1.                  Introduction

Grayson AI Inc. (“Grayson AI”, “we”, “our”, and “us”) recognizes the importance of protecting the privacy and the rights of individuals in relation to their personal information. The purpose of this privacy policy (“Privacy Policy”) is to inform you about our privacy practices, including how we collect, use and disclose your Personal Information.

This policy describes:

·        How we collect, use, disclose and protect the personal information of individuals (the “user”, “you”, or “your”) who access, visit or use Grayson AI’s products and services, including our website at [grayson-ai.com] and our proprietary artificial intelligence/machine learning agent (the “Grayson AI Agent”).

·        The types of information we may collect from you or that you may provide when you use our website or the Grayson AI Agent; and

·        Our practices for collecting, using, maintaining, protecting, and disclosing that information.

We will only use Personal Information in accordance with this policy unless otherwise required by applicable law.

This Privacy Policy does not apply to the extent we process personal information in the role of a processor or service provider on behalf of our customers. It is that customer’s privacy statement that applies; we conduct such activities strictly in accordance with our customer’s instructions and pursuant to our contractual arrangements with the customer. If you are an end user or consumer with an existing relationship with one of our customers, you should refer to the customer’s website to understand their privacy practices and policies.

2.      Privacy Policy Updates

This Privacy Policy is current as of the “last modified” date which appears at the top of this page.  We may make changes to this Privacy Policy from time to time, which will become immediately effective when published in a revised Privacy Policy posted through our products and services, unless otherwise noted. We may also communicate the changes through our services or by other means. In addition, users may track certain compliance and policy updates through our Vanta Trust Center, available at: trust.grayson-ai.com.

Please review this Privacy Policy carefully.  By submitting Personal Information (“Personal Information”) to us, by registering for or using any of the services we offer, including the Grayson AI Agent, or by voluntarily interacting with us, you consent to our collection, use and disclosure of your Personal Information as set out in this Privacy Policy and as revised from time to time.

3.      What is Personal Information?

Personal Information means information about an identifiable individual as described under Canadian privacy laws, which may include, but is not limited to, your name, home address, e-mail address and telephone number.

Personal Information does not include any contact information that is solely used to communicate with you in relation to your employment, business or profession, such as your name, position name or title, work address, work telephone number, or work e-mail address.

Personal Information also does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.

4.      Your Consent to Collection, Use and Disclosure

We collect, use and disclose your Personal Information with your consent or as permitted or required by Canadian privacy laws. How we obtain your consent may be express or implied and will depend on the circumstances, as well as the sensitivity of the information collected. If you choose to provide Personal Information to us, we assume that you consent to the collection, use and disclosure of that Personal Information as outlined in this Privacy Policy.

If you wish to withdraw your consent to our collection, use or disclosure of your Personal Information, please contact our Privacy Officer using the information in the “Contact Information” section below. In some cases, withdrawal of your consent may mean that we will no longer be able to provide you access to our products and services.

5.      Types of Information We Collect, Use, Disclose and Process

If you access or use our products and services (including the Grayson AI Agent), we may collect, either directly or through an authorized third-party, use, disclose and process the following types of information from and about you, in compliance with applicable Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA):

What Information We May Collect

How We Use the Information and How It is Collected

Who We Disclosed It To

Account Information you provide at the time you register for the Grayson AI Agent or otherwise provide in use of the Grayson AI Agent, including but not limited to:

·        Your name

·        Your phone number

·        Your email address

·        Your company name

·        Your company address

Account information is used to provide you our products and services, communicate with you, improve the security, performance and functionality of the Grayson AI Agent, and for identity verification and regulatory compliance purposes.

Account information is only available to Grayson AI or any third-parties who have a need to know the information to support us in providing the services.

We may share this information with our payment processing providers, and our cloud services providers, such as:

·        Microsoft Copilot Marketplace

·        Microsoft Azure

·        Azure OpenAI

This information is not used for marketing or profiling without your consent.

Technical and Usage Information, including, but not limited to:  

·        internet protocol (IP) address,

·        login data,

·        browser type and version,

·        time zone setting and location,

·        browser plug-in types and versions,

·        operating system and platform; and

·        other technology on the devices you use to access our products and services, including our website and the Grayson AI Agent

Technical information is automatically collected to ensure and improve the security, performance, and optional functionality of our Grayson AI Agent.

This type of information is collected through automated technologies or interactions. As you navigate through and use products and services, we may automatically collect the following types of data through cookies, and other tracking technologies: usage details, behavioral data, location data and information.

Technical information may be shared with hosting and cybersecurity service providers to ensure platform security and performance, such as:

·        Microsoft Copilot Marketplace

·        Microsoft Azure

·        Azure OpenAI

This information is not used for marketing or profiling.

Usage Information in connection with our products and services (including the Grayson AI Agent), including, but not limited to:  

·        the pages you visit;

·        the frequency of your logins;

·        the features and functionality you use; and

·        The actions you take.

We primarily use this usage data for analytics and to enhance your overall user experience, and to monitor use of our products and services to support their proper functioning and further improvement and optimization.

This information is collected when you:

·        when you sign up for our Grayson AI Agent;

·        when you access or use our Grayson AI Agent or website;

·        during communications between you and our representatives; and

·        during communications between you and other users through our products and services.

Usage data may be disclosed to analytics partners to help us understand user behavior and improve our Grayson AI Agent functionality, such as:

- Agent execution history

-Prompts

-Queries submitted

-AI conversation history
-Uploaded files

This data is aggregated and anonymized wherever possible.

We also collect, use and share aggregated and anonymized data for any purpose. Aggregated and anonymized data is not considered Personal Information because it cannot be used to identify you.

We note that any information set out in this Section 5 may be shared with Microsoft in connection with the terms of use and privacy policies and practices governing your use of Microsoft Copilot. Further information relating to Copilot’s privacy practices and procedures can be found here.

6.      Custody of Personal Information

Grayson AI uses strong security practices to store and protect Personal Information. Your data is securely stored on encrypted servers, protected by best-in-class firewalls and comprehensive security protocols:

·        Access Control: Access is strictly limited to authorized staff trained in data security and privacy, who follow strict confidentiality policies.

·        Digital Security: We regularly update our systems with advanced encryption and technologies to prevent and address vulnerabilities.

·        Data Backups: Regular backups are maintained to ensure data resilience against loss, system failures, or malicious threats.

·        Data Retention: Personal Information is retained only as long as necessary to fulfill service obligations or meet legal requirements.

·        Data Disposal: After the retention period, data is securely deleted or de-identified using industry-standard methods in compliance with PIPEDA.

·        Security Monitoring: Technical data is used for ongoing audits and risk assessments to protect against unauthorized access and breaches.

7.      How We Share Your Personal Information

If we provide information to third-party service providers (as noted in Section 5 of this Privacy Policy), we require that the service providers keep Personal Information secure and only handle it for limited purposes. We do not authorize the service providers to disclose Personal Information to unauthorized parties or to use Personal Information for their direct marketing purposes. 

Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our rights, operations or property; (f) to allow us to pursue available remedies or limit the damages that we may sustain. 

If we otherwise intend to disclose Personal Information to a third party, we will identify that third party and the purpose for the disclosure and obtain your consent.

8.      How We Secure Personal Information

At Grayson AI, we take data security and privacy seriously. We implement a range of technical and organizational measures to protect Personal Information from unauthorized access, loss, or corruption. These include:

·        Encryption: We encrypt your data both at rest and in transit using advanced encryption algorithms, ensuring it remains unreadable without proper authorization.

·        Anonymization: Where possible, we anonymize your data—especially for analytics and planning—by removing or masking identifiers like your name, email, or phone number.

·        Firewalls and Access Control: We use firewalls and strict access controls to protect our servers and databases. Only trained and authorized staff can access Personal Information, and they must follow strict confidentiality and data handling protocols.

·        Data Backups and Retention: We perform regular backups to ensure data durability and resilience against loss or malicious threats. Personal information is retained only as long as necessary to fulfill service obligations or comply with legal requirements.

·        Data Disposal: Once the retention period ends, we securely delete or de-identify your data using industry-standard methods in compliance with PIPEDA.

·        Ongoing Monitoring: We continuously monitor and update our security practices to meet evolving standards and regulatory requirements.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Grayson AI Agent, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure. Accordingly, any Personal Information or other information which you transmit to us online is transmitted at your own risk. We endeavour to take all reasonable steps to protect the Personal Information you may transmit to us or from our products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security.

9.      Cross-Border Transfers

Your Personal Information may be transferred or processed outside of Canada, such as the United States. Other jurisdictions may have different data protection rules than Canada.  While Personal Information is outside of Canada, it is subject to the laws of the country in which it is located.  Those laws may require disclosure of your Personal Information to authorities in that country. For more information, please contact our Privacy Officer using the information set out in the “Contact Information” section below.

10.   Getting and Withdrawing Your Consent

We only collect information by lawful means. As part of using our products and services or interacting with us, we may collect and process some details about you. When we do so, we will collect, use or share Personal Information with your consent for the purposes identified or as otherwise permitted or required by law. In compliance with our privacy obligations, we may obtain your permission based on implied consent (including through this privacy policy) or through other means (such as express consent). However, in some situations, the law allows us to collect, use or disclose Personal Information without your consent.

