Legal · Updated May 1, 2026

Privacy policy.

How we collect, use, and protect your data — written so you can actually understand it. GDPR & PIPEDA compliant.

Last updated: May 1, 2026
On this page

1. Introduction

iSada Inc. (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains, in plain English, how we collect, use, and safeguard your information when you use our AI receptionist service. We comply with the European Union's General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.

If you have questions at any point, email privacy@isada.ai. We respond to every privacy request within 30 days.

2. Information We Collect

  • Account information: Name, email, business name, phone number, billing details.
  • Call data: Audio recordings, transcripts, caller phone numbers, call duration, AI responses, and disposition (booked, transferred, voicemail).
  • Usage data: IP address, browser type, pages visited, dashboard interaction patterns.
  • Integration data: Calendar events, CRM contacts, and customer notes from systems you connect (Google Calendar, HubSpot, etc.).
  • Cookies: Session maintenance, preference storage, and aggregated usage analytics.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the iSada service.
  • Process incoming calls and generate AI receptionist responses.
  • Send transactional communications (receipts, security alerts, product updates you've opted into).
  • Analyze aggregated, de-identified usage patterns to improve performance.
  • Detect, prevent, and investigate fraud or security incidents.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your call recordings to train third-party AI models without your written consent.

4. Data Sharing

We share data only with:

  • Service providers: Hosting (AWS, Cloudflare), payment processing (Stripe), telephony carriers (Twilio), and AI providers (OpenAI, Anthropic, Google) under strict data processing agreements.
  • AI processing: Call audio is processed by AI providers to generate responses; transcripts are not retained by them beyond the session.
  • Legal requirements: When required by valid legal process (court order, subpoena), we may disclose information after reviewing the request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets — with notice to you.

5. Cookies

We use three categories of cookies:

  • Essential cookies: Session and authentication. Required for the service to work.
  • Preference cookies: Theme, language, dashboard settings.
  • Analytics cookies: Aggregated usage measurement (e.g., Plausible). No cross-site tracking.

You can manage or disable cookies via your browser settings. Disabling essential cookies will break parts of the service.

6. Data Security

We use industry-standard security measures to protect your data:

  • TLS 1.3 encryption in transit, AES-256 encryption at rest.
  • API keys hashed with bcrypt; passwords never stored in plain text.
  • Cloudflare DDoS protection and Web Application Firewall.
  • Regular third-party penetration testing and security audits.
  • Role-based access controls and multi-factor authentication for staff.
  • Continuous monitoring with 24/7 alerting.

For more detail, see our Security page.

7. Data Retention

We retain data for as long as your account is active. Specific retention periods:

  • Call recordings: Per your plan settings (default 90 days; configurable).
  • Transcripts and metadata: 12 months by default; longer on Enterprise.
  • Account & billing data: Active during the lifetime of your account, plus 7 years for tax/audit retention.
  • Post-cancellation: Personal data is deleted within 30 days of account closure unless a legal hold applies.

You can request earlier deletion at any time by contacting privacy@isada.ai.

8. Your Rights

Under the GDPR, PIPEDA, and similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete information.
  • Erase your data (“right to be forgotten”) subject to legal exceptions.
  • Port your data to another provider in a structured machine-readable format.
  • Restrict or object to certain processing activities.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a data protection authority.

Email privacy@isada.ai to exercise any of these rights. We respond within 30 days, no fee.

9. International Transfers

Data may be transferred to and processed in countries other than where you live, including the United States and the European Union. When we transfer data outside Canada or the EU, we use appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The iSada service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page and, where required, communicated by email at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

12. Contact

Questions or requests? Email privacy@isada.ai.

iSada Inc.
Toronto, Ontario, Canada
Data Protection Officer: dpo@isada.ai

Questions? Talk to our team.

Privacy and data questions, answered within one business day.

Contact us