Privacy Policy
Effective Date: June 09, 2026 Website: insightdialog.ai Company / Controller: 14800079 Canada Inc., operating as Insight Dialog Business Mailing Address: 619-3111 avenue des Hôtels, Québec City, Québec, G1W 4W7, Canada Privacy Officer / Person in Charge of Personal Information: Bassel Moukaddem Privacy Contact: compliance@insightdialog.ai EU / EEA Representative: Insight Dialog has not currently appointed an EU / EEA representative. If we become required to appoint one under applicable law, we will update this Privacy Policy with the representative’s contact details.
Insight Dialog provides an AI SaaS platform that helps organizations connect business data, generate source-backed insights, support decision-making, orchestrate governed AI workflows, and manage human oversight of AI-assisted actions.
This Privacy Policy explains how 14800079 Canada Inc., operating as Insight Dialog, collects, uses, discloses, retains, protects, and transfers personal information when you visit our website, request a demo, submit a form, communicate with us, use our platform, or interact with our services.
This Privacy Policy is designed to support compliance with applicable privacy laws, including Quebec’s Act respecting the protection of personal information in the private sector, as amended by Law 25, Canada’s Personal Information Protection and Electronic Documents Act where applicable, and the European Union General Data Protection Regulation where applicable.
1. Our Role
Depending on the context, Insight Dialog may act as either a privacy-law controller / organization responsible for personal information, or as a processor / service provider acting on behalf of a business customer.
For website visitors, demo leads, sales contacts, form submissions, billing contacts, account administrators, marketing recipients, and individuals who communicate directly with us, Insight Dialog generally acts as the organization responsible for personal information.
For data submitted to the Insight Dialog platform by or on behalf of a business customer, Insight Dialog generally acts as a processor or service provider. In that context, the business customer is responsible for determining what personal information is submitted to the platform, the purposes for which it is processed, and the lawful basis for that processing.
If you use Insight Dialog through your employer or another organization, that organization may control certain personal information associated with your use of the platform. You should also review that organization’s privacy notices and internal policies.
2. Personal Information We Collect
We may collect the following categories of personal information.
2.1 Information You Provide Directly
This may include:
- Name
- Business email address
- Phone number
- Company name
- Job title
- Account registration information
- Demo request details
- Form submissions
- Support requests
- Messages, feedback, and communications with us
- Billing contact information
- Contract, procurement, and customer relationship information
2.2 Information Collected Automatically
When you visit our website or use the platform, we may collect:
- IP address
- Browser type and version
- Device information
- Operating system
- Approximate location derived from IP address
- Referring URLs
- Pages viewed
- Dates and times of access
- Clicks, interactions, and usage events
- Technical logs
- Cookie and similar technology data
2.3 Customer Data Processed Through the Platform
Business customers may submit, upload, connect, or generate data through Insight Dialog. Depending on the customer’s configuration, this may include:
- Business records
- Operational data
- CRM, ecommerce, hospitality, analytics, financial, or workflow data
- User prompts and instructions
- Uploaded files
- Integration data
- Approval history
- Generated insights, summaries, recommendations, and outputs
- Agent workflow activity
- Audit logs
- Personal information contained in connected customer systems
Customers are responsible for ensuring that they have the necessary rights, notices, consents, contractual permissions, and lawful bases to submit Customer Data to Insight Dialog.
2.4 Information From Third-Party Integrations
If a customer connects Insight Dialog to third-party platforms, we may receive information from those systems as authorized by the customer. These systems may include CRM platforms, ecommerce platforms, hospitality systems, property management systems, databases, analytics tools, payment platforms, productivity tools, communication tools, and other business applications.
2.5 Information From Public or Business Sources
We may collect limited business contact information from publicly available sources, referrals, professional networks, events, business directories, or commercial lead sources where permitted by law.
