Privacy Policy

Effective Date: July 16, 2025

Last Updated: December 04, 2025

Overview

Rossy AI (“Rossy,” “we,” “us,” or “our”) is operated by Rossy, doing business as Rossy.ai, based in Ontario, Canada. We are committed to protecting your privacy and handling your personal information responsibly and transparently.

This Privacy Policy outlines how we collect, use, share, and protect personal information in accordance with applicable Canadian laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the proposed Consumer Privacy Protection Act (CPPA), and the Artificial Intelligence and Data Act (AIDA).

1. Scope & Accountability

  • This Privacy Policy applies to all personal data collected through Rossy AI’s services.
  • Our appointed Privacy Officer ensures compliance with privacy laws, staff training, data handling, and responding to inquiries or complaints.

2. Information We Collect

We collect only data necessary for functionality and improvement, including:

  • Audio recordings and transcripts of calls
  • Caller metadata, such as names, phone numbers, company IDs, and call timestamps
  • Voice call interactions with the Rossy AI voice agent (non‑Google data) may be used to train and improve our AI models. Gmail messages or Google user data are never used for AI training or model tuning.
  • Technical information, such as usage logs, device identifiers, and IP addresses

This data is collected to operate and improve the service and is treated with strict confidentiality.

3. Purpose of Collection, Use & Disclosure

We use personal information for the following purposes:

  • Provide and maintain our Services
  • Create and manage your Rossy voice agent
  • Process payments securely
  • Deliver support and system updates
  • Communicate about product improvements or—if opted in—marketing
  • We may use voice call data only to improve the accuracy of our AI voice agent. Gmail messages or any Google user data are not used for AI training, tuning, analytics, or any product improvements outside of Gmail‑related features.
  • Ensure platform security, prevent misuse, and comply with legal requirements
  • Generate anonymized analytics for business intelligence and product enhancement

We do not use your personal data for any purpose beyond those described above unless we obtain your explicit consent.

4. Consent

  • We collect personal data based on informed, explicit, or implied consent, depending on the context.
  • Users may withdraw consent at any time by contacting us; however, this may limit functionality or disable certain features of Rossy.

5. Transparency & Explainability (AIDA Compliance)

Rossy AI uses machine learning models that may influence automated decisions:

  • We are transparent about the use of AI in our services.
  • Where applicable, we provide meaningful explanations about how these decisions are made.
  • We maintain documentation, oversight, and audit logs as required for “high-impact systems” under AIDA.

6. Data Retention & Minimization

  • Personal data is retained for up to 6 months unless a longer retention period is required by law or business need.
  • After the retention period, data is securely deleted or anonymized.

7. Data Security

We implement industry-standard safeguards to protect your data, including:

  • End-to-end encryption of audio and text
  • Secure access controls and user authentication
  • Infrastructure-level protections and audit logs
  • Security awareness training for staff
  • Monitoring and alerting for unusual access or data patterns

8. Third-Party Disclosures

We may share data with trusted third parties solely to provide and optimize our service:

  • Stripe for payment processing
  • Twilio for phone/SMS integration
  • Open AI for content generation
  • Analytics services Google Analytics for platform performance and behavior insights
  • Cloud hosting providers Heroku for secure infrastructure
  • Legal authorities, when disclosure is legally required (e.g., under court order)

We ensure that all third-party partners are bound by strong privacy and security obligations. We never sell your personal information.

9. Google API Services User Data Policy Disclosure

Rossy AI’s use and transfer of information received from Google APIs to any other app or system will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We access Google user data only to provide core user-facing functionality, such as calendar scheduling. We do not use this data for advertising, and we do not sell or transfer this information to third parties. All access is secured, access-controlled, and restricted to the minimum necessary to fulfill the service function.

10. Prohibited Uses

You may not use Rossy AI to:

  • Engage in unlawful activity
  • Harass, defame, discriminate, or threaten others
  • Upload malicious code, viruses, or scripts
  • Collect or mine data from others without consent
  • Tamper with, reverse-engineer, or bypass security measures
  • Violate applicable laws or the terms of this Privacy Policy

Violation may result in termination of access and legal action where appropriate.

11. Your Rights & Choices

As a user, you have rights under Canadian privacy laws, including the right to:

  • Access your personal data held by us
  • Request corrections if your information is inaccurate or outdated
  • Withdraw consent for further data use
  • File complaints with Rossy AI or the Office of the Privacy Commissioner of Canada

To exercise these rights, contact us at: support@rossy.ai

We will respond to legitimate requests within the legal timeframes set by PIPEDA and related acts.

12. Children’s Privacy

Rossy AI is a business-focused tool and is not intended for use by children under 13 years of age. We do not knowingly collect data from minors. Any such data found will be deleted immediately.

13. Breach Notification

If a security breach occurs that presents a risk of significant harm to personal information:

  • Affected users will be notified without delay
  • A report will be submitted to the Office of the Privacy Commissioner of Canada, as required under PIPEDA

14. Disclaimer of Warranties & Limitation of Liability

  • The Rossy AI platform is provided “as-is” without warranties of any kind.
  • We do not guarantee error-free operation, accuracy, or uninterrupted service.
  • Under no circumstances will Rossy AI or its affiliates be liable for indirect, incidental, or consequential damages—such as data loss, service interruption, or lost revenue—arising from the use of our services.

15. Policy Updates

We may revise this Privacy Policy from time to time:

  • Users will be notified through in-app messaging or email of significant changes.
  • Continued use of the services after such notice constitutes acceptance of the updated policy.

16. Governing Law

This Privacy Policy and your use of Rossy AI are governed by the laws of Canada, and any disputes will be resolved under applicable federal or provincial laws.

17. Contact & Privacy Officer

For questions about this Privacy Policy or our data practices, please contact:

Privacy Officer

Rossy AI (Canada)

Support: support@rossy.ai