrawing consent will not affect the lawfulness of any processing already carried out. Note that withdrawing consent may mean we are unable to provide certain services to you.

We do not record or store audio from phone calls.

Our AI processes the spoken content of calls in real time to understand and fulfill your request. Once the call ends, only a text transcript of the interaction is retained — not the audio recording itself.

This means we cannot play back recordings of any call. If you have questions about what was discussed, the text transcript is the only record we hold.

Text transcripts are retained for 30 days and then permanently deleted (see Section 06 for full retention schedule).

Canada's Anti-Spam Legislation (CASL) governs commercial electronic messages, including SMS text messages.

When you place an order or make a booking through our AI phone answering service and provide a phone number, we may send you a single transactional SMS to confirm your order or booking. This SMS is not a marketing message — it is sent solely to confirm the details of your request.

Transactional messages of this kind (order and booking confirmations) are permitted under CASL without prior express consent because they are directly related to the transaction you initiated.

We do not send marketing SMS messages, promotional texts, or any other commercial electronic messages without your prior express consent.

If you receive an unwanted message from us, or wish to opt out of any future communications, contact us immediately at wecreate@desmios.ca or reply STOP to any SMS we have sent you. We will process your request within 10 business days.

Business clients who receive service-related emails from Desmios can unsubscribe at any time using the unsubscribe link in each email or by contacting us directly.

We keep personal information only as long as necessary for the purpose it was collected:

• Call transcripts and order or booking details: 30 days from the date of the call, then permanently deleted

• Caller phone numbers and names: 30 days from the date of the call

• Delivery addresses: 30 days, unless you are a returning customer who has asked us to remember your address for future orders

• Business client account information: retained for the duration of the subscription, plus 30 days after cancellation

• SMS confirmation logs: 30 days, then permanently deleted

After these periods, all personal identifiers are permanently and securely deleted from our systems.

We may retain anonymous, aggregated statistics (such as total call volumes or order counts by time of day) indefinitely for business analytics. This data cannot identify you.

We do not sell, rent, or trade your personal information to anyone, for any purpose.

We share your information only in these limited circumstances:

• With the business whose phone line you called, so they can fulfill your order or booking

• With Twilio Inc., our telecommunications provider, to process phone calls and deliver SMS order confirmations. Twilio acts as a data processor under our instructions and is bound by a Data Processing Agreement.

• With AI processing providers (such as speech-to-text services), to convert the audio of your call to text in real time. Only anonymized text content is sent — your phone number and personal identifiers are not transmitted to these providers.

• If required by Canadian law, court order, or a regulatory authority such as the Privacy Commissioner of Canada

All third parties we share data with are contractually obligated to protect your information and use it only for the stated purpose.

We take the following technical and organizational measures to protect your personal information:

• All data is transmitted over encrypted connections (TLS 1.2 or higher)

• Access to personal data is restricted to authorized Desmios personnel on a need-to-know basis

• Our systems are hosted on industry-standard cloud infrastructure with access controls, audit logging, and regular security reviews

• We conduct periodic reviews of our data handling practices

While we take these precautions seriously, no internet transmission or electronic storage system is completely secure. If you have specific concerns about the security of your information, please contact us at wecreate@desmios.ca.

In the event of a data breach that poses a real risk of significant harm to individuals, Desmios will:

• Notify the Office of the Privacy Commissioner of Canada (OPC) as soon as feasible and, where possible, within 72 hours of becoming aware of the breach

• Notify all affected individuals directly as soon as feasible after notifying the OPC

• Maintain a record of every breach for a minimum of 24 months, as required by PIPEDA's Breach of Security Safeguards Regulations

Notification to affected individuals will include: a description of the breach, the type of information involved, steps we are taking to address the breach, and steps you can take to reduce the risk of harm.

To report a suspected security incident involving your data, contact us immediately at wecreate@desmios.ca.

Our website (desmios.ca) uses essential cookies to keep the site functioning properly — for example, to remember your cookie consent preference.

We do not use advertising cookies, tracking pixels, or third-party analytics tools that personally identify you.

You can manage or disable cookies through your browser settings. Disabling essential cookies may affect some website functionality.

Under PIPEDA, you have the following rights with respect to your personal information:

• The right to know whether we hold personal information about you

• The right to access your personal information and receive a copy

• The right to request correction of inaccurate or incomplete information

• The right to request deletion of your personal information

• The right to withdraw your consent to our collection or use of your information at any time (see Section 03)

• The right to know what third parties we share your information with

• The right to challenge our compliance with PIPEDA

To exercise any of these rights, contact us at wecreate@desmios.ca with your name, contact information, and a description of your request. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca or 1-800-282-1376.

This Privacy Policy and any dispute arising out of or related to it shall be governed by and construed in accordance with the laws of the Province of Ontario and the applicable federal laws of Canada, without regard to conflict of law principles.

Any legal proceedings relating to this Privacy Policy shall be brought exclusively in the courts of competent jurisdiction in the Province of Ontario, Canada. You consent to the personal jurisdiction of such courts.

Before initiating formal legal proceedings, we encourage you to contact us directly at wecreate@desmios.ca so that we may attempt to resolve your concern promptly.

You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada at any time, as described in Section 11.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the effective date at the top of this page.

For material changes, we will notify business clients by email at least 14 days before the changes take effect.

Continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.