3. Purposes and Legal Bases for Processing
Where GDPR applies, we rely on the following legal bases.
| Purpose of Processing | Categories of Information | Legal Basis Under GDPR |
|---|---|---|
| Providing the website and responding to inquiries | Contact information, form submissions, communication data, website usage data | Legitimate interests; steps prior to entering into a contract |
| Providing and operating the Insight Dialog platform | Account data, Customer Data, usage data, integration data | Performance of contract; legitimate interests; processing on customer instructions |
| Account administration and authentication | Account details, login data, security logs | Performance of contract; legitimate interests; legal obligation where applicable |
| Processing demo requests and website forms | Name, business email, company name, message content, form metadata | Legitimate interests; steps prior to entering into a contract; consent where required |
| Customer support and troubleshooting | Contact information, support communications, platform logs, relevant Customer Data | Performance of contract; legitimate interests |
| AI-assisted analysis, insights, recommendations, summaries, workflow outputs, and governed agent actions | Customer Data, prompts, connected business data, platform usage data | Performance of contract; legitimate interests; processing on customer instructions |
| Security, fraud prevention, abuse detection, and system integrity | Log data, IP address, device data, account activity, security events | Legitimate interests; legal obligation where applicable |
| Billing, invoicing, payment administration, accounting, and tax compliance | Billing contact details, subscription details, invoice history, transaction metadata | Performance of contract; legal obligation |
| Marketing communications | Business contact information, communication preferences, website activity | Consent where required; legitimate interests where permitted |
| Product analytics and service improvement | Usage data, aggregated data, de-identified data, feedback | Legitimate interests; consent where required |
| Legal compliance, dispute management, and enforcement of agreements | Relevant account, contract, billing, security, and communication records | Legal obligation; legitimate interests |
Where we rely on legitimate interests, those interests may include operating and improving our services, securing our systems, communicating with business contacts, preventing misuse, supporting customers, and developing our business, provided those interests are not overridden by applicable rights and freedoms.
Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect processing that occurred before withdrawal.
4. AI Processing and Automated Decision-Making
Insight Dialog uses AI-enabled systems to help generate business insights, recommendations, summaries, workflow suggestions, draft outputs, and governed agent actions.
Unless expressly configured otherwise by a customer, Insight Dialog is designed to support human review and oversight. The platform is not intended to make decisions that produce legal effects or similarly significant effects on individuals solely through automated processing.
Customers are responsible for configuring appropriate review, approval, escalation, monitoring, and governance processes before using AI outputs in material business, operational, financial, employment, customer-facing, legal, or compliance-related decisions.
Where a customer configures Insight Dialog in a way that may involve automated decision-making about individuals, the customer is responsible for ensuring that required notices, legal bases, safeguards, human intervention rights, contestation rights, and explanations are provided.
Where Insight Dialog acts as the controller and uses automated processing that produces legal or similarly significant effects, we will provide meaningful information about the logic involved, the significance and expected consequences of the processing, and available rights to obtain human intervention, express a point of view, and contest the decision.
5. Use of Customer Data for AI Model Training
Unless we expressly agree otherwise in writing, we do not use Customer Data to train public foundation models.
We may use aggregated, anonymized, or de-identified information to operate, secure, analyze, and improve Insight Dialog, provided such information does not identify a customer, user, or individual.
If we offer optional features that involve additional model training, fine-tuning, or learning from Customer Data, we will provide appropriate notice and obtain any required contractual authorization or consent before enabling those features.
6. Cookies and Similar Technologies
We may use cookies, pixels, local storage, analytics tools, and similar technologies to operate our website and platform, remember preferences, understand performance, improve services, detect security issues, and support marketing.
Depending on your location, we may request consent before using non-essential cookies. You can manage cookies through your browser settings and, where available, through our cookie preference tool.
We may use the following categories of cookies:
- Strictly necessary cookies
- Functional cookies
- Analytics cookies
- Performance cookies
- Advertising or marketing cookies, if enabled
If we use a cookie banner or cookie preference center, it will provide additional information about the cookies and similar technologies used on our website.
