← Back to ComplyCan.ai

Privacy Policy

Effective date: May 21, 2026

Applies to: ComplyCan.ai waitlist, early access, and informational website

ComplyCan.ai is building Canadian-hosted AI infrastructure for organizations that need stronger data residency, privacy, policy, and audit controls when adopting artificial intelligence.

This Privacy Policy explains how ComplyCan AI Inc. ("ComplyCan," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information through our splash site, waitlist, early access forms, and related communications.

This policy is intended for our early-stage website and waitlist. It does not yet describe the full privacy terms for a production enterprise AI gateway. Product-specific privacy terms, data processing terms, and customer agreements will be published or provided separately as the product develops.

1. Our Privacy Commitments

We are designing ComplyCan around Canadian trust, privacy, and responsible AI adoption. For this early access site, our commitments are:

2. Personal Information We Collect

We may collect the following information when you visit our site, join the waitlist, request early access, contact us, or otherwise communicate with us:

We do not intentionally collect sensitive personal information through the splash site. Please do not submit confidential, regulated, health, financial, government-issued, or client/customer information through the waitlist form.

3. Why We Collect And Use Personal Information

We collect and use personal information for the following purposes:

We will not use personal information for new purposes that are incompatible with the purposes above without providing appropriate notice or obtaining consent where required.

4. Consent And Your Choices

By joining the waitlist or requesting early access, you consent to ComplyCan using your information to contact you about early access, product development, launch updates, and related opportunities.

You may withdraw consent to receive commercial electronic messages at any time by using the unsubscribe mechanism in our emails or by contacting us at the address below.

Withdrawing consent may limit our ability to provide certain communications or early access opportunities, but it will not affect uses that are permitted or required by law.

5. Commercial Electronic Messages

ComplyCan complies with Canada's Anti-Spam Legislation (CASL) for commercial electronic messages. Where CASL applies, we will:

We keep records of consent, including the email address, timestamp, source, and consent language/version where reasonably available.

6. AI-Related Data

For this splash site and waitlist:

As ComplyCan develops its product, any AI gateway, model-routing, audit, redaction, or compliance features will be covered by additional product privacy terms, customer agreements, and, where applicable, data processing terms.

7. Disclosure To Service Providers

We may share personal information with service providers that help us operate the website, host infrastructure, manage email, secure systems, analyze basic site performance, or support business operations.

We require service providers to use personal information only for the services they provide to us and to protect it using reasonable safeguards. We do not authorize service providers to sell personal information.

If we use service providers outside Canada, or if support, backups, email routing, or other processing may occur outside Canada, personal information may be subject to the laws of those jurisdictions. We aim to minimize these transfers and will update this policy as our service provider list matures.

8. Canadian Hosting And Data Residency

ComplyCan's mission is to build Canadian trust infrastructure for AI adoption. For our waitlist and early access intake, we aim to process and store records on Canadian-hosted infrastructure wherever reasonably possible.

Data residency is an operational commitment that depends on hosting, email, backups, support access, analytics, and service provider configuration. We will avoid overstating residency claims and will update this policy as our technical architecture evolves.

9. Retention

We keep personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

For waitlist records, our default retention period is until product launch plus 12 months, unless you ask us to delete your information earlier or we need to retain limited records for legal, security, or compliance reasons.

Consent records, unsubscribe records, and privacy request records may be retained as needed to demonstrate compliance.

10. Safeguards

We use reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle. These may include access controls, encryption in transit, restricted administrative access, logging, rate limiting, and other security measures.

No website or system can be guaranteed to be completely secure. If we become aware of a breach of security safeguards involving personal information under our control, we will assess it and take steps required by applicable law.

11. Privacy Breaches

Under PIPEDA, organizations must report to the Office of the Privacy Commissioner of Canada and notify affected individuals of breaches of security safeguards involving personal information where it is reasonable to believe the breach creates a real risk of significant harm. Organizations must also keep records of breaches.

ComplyCan will maintain an incident response process appropriate to the stage and sensitivity of its operations.

12. Access, Correction, Deletion, And Withdrawal

You may contact us to:

We may need to verify your identity before responding. Some information may be retained where required or permitted by law, including for security, legal, compliance, or record-keeping purposes.

13. Quebec Residents

For individuals in Quebec, ComplyCan will take into account obligations under Quebec's private-sector privacy law, as amended by Law 25, where applicable.

This includes transparency about the purposes of collection, how personal information is used, categories of persons who may access it, the possibility that information may be communicated outside Quebec, retention, privacy rights, and the contact information of the person responsible for the protection of personal information.

If ComplyCan collects personal information from Quebec residents or conducts business in Quebec, we will also provide a French version of this Privacy Policy and make reasonable efforts to provide services and privacy communications in French where required.

14. Children

The ComplyCan website, waitlist, and early access program are intended for business and professional audiences. They are not intended for children or minors.

15. Changes To This Policy

We may update this Privacy Policy as our website, product, infrastructure, legal obligations, or business practices evolve. The updated version will be posted on our website with a new effective date.

16. Contact Us

For privacy questions, requests, or concerns, contact:

Data Protection Officer
ComplyCan AI Inc.
Toronto, Ontario, Canada
Email: dpo@complycan.ai

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or, where applicable, a provincial privacy regulator such as Quebec's Commission d'accès à l'information.

If you have any questions, please contact our Data Protection Officer at: dpo@complycan.ai