Privacy Policy — Kuberan.AI

1. Introduction

A1 AI Agents Inc., operating as Kuberan.AI ("Kuberan.AI," "we," "us," or "our"), is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use the Kuberan.AI platform and all associated applications and services (collectively, the "Service").

This Privacy Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy legislation. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

Full name, email address, and phone number.
Business name, business address, and business registration details.
Password (stored in hashed form; we never store plaintext passwords).
Billing information (processed and stored by Stripe; we do not store full credit card numbers).
Professional designations or role information you choose to provide.

2.2 Financial Data

In the course of providing accounting services, we process:

Bank account details and transaction data (retrieved via Plaid or manual statement uploads).
Invoices, bills, estimates, sales receipts, and credit memos.
Chart of accounts, journal entries, and general ledger data.
Vendor and customer information, including names, addresses, and payment terms.
Payroll data, including employee names, Social Insurance Numbers (SINs), addresses, tax form details, banking information for direct deposit, and compensation records.
HST/GST registration numbers and tax remittance details.

2.3 Documents

You may upload documents to the Service, including:

Bank statements, credit card statements, and loan statements.
Invoices, receipts, and bills from vendors.
Tax forms and government correspondence.
Any other financial or business documents you choose to upload.

2.4 Usage Data

We automatically collect certain information about how you interact with the Service:

IP address, browser type, operating system, and device information.
Pages visited, features used, and actions taken within the Service.
Date and time of access, session duration, and referral URLs.
Error logs and performance data to help us diagnose and fix issues.

2.5 Mileage and Location Data

If you use the mileage tracking feature:

GPS coordinates and route data for trip recording (collected only with your explicit permission).
Vehicle information, trip classifications (business or personal), and distance calculations.

2.6 Communication Data

If you use our communication features:

SMS messages sent and received through the platform.
Phone call metadata (call duration, timestamps, caller/recipient numbers; calls are not recorded unless you explicitly enable recording).
Email content sent through the platform's email integration.
In-app messages and notifications.

3. How We Use Information

We use the information we collect for the following purposes:

Providing the Service: Processing your financial data, generating reports, running payroll, tracking mileage, managing contacts, and enabling all features of the platform.
AI-Powered Processing: Using artificial intelligence to extract data from uploaded documents, categorize transactions, detect anomalies, and provide smart recommendations.
Communication: Facilitating SMS, phone, and email communications between you and your clients through the platform's communication tools.
Account Management: Managing your subscription, processing payments, and providing customer support.
Security: Detecting, preventing, and responding to fraud, abuse, security incidents, and technical issues.
Improvement: Analyzing usage patterns to improve the Service, develop new features, and enhance user experience.
Legal Compliance: Complying with applicable laws, regulations, legal processes, or government requests.
Notifications: Sending you service-related notices, updates, security alerts, and administrative messages.

4. AI and Document Processing

A central feature of Kuberan.AI is our AI-powered document processing capability. Here is how it works and how your data is handled:

4.1 How AI Processing Works

When you upload documents (bank statements, invoices, receipts, etc.), they are processed using AI services including Anthropic's Claude and Groq to extract structured data such as dates, amounts, vendor names, categories, and line items.

4.2 Data Use in AI Processing

Your documents and financial data are sent to AI providers solely for the purpose of data extraction and categorization specific to your request.
Your data is not used to train AI models. We use API-based AI services that process your data on-demand and do not retain it for model training purposes.
Extracted data is stored in your account within our database. The AI providers do not retain your data after processing is complete, in accordance with their data processing terms.

4.3 Accuracy and Responsibility

AI-extracted data is provided on a best-effort basis. Extraction accuracy depends on document quality, format, and complexity. You are responsible for reviewing and verifying all AI-processed data before using it for financial reporting, tax filing, or any other purpose. See our Terms of Service for the full AI features disclaimer.

5. Third-Party Services

We integrate with and share data with the following third-party services to provide the functionality of the platform. Each service has its own privacy policy governing their use of your data:

5.1 Plaid

Used for securely connecting your bank accounts and retrieving transaction data. When you link a bank account, your banking credentials are handled directly by Plaid and are never stored on our servers. Plaid's use of your data is governed by the Plaid End User Privacy Policy.

5.2 Stripe

Used for processing subscription payments and enabling online invoice payments for your clients. Payment card details are collected and stored by Stripe in accordance with PCI DSS standards. We do not store your full card number. Stripe's practices are governed by the Stripe Privacy Policy.

5.3 SendGrid

Used for delivering transactional emails (password resets, invoice notifications, reminders) and marketing communications. Email addresses and message content are shared with SendGrid for delivery purposes.

5.4 Twilio

Used for SMS messaging and phone services, including business phone numbers, voicemail, and call routing. Phone numbers, SMS content, and call metadata are processed through Twilio's infrastructure.

5.5 Amazon Web Services (AWS)

Used for document storage (S3) and computing infrastructure. Uploaded documents are stored in AWS S3 buckets with server-side encryption enabled. AWS's data handling is governed by the AWS Privacy Policy.

5.6 MongoDB Atlas

Used as our managed database service for storing application data, including financial records, user profiles, and configuration data. MongoDB Atlas provides encryption at rest and in transit.