7. Service Providers and Subprocessors
We use service providers and infrastructure providers to operate Insight Dialog and support our website, forms, communications, hosting, database, and related services.
| Provider | Purpose | Categories of Data Processed |
|---|---|---|
| Vercel | Website and application hosting, deployment, infrastructure, technical logs, and PostgreSQL database hosting | Website usage data, technical logs, account/application data, platform data, Customer Data, logs, and records processed through the platform |
| GoDaddy | Domain registration, domain administration, and DNS/domain-related services | Domain registration information, administrative contact information, and technical domain data |
| Mailgun | Processing and delivery of website form submissions, email notifications, and transactional emails | Names, business email addresses, form content, message metadata, email delivery logs |
Our PostgreSQL database is hosted on Vercel infrastructure. We require service providers to process personal information only as necessary to provide services to us and to protect personal information using appropriate contractual, technical, and organizational safeguards.
8. How We Share Personal Information
We may disclose personal information to the following categories of recipients.
8.1 Service Providers
We may share information with service providers that support hosting, cloud infrastructure, domain services, security, analytics, customer support, email delivery, payment processing, billing, logging, monitoring, AI infrastructure, and other business operations.
8.2 Customer Administrators
If your account is provided by an organization, that organization and its administrators may access information associated with your use of Insight Dialog, including account details, role, permissions, usage activity, workflow history, approvals, connected data, and outputs.
8.3 Third-Party Integrations
When a customer connects Insight Dialog to third-party services, we may share or receive information as necessary to operate the integration, based on the customer’s configuration and authorization.
8.4 Legal, Regulatory, and Safety Disclosures
We may disclose personal information where required by law, regulation, subpoena, court order, governmental request, or legal process. We may also disclose information where we believe it is necessary to protect rights, safety, security, investigate misuse, enforce agreements, or prevent fraud.
8.5 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal information may be transferred as part of that transaction, subject to appropriate safeguards.
We do not sell personal information in the ordinary sense of exchanging it for money.
9. International Transfers and Transfers Outside Quebec
We may process, store, or transfer personal information outside your province, state, or country, including outside Quebec, Canada, the European Economic Area, and the United Kingdom.
Before communicating personal information outside Quebec where required by Law 25, we assess relevant factors, including the sensitivity of the information, the purposes of use, the protection measures in place, and the legal framework applicable in the destination.
Where GDPR applies and personal information is transferred outside the European Economic Area to a country that has not received an adequacy decision, we use appropriate safeguards where required, such as Standard Contractual Clauses, data processing agreements, transfer impact assessments, encryption, access controls, and other technical and organizational measures.
You may contact us at compliance@insightdialog.ai for more information about applicable transfer safeguards.
10. Retention and Destruction
We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, security needs, backup processes, dispute resolution, tax, accounting, audit, or legal obligations.
Our retention criteria include:
- The type and sensitivity of the information
- The purpose for which it was collected
- Customer contract requirements
- Legal, accounting, and reporting obligations
- Security and fraud prevention needs
- Whether the information is contained in backups or audit logs
- Whether retention is needed to establish, exercise, or defend legal claims
When personal information is no longer required, we delete, destroy, anonymize, or de-identify it using reasonable measures appropriate to the nature of the information.
11. Security Safeguards
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, use, disclosure, loss, alteration, or destruction.
These safeguards may include:
- Access controls and role-based permissions
- Authentication controls
- Encryption in transit and, where appropriate, at rest
- Logging and monitoring
- Network and application security controls
- Vendor and service provider review
- Confidentiality obligations
- Internal privacy and security policies
- Employee access restrictions
- Incident response procedures
- Backup and recovery processes
No system is completely secure. Customers are responsible for configuring their accounts, permissions, integrations, data access, and internal governance appropriately.
12. Confidentiality Incidents and Personal Data Breaches
If we become aware of a confidentiality incident, personal data breach, or security incident involving personal information, we will take reasonable steps to reduce the risk of harm and prevent similar incidents.
Where required by applicable law, we will notify affected individuals, customers, regulators, the Commission d’accès à l’information du Québec, EU supervisory authorities, or other relevant authorities.
