Documentation

Compliance & Privacy

Protect your customers' data and stay compliant with privacy laws.

Why Privacy Matters

Your AI agent handles customer conversations that may include personal information like names, phone numbers, email addresses, and appointment details. Protecting this information is not just good practice - it's the law in many regions. This guide covers the privacy regulations that may apply to your business and how AscenAI helps you comply.

PIPEDA (Canadian Privacy Law)

PIPEDA stands for the Personal Information Protection and Electronic Documents Act. It's Canada's federal privacy law for private-sector organizations. It applies to businesses of all sizes, including small businesses like dental clinics, restaurants, and salons.

1. Consent

You must get customer consent before collecting their personal information.

How AscenAI helps: Your agent can be configured to inform customers that their conversation is being processed by an AI. You can add a consent message at the start of conversations.

2. Purpose

You must identify the purpose for collecting personal information.

How AscenAI helps: You control what information your agent collects and can configure it to only collect information necessary for the service.

3. Safeguards

You must protect personal information with appropriate security measures.

How AscenAI helps: All data is encrypted in transit and at rest. Access controls ensure only authorized team members can view conversations.

4. Access

Customers have the right to access and correct their personal information.

How AscenAI helps: You can export customer data from your dashboard and delete customer data upon request.

5. Retention

Personal information should only be kept as long as necessary.

How AscenAI helps: You can set automatic data retention periods. Old conversations can be automatically deleted.

PIPEDA Compliance Checklist

  • Inform customers that their conversation is handled by AI
  • Only collect information necessary for the service
  • Set appropriate data retention periods
  • Have a process for handling customer data access requests
  • Have a process for handling customer data deletion requests
  • Train your team on privacy responsibilities
  • Keep records of consent

GDPR (European Privacy Law)

GDPR stands for the General Data Protection Regulation. It applies to any business that handles data of EU residents, regardless of where your business is located.

Key Requirements:

  • Lawful Basis - You must have a lawful reason to process personal data (consent, contract, legitimate interest)
  • Data Minimization - Only collect data that is necessary for your stated purpose
  • Right to Be Forgotten - Customers can request deletion of all their personal data within 30 days
  • Data Portability - Customers can request a copy of their data in a usable format
  • Breach Notification - Notify affected individuals within 72 hours if data is compromised

How AscenAI Helps:

  • Data export in standard formats
  • Individual or bulk data deletion
  • Automatic data retention settings
  • Consent message configuration
  • Access controls to limit who can view data

Data Retention Settings

Control how long customer conversations and data are stored.

Setting Your Retention Period

  1. Go to Settings > Privacy > Data Retention
  2. Choose: 30 days, 90 days, 6 months, 1 year, or Indefinite
  3. Click "Save"

What Gets Deleted

  • Chat conversation transcripts
  • Voice call recordings
  • Customer contact information from conversations

NOT deleted: Analytics data (aggregated), agent configurations, playbooks, knowledge base documents, team accounts.

Business TypeRecommendedReason
Dental clinic1 yearPatient records may be needed for follow-up
Restaurant30 daysOrders and inquiries are short-term
Hair salon90 daysAppointment history useful for scheduling
Law firm1 year+Client matters may require record keeping
Retail store90 daysOrder history for returns and support

Exporting Your Data

What You Can Export

  • Chat History - All conversation transcripts, timestamps, satisfaction ratings
  • Voice Call History - Recordings, duration, transcripts
  • Customer Data - Names, emails, phone numbers, booking history
  • Analytics - Volume trends, common topics, satisfaction trends

How to Export

  1. Go to Settings > Privacy > Export Data
  2. Choose what data to export and the date range
  3. Choose format: CSV (for spreadsheets) or JSON (for technical use)
  4. Click "Export" - you'll receive an email when ready

Deleting Customer Data

Deleting Individual Customer Data

  1. Go to Chat History and search for the customer
  2. Click on a conversation with that customer
  3. Click the three dots > "Delete Customer Data"

Deleting All Data

  1. Go to Settings > Privacy > Delete All Data
  2. Type "DELETE ALL DATA" to confirm
  3. Click "Delete"

Warning: This cannot be undone. All conversation transcripts, voice recordings, and customer contact information will be permanently deleted.

Data Breach Response

Immediate Steps:

  1. Don't panic - AscenAI has security measures in place
  2. Contact support: email security@ascenai.com immediately
  3. Document what happened - write down what you noticed and when
  4. Don't delete evidence - keep any logs or screenshots

Your Obligations

  • PIPEDA - Report breaches to the Privacy Commissioner if there's a real risk of significant harm
  • GDPR - Report breaches to your supervisory authority within 72 hours
  • Both - Notify affected individuals if there's a risk to their rights and freedoms

Privacy Best Practices

1

Collect Only What You Need

Don't ask customers for information you don't need.

2

Be Transparent

Tell customers when they're talking to an AI and what information you're collecting.

3

Set Appropriate Retention

Don't keep customer data longer than necessary.

4

Train Your Team

Make sure everyone who has access to customer data understands their responsibilities.

5

Have a Process

Have a clear process for handling customer data requests (access, deletion, correction).

6

Review Regularly

Review your privacy settings and practices at least annually.

AscenAI's Privacy Commitments

  • Encryption - All data is encrypted in transit and at rest
  • Access controls - Only authorized personnel can access infrastructure
  • No training on your data - Customer conversations are NOT used to train AI models
  • Regular audits - Systems are regularly audited for security and compliance
  • Data Processing Agreement - Available for customers who need one

Questions About Compliance?

Contact our support team at support@ascenai.com or consult with a privacy professional in your jurisdiction.