5.7 AI Providers (Anthropic, Groq)

Used for document processing and data extraction. Document content is transmitted to these providers via API for processing. These providers do not retain your data for model training when accessed through their API services.

6. Data Storage and Security

6.1 Where Your Data Is Stored

We prioritize storing your data within Canada where possible. Our primary infrastructure providers offer Canadian data center regions. However, some third-party services (such as AI processing providers) may process data in the United States or other jurisdictions. Where data is transferred outside of Canada, we ensure appropriate safeguards are in place as required by PIPEDA.

6.2 Security Measures

We implement comprehensive security measures to protect your information:

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest: Stored data is encrypted at rest in both our database (MongoDB Atlas) and document storage (AWS S3).
Access Controls: Role-based access controls ensure that only authorized personnel can access your data. Workspace isolation ensures that data belonging to one workspace cannot be accessed by another.
Password Security: User passwords are hashed using industry-standard algorithms and are never stored in plaintext.
Regular Assessments: We conduct regular security assessments and keep our dependencies and infrastructure up to date.
Audit Logging: We maintain audit logs of significant actions within the platform for security monitoring and compliance purposes.

6.3 Breach Notification

In the event of a data breach that poses a real risk of significant harm to affected individuals, we will notify the affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA's breach notification provisions, as soon as feasible.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

Active Accounts: Your data is retained for as long as your account is active and you maintain a subscription.
After Cancellation: Following account cancellation, we retain your data for 30 days to allow you to request a data export or reactivate your account. After this period, your data is scheduled for permanent deletion.
Billing Records: Transaction and billing records may be retained for up to 7 years as required by Canadian tax and financial regulations.
Anonymized Data: We may retain anonymized, aggregated data that cannot be used to identify you for analytics and service improvement purposes indefinitely.
Legal Obligations: We may retain data longer if required by law, regulation, or legal proceedings.

8. Your Rights

Under PIPEDA and applicable privacy legislation, you have the following rights regarding your personal information:

8.1 Right of Access

You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days.

8.2 Right of Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update most of your information directly through the Service's account settings.

8.3 Right of Deletion

You have the right to request the deletion of your personal information. Upon receiving a verified deletion request, we will delete your data within 30 days, subject to any legal retention obligations.

8.4 Right to Data Export

You have the right to request a copy of your data in a structured, commonly used, and machine-readable format. The Service provides built-in data export functionality for financial records, reports, and documents.

8.5 Right to Withdraw Consent

You may withdraw your consent for specific data processing activities at any time, subject to legal or contractual restrictions. Withdrawing consent may limit your ability to use certain features of the Service. To withdraw consent, contact us at info@kuberan.ai.

8.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@kuberan.ai. We may need to verify your identity before processing your request. We will not charge a fee for processing reasonable requests.

9. Cookies and Tracking

9.1 Cookies We Use

The Service uses cookies and similar technologies for the following purposes:

Essential Cookies: Required for the Service to function, including authentication tokens and session management. These cannot be disabled.
Preference Cookies: Store your preferences such as language settings, theme selection, and display options.
Analytics Cookies: Help us understand how users interact with the Service, which features are most used, and where users encounter issues. This data is used in aggregate to improve the Service.

9.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly. We do not use cookies for third-party advertising or cross-site tracking.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at info@kuberan.ai.

11. International Data Transfers

While we are a Canadian company and prioritize Canadian data residency, some of our third-party service providers may process data in jurisdictions outside of Canada, primarily the United States. When your data is transferred outside of Canada, we take the following steps to protect it:

We ensure that our service providers maintain security and privacy practices that are consistent with or exceed the requirements of PIPEDA.
We enter into data processing agreements with third-party providers that include appropriate safeguards for the protection of your personal information.
We limit the data shared with third-party providers to what is necessary for the specific service being provided.

Please be aware that personal information transferred to other jurisdictions may be subject to the laws of those jurisdictions, including lawful access requests by courts, law enforcement, and government authorities.

12. Data Sharing and Disclosure

We do not sell your personal information to third parties. We share your information only in the following circumstances:

Service Providers: With third-party service providers who process data on our behalf to provide the Service (as described in Section 5).
With Your Consent: When you explicitly direct us to share information, such as when you share documents through the client portal.
Legal Requirements: When required by law, regulation, legal process, or governmental request.
Protection of Rights: When necessary to protect the rights, property, or safety of A1 AI Agents Inc., our users, or the public.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

13. PIPEDA Compliance

We are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and adhere to the following principles:

Accountability: We have designated a privacy officer responsible for our compliance with privacy legislation.
Identifying Purposes: We identify the purposes for collecting personal information at or before the time of collection.
Consent: We obtain meaningful consent for the collection, use, and disclosure of personal information.
Limiting Collection: We limit collection of personal information to what is necessary for the identified purposes.
Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes for which it was collected and retain it only as long as necessary.
Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is used.
Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.
Openness: We make information about our privacy policies and practices readily available.
Individual Access: Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to that information.
Challenging Compliance: Individuals may challenge our compliance with these principles by contacting our privacy officer.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Effective Date" at the top of this page.
Notify you via email or through a prominent notice within the Service at least 15 days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

15. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

A1 AI Agents Inc. (operating as Kuberan.AI)
Privacy Officer
Email: info@kuberan.ai
Website: kuberan.ai

If you are not satisfied with our response to your privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada.