Plain language summary: We collect your business contact information when you request access to Riley. We store and process all data on Canadian servers only. We never sell your data. We never use your data to train AI models. We comply with PIPEDA (federal) and are PHIPA-ready for healthcare environments.
1. Who We Are
NERDLE Communications Inc. ("NERDLE," "we," "our," or "us") operates the Riley business receptionist service and the nerdle.ai website.
Contact for privacy matters: hello@nerdle.ai
2. What Information We Collect
Information you provide directly
- Business name and contact person name
- Business email address
- Phone number and WhatsApp number (if provided)
- Your response to our intake question about what you would like Riley to handle
Information collected automatically when Riley is active
- Call transcripts and recordings (with caller awareness, as required by Canadian law)
- SMS and WhatsApp message content
- Appointment and booking information
- Usage logs including call times, durations, and response times
Information we do not collect
- Payment card information (processed by our payment provider -- we never see your card details)
- Government identification numbers
- Information about individuals under the age of 18
3. How We Use Your Information
- To set up and deliver your Riley service
- To send you communications about your account and service
- To improve the Riley service based on aggregate, anonymized usage patterns
- To comply with our legal obligations under Canadian law
We never use your data or your customers' data to train AI models. Your conversations belong to you.
4. Where Your Data Is Stored and Processed
All data is stored and processed on Canadian servers. Your data never crosses the Canadian border. This is not a marketing claim -- it is a technical architecture decision that is verifiable and auditable.
5. PIPEDA Compliance
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private sector privacy law. This means:
- We collect only the information we need
- We use it only for the purposes we have identified
- We keep it only as long as necessary
- We protect it with appropriate safeguards
- We give you access to it upon request
- We correct it if it is inaccurate
- You can withdraw consent at any time
6. PHIPA Readiness (Healthcare Environments)
Riley is built on infrastructure that meets the requirements of the Personal Health Information Protection Act (PHIPA) for regulated Ontario healthcare environments. Healthcare vertical eligibility is confirmed on a case-by-case basis. Contact hello@nerdle.ai before activating Riley for any clinical environment to discuss your specific compliance needs and configuration requirements.
Healthcare clients receive additional data handling protections including enhanced access controls and retention limits aligned with PHIPA requirements.
7. Data Retention
- Request data: Retained for 12 months or until you request deletion
- Call transcripts and recordings: Retained for 90 days by default, configurable by client
- Account data: Retained for the duration of your subscription plus 30 days
- Billing records: Retained for 7 years as required by Canadian tax law
8. Who We Share Data With
We do not sell your data. We share data only with the service providers required to operate Riley:
- Twilio Inc. -- telephony, SMS, and WhatsApp messaging (Canadian routing where available)
- Canadian cloud infrastructure provider -- AI processing and storage (Canadian servers only)
- Payment processor -- payment processing (PCI-DSS compliant, no card data touches our servers)
All service providers are bound by data processing agreements that restrict use of your data to service delivery only.
9. Your Customers' Data
When Riley handles calls, messages, and bookings on behalf of your business, it processes personal information belonging to your customers -- the callers and message senders. In this context, you are the data controller and NERDLE is the data processor acting on your instructions.
Your customers have the right to know their information is being handled by a third-party service on your behalf. We recommend you update your own privacy policy to reflect your use of Riley. Your customers may contact you directly to exercise their rights under PIPEDA. You may forward any such requests to hello@nerdle.ai and we will assist with fulfilment.
We do not use your customers' data for any purpose other than delivering the Riley service to your business. We do not sell it, share it beyond the service providers listed above, or use it to train AI models.
10. CASL and Commercial Electronic Messages
Canada's Anti-Spam Legislation (CASL) governs the sending of commercial electronic messages. NERDLE does not send commercial electronic messages to your customers on your behalf beyond the direct service interactions Riley handles. You are responsible for ensuring your use of Riley's SMS and WhatsApp features complies with CASL as it applies to your business and your customer relationships.
11. Data Breach Notification
In the event of a breach of security safeguards involving personal information that poses a real risk of significant harm, NERDLE will notify the Office of the Privacy Commissioner of Canada as required under PIPEDA, and will notify affected clients as soon as reasonably possible. We maintain records of all security breaches as required by law.
If you become aware of any unauthorized access to your account or any data security concern, contact hello@nerdle.ai immediately.
12. Your Rights
Under PIPEDA you have the right to:
- Know what personal information we hold about you
- Access your personal information
- Correct inaccurate information
- Withdraw consent and request deletion
- File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, email hello@nerdle.ai with the subject line "Privacy Request."
13. Cookies and Tracking
The nerdle.ai website uses no third-party tracking cookies. We use no advertising pixels, no Google Analytics, and no social media tracking scripts. The only data collected on the website is what you submit through the request form.
14. Security
We protect your information using industry-standard security measures including encryption in transit (TLS 1.3) and encryption at rest (AES-256). Access to client data is restricted to NERDLE team members who require it to deliver the service.
15. Changes to This Policy
We will notify active clients of material changes to this Privacy Policy by email at least 30 days before the changes take effect. The current version is always available at nerdle.ai/riley/privacy/.
16. Contact
Privacy questions or requests: hello@nerdle.ai
NERDLE Communications Inc.
Office of the Privacy Commissioner of Canada: priv.gc.ca