- We are Eclatira — a Canadian AI voice, vision, and action platform that businesses use to handle customer calls.
- If you are an end caller (you spoke with an Eclatira-powered agent), the business that called or whose number you called is the controller of that conversation. They decide why and how it's used. Direct privacy requests to them first.
- We do not sell your data, do not share it for marketing, and do not use your conversations to train or fine-tune any AI model — ours or any partner's.
- Customer data runs on Canadian infrastructure. Workspaces are logically isolated. Encryption is AES-256 at rest, TLS 1.2+ in transit.
- Retention is configurable. Conversations, agents, and workspaces are deletable and exportable on demand.
- You can reach us at contact@eclatira.com for any privacy question, access request, or deletion request.
01 Who we are
Eclatira Inc. (“Eclatira”, “we”, “us”, or “our”) provides the voice, vision, and action AI agent platform marketed at eclatira.com (the “Service”). This Privacy Policy explains how we handle personal information when you visit our website, evaluate or use the Service as a customer, or interact with an Eclatira-powered agent as an end caller.
This Policy is written in plain language to be easy to read. Where law requires specific disclosures (for example under PIPEDA in Canada, or applicable provincial privacy laws), those obligations control if there is any ambiguity.
02 Scope of this Policy
This Policy covers personal information we handle in three contexts:
- Website visitors — people who browse eclatira.com, read our pages, or contact us through a form or email.
- Customers and prospective customers — the businesses (and their employees) who evaluate, sign up for, or use the Service.
- End callers — people who speak with, video-share with, or otherwise interact with an AI agent that a customer has deployed using Eclatira.
03 Our role: controller vs. processor
For information about our customers and our website visitors, Eclatira is the controller. We decide what is collected and why.
For information that flows through the Service when a customer's agent handles a call — including audio, video, transcripts, screen content shared by the caller, and any data the agent reads or writes through customer integrations — Eclatira is a processor acting on the customer's instructions. The customer is the controller for that data and is responsible for the lawful basis on which the call took place, for any required notices, and for obtaining any caller consent that local law requires.
Customers using the Service in regulated contexts (healthcare, legal, financial services, public sector, pharmacy) are responsible for ensuring that their use of the Service complies with the rules that apply to their industry. We provide controls to support that — we do not make that determination on the customer's behalf.
04 Information we collect
From website visitors
- Form submissions and emails: name, email, company, role, and the content of what you wrote.
- Technical data: IP address, device and browser type, referring page, and pages you viewed. Used for security, abuse prevention, and basic analytics.
- Cookies and similar technologies: where used, only as strictly necessary to operate the site, with optional analytics or marketing cookies disclosed and consent collected where required.
From customers
- Account data: name, email, login credentials, role, billing contact, organization details.
- Billing data: payment method tokens (handled by our payment processor — we do not store full card numbers), invoices, tax identifiers.
- Configuration data: agents, prompts, knowledge bases, integration credentials, telephony settings, voice selection, retention settings.
- Usage data: minutes consumed, call counts, concurrent calls, error logs, performance metrics.
- Support communications: messages you send to support and the context needed to help you.
From end callers (processed on behalf of the customer)
- Audio: the caller's voice during the call.
- Video / screen content: where the customer enables vision — webcam frames, screen-share content, and documents the caller chooses to show.
- Transcripts and derived data: text transcripts, intent labels, and metadata produced from the call.
- Identifiers: phone number, caller ID where the carrier provides it, browser/session identifiers for web sessions.
- Content the caller provides: anything the caller speaks, types, shows on camera, or shares on screen.
- Outcome data: actions the agent took on the customer's integrations on behalf of the caller (for example, a booking confirmation).
We do not knowingly collect government identifiers, payment-card numbers, or sensitive health information from end callers unless the customer's agent is configured to ask for it as part of the customer's own workflow. In those cases the customer is responsible for the necessary lawful basis and disclosures.
05 How we use information
We use personal information only for these purposes:
- Provide and operate the Service: route calls, run the agent, store transcripts and recordings according to the customer's configuration, surface the dashboard, and execute integrations.
- Bill customers: meter usage, generate invoices, prevent abuse and fraud.
- Support and troubleshoot: respond to support requests, debug incidents, fix defects.
- Secure the Service: detect and respond to security events, run audits, investigate misuse.
- Improve the platform: aggregate, de-identified service metrics (latency, uptime, error rates) used to operate and improve the platform. This does not include training AI models on customer or end-caller content — see Section 06.
- Communicate with customers: account messages, security notices, service updates, and (only with consent or where permitted) product news.