You can withdraw your consent to the collection, use or disclosure of your information at any time by contacting our Privacy Officer using the information set out in the “Contact Information” section below. However, in some cases withdrawing your consent will mean that we can no longer provide you with access to our products and services, including the Grayson AI Agent, or perform certain tasks where the information is required to do so.

11.   Accessing Your Personal Information

You have the right to access Personal Information we hold about you. In accordance with PIPEDA, you may also request that we update, correct, or delete Personal Information at any time. To exercise these rights, please submit a written request specifying the information you wish to access, update, or remove. You can contact our Privacy Officer by email at privacy@grayson-ai.com or by mail at:

GraysonAI

4711 Yonge Street

Unit 10013- 10th floor

North York, ON, Canada, M2N 6K8

We will respond to your request within 30 days, as required by PIPEDA. To protect your privacy, we may ask you to verify your identity before fulfilling your request. In some cases, we may charge a reasonable fee based on the volume or complexity of the information requested. If you identify any inaccuracies in Personal Information, please notify us promptly. We will make the necessary corrections in accordance with PIPEDA.

If you have concerns or complaints about how we handle Personal Information, please contact our Privacy Officer at privacy@grayson-ai.com. We are committed to resolving any issues. If you are not satisfied with our response, you may also contact the Office of the Information and Privacy Commissioner of Ontario at https://ipc.on.ca.

12.               Data Subject Rights

You may request access to any Personal Information we hold about you at any time by contacting us (see “Contact Information” below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by emailing it to you).

If you believe that Personal Information, we hold about you is incorrect, incomplete, or inaccurate, then you may request us to amend it. We will consider whether the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the Personal Information stating that you disagree with it, together with your requested amendment. If we correct your Personal Information, we will, so far as is reasonably practicable, inform every other person to whom we have disclosed that information of the correction.

For Quebec residents, you are entitled to the following additional data subject rights in respect of Personal Information, including:

1. Your right to deletion – You have the right to ask us to delete Personal Information in certain circumstances.

2. Your right to be informed of and submit observations regarding automated decision making – You have the right to ask us for additional information on processing on automated decision making and the right to submit observations to a designated individual within the organization.

3. Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

4.      Right to be informed.  You have the right to be informed about what personal information is collected, used, disclosed, retained, and deleted. Even if this is what this notice is meant to achieve, you may request additional information to clarify the extent of your consent.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or to give effect to other data subject rights you may be entitled. In certain situations, we may not be able to fulfil your request. If that is the case, we’ll explain the reasons for our decision when responding to your request. For example, in some cases the information you request access to may contain details about other individuals, or there may be legal, security, or commercial proprietary reasons why information is withheld.

13.   Data Retention

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your Personal Information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

For Quebec Residents, if your data is anonymized, we will comply with Quebec laws and regulations ensuring your Personal Information is anonymized in accordance with generally accepted best practices and the criteria and terms determined by the regulation.

14.   Our Use of Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies across our products and services to enhance your experience and deliver relevant content. These technologies help us remember your preferences, improve functionality, and support analytics and advertising efforts.

We use the following types of cookies and tracking tools:

·        Essential Cookies: Required for the core functionality and security of our products and services. These enable features like authentication and fraud prevention. These cookies are necessary and cannot be disabled.

·        Functional Cookies: Enhance your experience by remembering preferences such as language, region, and display settings. They also help us deliver personalized content and recommendations.

·        Analytical Cookies: Collect data on how you interact with us, such as features used, actions taken and errors encountered, to help us improve performance and user experience.

·        Advertising Cookies: Track your activity to deliver relevant ads and measure the effectiveness of our marketing campaigns. These cookies help avoid showing you the same ads repeatedly.

·        Other Tracking Technologies: We may also use pixels, location tracking, and device fingerprinting to gather insights into your usage patterns and improve our services.

You can manage your cookie preferences through your browser settings or opt-out tools where applicable.

15.   Third Party Services

This Privacy Policy does not extend to any websites, agents, products or services provided by third parties, including Microsoft or any other products or services related to your use of Microsoft Copilot. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using third party websites, agents, products or services.

16.               Contact Information

We welcome your questions, comments, complaints and requests regarding this Privacy Policy and our privacy practices. We have appointed a Privacy Officer responsible for compliance with Canadian privacy laws. Please contact our Privacy Officer at:

Privacy Officer: Chad Ford

Email: privacy@grayson-ai.com

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact us using the contact information listed above. Please note that we may need to confirm your identity or request additional details in order to process your request.