Automating DNA Privacy Policy

Effective Date: April 26, 2025

1. Our Commitment to Privacy

Automating DNA ("we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal information in accordance with applicable Alberta privacy legislation, including the Personal Information Protection Act (PIPA).

This policy applies to:

• Information we collect directly from visitors to our website, individuals requesting information (like demos), and our business clients ("Client Data").
• Information that is provided to or processed through our AI-powered automation, chatbots, and agent services ("Services") by our clients or their end-users ("Service Data").

For Service Data, Automating DNA primarily acts as a service provider or processor on behalf of our clients.

2. Information We Process

Client Data:

We collect information necessary to manage our business relationships, such as contact details (name, email, phone number), business information, billing details, and communication records when you inquire about, register for, or use our administrative services (like booking a demo or managing your account).

Service Data:

Our AI Services process personal information that our clients or their end-users input into the chatbots or automated systems. The types of personal information collected through our Services are determined and controlled by our clients based on how they configure and use the Services. Automating DNA processes this Service Data solely on behalf of and under the instructions of our clients.

3. How We Use Information & Legal Basis

Client Data:

We use Client Data based on your consent (e.g., when requesting a demo) or our legitimate business interests to:

• Provide, manage, and support our Services.
• Communicate with clients regarding account management, billing, support, and service updates.
• Improve our website and service offerings.
• Comply with legal and regulatory requirements.

Service Data:

We use Service Data strictly to provide and maintain the AI Services as directed by our clients. Our clients are responsible for establishing the legal basis (e.g., obtaining necessary consents) for collecting and processing the Service Data through our Services. We do not use Service Data for our own purposes beyond providing and improving the contracted Services.

We take reasonable steps to ensure the Client Data we collect and use is accurate and complete. Clients are responsible for the accuracy of the Service Data inputted into our Services.

4. SMS Messaging and Mobile Information

With respect to any mobile phone numbers collected and used for our SMS messaging programs (including service notifications, appointment reminders, and other communications as described in our A2P 10DLC campaign registration), Automating DNA is committed to protecting your privacy. Mobile information, including phone numbers provided by you or our clients for the purpose of receiving SMS messages from Automating DNA, will not be shared with or sold to third parties or affiliates for their own marketing or promotional purposes. This mobile information will be used solely by Automating DNA for the purpose of delivering the SMS messages to which you or the end-user have consented.

5. Disclosure of Personal Information

Automating DNA does not sell, rent, or trade personal information. We disclose personal information only as follows:

Client Data:

We may disclose Client Data to service providers acting on our behalf (see Section 6), as required by law, or in connection with business transactions.

Service Data:

We do not disclose Service Data except:

• As directed or permitted by the respective client who controls the data.
• To subprocessors (like hosting providers or underlying AI platforms, including GoHighLevel CRM where applicable) necessary to provide the Services, under strict confidentiality and data processing agreements.
• As required by law or legal process applicable to Automating DNA.

6. Service Providers & International Data Storage

We use third-party service providers for functions such as CRM (including GoHighLevel), hosting, communication platforms, and potentially underlying AI technologies. These providers may store or process Client Data and Service Data outside of Canada, primarily in the United States. While outside Canada, information is subject to the laws of that jurisdiction and may be accessible to foreign courts, law enforcement, and national security authorities. We use contractual agreements and vetting processes to ensure these providers offer reasonable security and data protection standards, comparable to those required under PIPA, and process data only as instructed.

7. Data Security

We implement reasonable technical, administrative, and physical security measures designed to protect the personal information under our control (Client Data) and the systems processing Service Data against unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction. Our clients are responsible for implementing appropriate security measures when configuring and using our Services. Security is a shared responsibility.

8. Data Retention

Client Data:

We retain Client Data only as long as necessary for the purposes outlined in Section 3, or as required by law.

Service Data:

We retain Service Data according to the instructions and agreements with our clients. Clients typically control the retention period for the data processed through our Services.

When personal information is no longer required, we securely destroy or anonymize it.

9. Your Privacy Rights & Access

Under Alberta's PIPA, individuals have rights regarding their personal information, subject to exceptions:

For Client Data (Information held directly by Automating DNA):

You have the right to request access to or correction of your Client Data held by us, or withdraw consent for its use (subject to limitations). Please contact our Privacy Officer.

For Service Data (Information processed via AI Services for our Clients):

If you are an end-user of one of our clients' services and wish to exercise access, correction, or other rights regarding personal information processed by our AI Services, please direct your request to our client (the business whose chatbot/service you interacted with). They are the controller of that data. Automating DNA will assist our clients in responding to such requests as required by our agreements with them.

10. Accountability & Questions

Automating DNA is responsible for Client Data under our control and acts as a processor for Service Data. We have designated a Privacy Officer accountable for our compliance with this Privacy Policy and PIPA. If you have questions, concerns, or complaints about our handling of Client Data, or our role as a processor, please contact:

Privacy Officer Brandyn Funk or James Higgins
Automating DNA
Email: brandyn@automatingdna.com, and/or james@automatingdna.com

Concerns about the handling of Service Data by our clients should primarily be directed to the respective client. If unsatisfied with our response regarding our own compliance, you may contact the Office of the Information and Privacy Commissioner of Alberta.

11. Changes to This Privacy Policy

We may update this Privacy Policy. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.