- Meet legal obligations: respond to lawful requests, defend rights, and comply with applicable law.
06 No training on your data
We do not use your conversations, transcripts, recordings, screen content, or any other content you or your callers provide to train, fine-tune, or improve any AI model. Not by us. Not by any partner.
Our model providers operate under contractual no-retention and no-training commitments. We do not benchmark or demo customer data to other customers. We do not sell data, and we do not share data with third parties for marketing.
08 Subprocessors
We use a small set of trusted vendors to operate the Service. The current categories are:
| Category | Purpose | Examples |
|---|---|---|
| Telephony | Carrier connectivity for inbound and outbound calls. | Twilio, Telnyx |
| Cloud infrastructure | Compute, storage, networking, and key management for the Service. Region pinned to Canada. | Tier-1 hyperscale cloud provider |
| AI model providers | Speech, language, and vision models used inside the agent. | Enterprise model providers under contractual no-retention, no-training commitments |
| Operational tooling | Email delivery, error monitoring, billing, support. | Standard B2B SaaS vendors |
An up-to-date list of named subprocessors is available to customers on request. Customers can subscribe to advance notice of material changes to subprocessors.
09 Where your data lives
Customer data — including recordings, transcripts, configurations, and operational logs that contain personal information — is stored and processed on Canadian infrastructure. Where the Service requires limited cross-region processing for a specific purpose (for example, fraud detection metadata or aggregated service metrics), we use safeguards consistent with applicable law and minimize what is sent.
Enterprise customers can pin their workload to a specific region and request additional residency commitments in their order form.
10 Retention and deletion
Retention is configurable by the customer. By default we keep:
- Recordings, transcripts, and analytics for the period the customer configures (or, if they have not configured anything, for a reasonable default the customer can change at any time).
- Account, billing, and audit data for as long as the customer has an account and for the period required for legal, tax, and accounting purposes after termination.
- Operational logs for the minimum period needed to investigate incidents and meet our security obligations.
Any agent, conversation, or workspace is deletable — and exportable — on demand. Enterprise customers can request written deletion confirmation. End callers should direct deletion requests to the customer that deployed the agent; we will support that customer in fulfilling the request.
11 How we protect your data
Our core controls are described on our Security page and include:
- AES-256 encryption at rest and TLS 1.2+ in transit, with hardware-backed key management.
- Workspace isolation: every workspace is a logically isolated container, gated by a workspace check on every read and write.
- Least-privilege access, audit logging, and operational reviews.
- Documented incident response, with notice to affected customers as required by law and contract.
No system is perfectly secure. We continuously work to reduce risk and we expect customers to apply their own controls (strong account credentials, careful configuration of integrations, appropriate retention settings).
We do not currently hold independent security certifications and we will not claim ones we have not earned. SOC 2 is in progress. The controls listed here and on the Security page are the current commitments.
12 Your privacy rights
Depending on where you live and your relationship with us, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your information, subject to limited exceptions.
- Withdraw consent, where we relied on consent.
- Object to or restrict certain processing.
- Request a copy of your information in a portable format.
- File a complaint with a data protection authority. In Canada, that is the Office of the Privacy Commissioner of Canada (or the applicable provincial commissioner).
To exercise these rights, email us at contact@eclatira.com. If you are an end caller, please contact the business whose agent you spoke with first — they are the controller of that call. We will help them respond.
13 Calls, recordings, and consent
Recording behaviour is configurable per agent and per channel. Where local law requires it, our agents can deliver an opening-line consent announcement before recording begins. The customer is responsible for choosing the appropriate consent setting for the jurisdictions in which their agent operates. Eclatira does not determine which consent regime applies to a customer's call — the customer does, with their own legal advice.
If you spoke with an Eclatira-powered agent and you want to know what was recorded, who has it, or you want it deleted, contact the business that called you (or whose number you called). They can fulfil that request through the dashboard, and we will support them.
14 Children
The Service is not directed to children. We do not knowingly collect personal information from children, and customers should not configure agents to interact with children without an appropriate lawful basis and parental consent where required. If you believe a child's information has been collected, contact us and we will work with the relevant customer to delete it.
15 Changes to this Policy
We may update this Policy from time to time. The version in effect is the one posted at this URL with the most recent “Last updated” date. If a change is material, we will notify customers (for example, by email or in the dashboard) before it takes effect.
16 How to reach us
For privacy questions, requests, or complaints:
- Email: contact@eclatira.com
If you do not receive a response within a reasonable period, or you are not satisfied with our response, you may contact your local data protection authority. In Canada, that is the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the applicable provincial commissioner.