Legal

Privacy Policy

Effective date: April 2026 · Driftbot AI · Ontario, Canada

Your privacy matters to us. This policy explains what data Driftbot AI collects, how we use it, and what rights you have. We've written it in plain language — no legalese. If you have questions, email us at support@driftbot.ai.

1. Who We Are

Driftbot AI is a company incorporated in Ontario, Canada. We operate the Driftbot platform — an AI-powered sales agent that businesses embed on their websites to engage visitors, qualify leads, and book meetings.

When this policy refers to "Driftbot," "we," "us," or "our," it means Driftbot AI. When it refers to "you," it means either a business customer using our platform or an end user visiting a website that has Driftbot installed.

2. What Data We Collect

We collect the minimum data needed to provide and improve our service.

From business customers (you, if you sign up for Driftbot):

  • Name and email address (used to create and manage your account)
  • Website URL (so we can scan your site and configure your AI agent)
  • Billing information (processed by Stripe — we never store your card details)
  • Account preferences and settings

From end users (visitors who chat with Driftbot on your website):

  • Name and email address (if voluntarily provided during a conversation)
  • Chat conversation content (the messages exchanged with the Driftbot agent)
  • Booking details (name, email, and time slot when a meeting is scheduled)

Automatically collected data:

  • Usage analytics: pages visited, features used, session duration
  • Device and browser information (type, operating system, screen size)
  • IP address and approximate geographic location (country/city level)
  • Cookies and similar tracking technologies (see Section 4)

3. Why We Collect It

We only collect data for specific, legitimate purposes:

  • To provide the Driftbot service — running your AI agent, routing conversations, booking meetings, and syncing with your connected tools
  • To process payments securely via Stripe
  • To improve our product — understanding how people use Driftbot helps us build better features and fix issues
  • To communicate with you — account updates, product announcements, and responses to support requests
  • To ensure security and prevent fraud or abuse of our platform
  • To comply with legal obligations under Canadian and applicable international law

We do not sell your data. We do not use your data for advertising. We do not share conversation data with third parties except as described in Section 5.

4. Cookies & Tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how our product is being used.

Types of cookies we use:

  • Essential cookies — required for the platform to function (authentication, session management). These cannot be disabled.
  • Analytics cookies — help us understand usage patterns (e.g., which features are used most). These are anonymized where possible.
  • Preference cookies — remember your settings and configuration choices.

The Driftbot chat widget embedded on third-party websites uses a session cookie to maintain conversation continuity. No cross-site tracking is performed on end users. You can control or delete cookies through your browser settings at any time.

5. Third-Party Services

We work with a small number of trusted third-party providers to deliver our service. Each has been selected for their privacy and security standards.

Stripe
Payment processing. Stripe handles all billing and card data. We never store your payment details. Stripe is PCI-DSS Level 1 certified.
Google Calendar
Meeting booking. When you connect your calendar, Driftbot can schedule meetings on your behalf. We only request the minimum permissions needed (create/read events).
HubSpot
CRM integration. If you connect HubSpot, qualified lead data is pushed to your HubSpot account. You control what data is synced.
Analytics provider
Product analytics. We use aggregated, anonymized analytics to understand how Driftbot is being used and where to invest in improvements. Individual users are not identified.

We require all third-party providers to handle data only as instructed and to maintain appropriate security standards.

6. Data Retention

We retain data only for as long as necessary to provide the service and meet legal requirements.

  • Account data is retained for the life of your account and deleted within 30 days of account closure.
  • Chat conversation data is retained for 12 months by default. Business customers can configure shorter retention periods in their dashboard.
  • Billing records are retained for 7 years as required by Canadian tax law.
  • Analytics data is retained in aggregated, anonymized form for up to 24 months.

When data is deleted, it is removed from our active systems within 30 days and from backups within 90 days.

7. Your Rights

Depending on where you are located, you have rights over your personal data. We honor these rights regardless of your jurisdiction.

  • Access — request a copy of the personal data we hold about you
  • Correction — ask us to fix inaccurate or incomplete data
  • Deletion — request that we delete your personal data (subject to legal retention requirements)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to how we process your data for specific purposes
  • Withdrawal of consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, email support@driftbot.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

8. PIPEDA & GDPR Compliance

Driftbot AI is headquartered in Canada and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law.

Under PIPEDA, we commit to:

  • Collecting only the information necessary for identified purposes
  • Obtaining meaningful consent before collecting personal information
  • Protecting data with appropriate security safeguards
  • Being transparent about our data practices
  • Giving individuals access to their information upon request

For users in the European Economic Area (GDPR):

  • Our legal bases for processing are: contract performance (providing the service), legitimate interests (product improvement and security), and consent (marketing communications).
  • International data transfers to Canada are covered by Canada's adequacy status under GDPR.
  • You have the right to lodge a complaint with your local data protection authority.

9. Data Security

We take the security of your data seriously. Our measures include:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls — only authorized personnel can access customer data, on a need-to-know basis
  • Regular security reviews and vulnerability assessments
  • Incident response procedures — if a breach occurs, affected users will be notified within 72 hours

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to support@driftbot.ai.

10. Children's Privacy

Driftbot is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we'll notify you by email (if you're a registered customer) and update the effective date at the top of this page. Continued use of Driftbot after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please reach out:

Driftbot AI
Ontario, Canada
support@driftbot.ai