For Customer Data processed on behalf of a customer, we will notify the customer as required by our agreement and applicable law so the customer can meet its own notification obligations.
13. Privacy Governance Under Quebec Law 25
We maintain governance policies and practices designed to protect personal information throughout its life cycle.
These policies and practices address, as appropriate:
- Roles and responsibilities for personnel who handle personal information
- Collection, use, disclosure, retention, and destruction of personal information
- Access controls and authorization management
- Complaint handling
- Confidentiality incident response
- Vendor and service provider management
- Privacy impact assessments for relevant projects
- Cross-border transfer assessments
- Employee awareness and training
- Review and approval by the Privacy Officer / Person in Charge of Personal Information
The Privacy Officer / Person in Charge of Personal Information is responsible for overseeing our privacy program and can be contacted at compliance@insightdialog.ai.
14. Privacy Impact Assessments
Where required by applicable law, including Quebec Law 25, we conduct privacy impact assessments for projects involving the acquisition, development, or overhaul of information systems or electronic service delivery systems involving personal information.
These assessments are proportionate to the sensitivity, purpose, amount, distribution, and storage medium of the personal information involved.
15. Your Privacy Rights
Depending on where you are located and the laws that apply, you may have the right to:
- Access your personal information
- Request correction or rectification
- Request deletion or erasure
- Request restriction of processing
- Object to processing
- Object to direct marketing
- Withdraw consent where processing is based on consent
- Request data portability
- Request information about automated decision-making
- Obtain human intervention, express your point of view, and contest certain automated decisions
- Request information about categories of persons who have access to your information
- Request information about retention periods
- File a complaint with a privacy regulator or supervisory authority
If you are in Quebec, written access or correction requests should be addressed to the Privacy Officer / Person in Charge of Personal Information at compliance@insightdialog.ai. We will respond within the time required by applicable law.
If you are in the European Economic Area or the United Kingdom, you may have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve your concern.
To exercise your rights, contact us at compliance@insightdialog.ai. We may need to verify your identity before responding.
If your personal information is controlled by one of our business customers, we may direct your request to that customer or assist the customer in responding, depending on the circumstances and our contractual obligations.
16. Marketing Communications
You may unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us at compliance@insightdialog.ai.
Even if you unsubscribe from marketing communications, we may still send service-related messages, including security notices, legal notices, billing messages, account updates, and support communications.
17. Children’s Privacy
Insight Dialog is intended for business use and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us at compliance@insightdialog.ai so we can take appropriate steps.
18. Sensitive Personal Information
Insight Dialog is designed for business use. Customers should not submit sensitive personal information unless it is necessary, lawful, authorized, and covered by appropriate safeguards and contractual terms.
Sensitive information may include health information, biometric information, financial account information, government identifiers, precise geolocation, information about children, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, sexual orientation, criminal offence data, or other information treated as sensitive under applicable law.
19. Customer Responsibilities
Business customers are responsible for:
- Providing required notices to their users, employees, customers, or other individuals
- Obtaining required consents or establishing another lawful basis for processing
- Ensuring submitted data is lawful, accurate, relevant, and limited to what is necessary
- Configuring platform permissions, approval flows, and integrations appropriately
- Reviewing AI outputs before relying on them
- Ensuring use of Insight Dialog complies with applicable laws, contracts, and internal policies
- Responding to privacy rights requests where the customer controls the relevant personal information
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised effective date.
If changes are material, we will provide additional notice where required by law or where appropriate.
21. Contact Us
For questions, complaints, privacy rights requests, or concerns about this Privacy Policy, contact:
Privacy Officer / Person in Charge of Personal Information Bassel Moukaddem 14800079 Canada Inc., operating as Insight Dialog 619-3111 avenue des Hôtels Québec City, Québec G1W 4W7 Canada Email: compliance@insightdialog.ai
For Quebec privacy complaints, you may also contact the Commission d’accès à l’information du Québec.
For EU / EEA privacy matters, contact us at compliance@insightdialog.ai. If we become required to appoint an EU / EEA representative, we will update this Privacy Policy with the representative’s contact details.