Xonark LogoXonaAuto AI

Privacy Policy

Last Updated: November 5, 2025

1. Introduction

Xonark Technologies Inc. ("XONA AI","XonaAuto AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered receptionist service (the "Service"). This policy applies to customers in Canada and the United States and complies with applicable privacy laws including PIPEDA (Personal Information Protection and Electronic Documents Act) in Canada and HIPAA (Health Insurance Portability and Accountability Act) in the United States.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

  • Account information (name, email address, phone number, business name)
  • Billing information (payment method details, billing address)
  • Business information (tire shop details, operating hours, service offerings)
  • Communication preferences and settings

2.2 Call Data and AI-Generated Content

When you use our AI receptionist service, we collect and process:

  • Call recordings and audio data from inbound and outbound calls
  • Call transcriptions generated by our AI system
  • Caller information (phone numbers, names if provided)
  • Call metadata (date, time, duration, call outcome)
  • Customer inquiries and appointment details
  • AI-generated responses and conversation logs

2.3 Technical and Usage Data

We automatically collect certain information when you access our Service:

  • Device information (IP address, browser type, operating system)
  • Usage data (features accessed, time spent, interaction patterns)
  • Log data (access times, pages viewed, errors encountered)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI receptionist service
  • Call Processing: To answer calls, schedule appointments, and handle customer inquiries
  • AI Training: To train and improve our AI models for better conversation quality
  • Analytics: To analyze usage patterns and generate insights for your business
  • Communication: To send service updates, notifications, and support messages
  • Billing: To process payments and manage subscriptions
  • Legal Compliance: To comply with applicable laws and regulations
  • Security: To detect, prevent, and address fraud and security issues

4. Legal Basis for Processing (Canada & U.S.)

We process your personal information based on:

  • Consent: You provide consent when creating an account and using our Service
  • Contract Performance: Processing is necessary to fulfill our service agreement
  • Legitimate Interests: To improve our Service and ensure security
  • Legal Obligations: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party vendors who assist in providing our Service (cloud hosting, payment processing, AI infrastructure)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law, court order, or government request
  • Protection of Rights: To protect our rights, property, or safety, or that of our users

We do not sell your personal information to third parties. All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6. Call Recording and Consent

Express Consent

We obtain express consent for:

  • Recording phone calls (callers are notified at the start of each call)
  • Sending marketing communications or promotional messages
  • Sharing information with third parties beyond service delivery
  • Using call data for service improvement and analytics

Implied Consent

Implied consent may apply for:

  • Basic call handling and message taking services
  • Appointment scheduling when requested by the caller
  • Providing information about your business services
  • Following up on customer inquiries

Withdrawing Consent

Individuals can withdraw consent at any time by:

  • Contacting our Privacy Officer at info@xonaauto.ai
  • Using the opt-out mechanisms in our communications
  • Requesting data deletion through your account dashboard
  • Calling our support line

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Call recordings and transcriptions are retained for 90 days unless you request earlier deletion or longer retention. Account information is retained until you close your account, after which we may retain certain information for legal and compliance purposes for up to 7 years.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Employee training on data protection
  • Secure data centers with physical security controls

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Privacy Rights

9.1 Rights Under PIPEDA (Canada)

If you are a Canadian resident, you have the right to:

  • Access your personal information we hold
  • Request correction of inaccurate information
  • Withdraw consent for certain processing activities
  • Challenge our compliance with PIPEDA
  • File a complaint with the Privacy Commissioner of Canada

9.2 HIPAA Compliance (United States)

For healthcare providers and covered entities in the United States, we maintain HIPAA compliance to protect Protected Health Information (PHI):

Business Associate Agreement (BAA)

We enter into Business Associate Agreements with healthcare providers to ensure shared responsibility for HIPAA compliance. Our BAA outlines how we handle, store, and protect PHI in accordance with HIPAA regulations.

Administrative Safeguards

  • Regular risk assessments and security audits
  • Designated Privacy and Security Officers
  • Comprehensive workforce training on HIPAA compliance
  • Incident response and breach notification procedures
  • Documented policies and procedures for PHI handling
  • Ongoing vendor compliance monitoring
  • Controlled access to facilities housing PHI systems
  • Secure server rooms with physical access controls
  • Workstation security and device management

Breach Notification

In the event of a breach involving PHI, we will notify affected individuals, the covered entity, and the Department of Health and Human Services (HHS) as required by the HIPAA Breach Notification Rule.

9.3 Exercising Your Rights

To exercise any of these rights, please contact us at info@xonaauto.ai. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our Service
  • Provide personalized content and features
  • Measure the effectiveness of our marketing campaigns

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Service.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including standard contractual clauses and data processing agreements.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Xonark Technologies Inc.

Email: info@xonark.com

Address: Vancouver, BC, Canada