Last Updated: 2025-08-27
1. INTRODUCTION
Dimedove Technologies Inc., operating as “Dimedove” (“we,” “us,” “our,” or “Company”), is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information in connection with our AI agent building platform and related services (collectively, the “Services”). Our Business: Dimedove powers businesses with intelligent agents that engage, qualify, and delight visitors, driving more conversions and better customer experience. Our platform enables businesses to build and configure AI agents for various use cases through our website at https://dimedove.com and platform at https://dashboard.dimedove.com (the “Platform”). Legal Basis: This Privacy Policy is designed to comply with applicable Canadian privacy laws, including Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Bill 25), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant provincial and federal privacy regulations. Scope: This Policy applies to personal information collected through our Services, including information collected from business customers who use our platform and end users who interact with AI agents created through our platform.2. DEFINITIONS
For purposes of this Privacy Policy:- “Personal Information” means information about an identifiable individual, as defined under applicable Canadian privacy laws
- “Business Customer” means organizations that use our platform to create and deploy AI agents
- “End User” means individuals who interact with AI agents created by our Business Customers
- “Services” means our AI agent building platform, website, and all related services and features
- “De-identified Information” means personal information that no longer allows an individual to be directly identified
- “Anonymized Information” means information that irreversibly no longer allows an individual to be identified, directly or indirectly, in accordance with recognized best practices under Quebec law
3. INFORMATION WE COLLECT
3.1 Information Collected from Business Customers
Account and Profile Information:- Name, email address, phone number, job title
- Company name, business address, industry
- Billing information and payment details
- Account credentials and authentication data
- AI agent configurations and customizations
- Platform usage patterns and feature utilization
- Performance metrics and analytics data
- Support interactions and communications
- IP addresses, device identifiers, browser information
- Log files, cookies, and similar tracking technologies
- System performance and diagnostic data
3.2 Information Collected from End Users
Interaction Data:- Conversations and interactions with AI agents
- Session data and engagement metrics
- User preferences and behavioral patterns
- Device and technical information
- Information voluntarily provided during AI agent interactions
- Contact details when provided for follow-up
- Any personal information shared during conversations
3.3 Information Collected Automatically
Website and Platform Analytics:- Page views, navigation patterns, time spent
- Referring websites and search terms
- Geographic location (general region)
- Device fingerprinting for optimal user experience
- Authentication logs and security events
- Suspicious activity monitoring
- Access patterns and anomaly detection
4. HOW WE USE YOUR INFORMATION
4.1 Service Delivery and Operations
- Providing, operating, and maintaining our Services
- Processing transactions and managing accounts
- Delivering customer support and technical assistance
- Personalizing user experience and platform functionality
4.2 Business Operations and Analytics
- Analyzing platform usage and performance
- Developing new features and improving Services
- Conducting research and data analysis
- Managing business relationships and communications
4.3 Legal and Compliance
- Complying with applicable laws and regulations
- Enforcing our Terms of Service and other agreements
- Protecting our rights, property, and safety
- Responding to legal requests and regulatory inquiries
4.4 Marketing and Communications
- Sending service-related notifications and updates
- Providing marketing communications (with appropriate consent where required)
- Conducting surveys and market research
- Promoting new features and services
4.5 Legitimate Business Interests
- Protecting our legal rights and interests
- Preventing fraud, abuse, and unauthorized access
- Ensuring network and information security
- Internal administrative purposes and business operations
5. INFORMATION SHARING AND DISCLOSURE
5.1 Categories of Recipients
Dimedove Group Companies:- Any current or future subsidiaries, affiliates, or related entities of Dimedove Technologies Inc.
- Cloud hosting and infrastructure providers (Amazon Web Services)
- Payment processing services (Stripe)
- AI model and technology providers (OpenAI, Google, Anthropic, Groq, Meta)
- Authentication and identity management services (Kinde)
- Analytics and performance monitoring providers
- Customer support and communication tools
- Security and fraud prevention services
- Other consultants and vendors engaged to support our business operations
- Lawyers, accountants, auditors, insurers, and other professional service providers in the course of services they render to us
- Government agencies, courts, law enforcement, and regulatory bodies when required by law or legal process
- Parties involved in legal proceedings where disclosure is necessary to protect our rights or comply with legal obligations
- Parties to actual or potential business transactions, including mergers, acquisitions, asset sales, or bankruptcy proceedings (and their professional advisors)
5.2 Purposes for Disclosure
- Providing and improving our Services
- Processing payments and managing accounts
- Ensuring platform security and preventing fraud
- Complying with legal obligations and regulatory requirements
- Protecting our rights, property, and safety, and that of our users
- Facilitating business operations and professional services
5.3 Legal Requirements and Protection
We may disclose personal information when required by law or when we believe disclosure is necessary to:- Comply with legal obligations, court orders, subpoenas, or regulatory requests
- Protect our rights, property, or safety, or that of others
- Prevent fraud, security breaches, or illegal activities
- Enforce our Terms of Service or other agreements
- Respond to emergency situations involving threats to personal safety
5.4 Business Transfers
In the event of a merger, acquisition, bankruptcy, or other business transaction, personal information may be transferred as part of the business assets, subject to appropriate privacy protections and notification requirements under applicable law.5.4 No Sale of Personal Information
We do not sell, rent, or share personal information for advertising purposes. Any sharing of personal information is limited to the purposes outlined in this Privacy Policy.5.5 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information with third parties for research, analytics, and business improvement purposes. Such information does not identify you individually and may include usage patterns, performance metrics, and statistical data about how our Services are used. If we are required under applicable law to treat such information as personal information, then we will only disclose it as described in this Privacy Policy.5.6 Third-Party Websites
Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Dimedove. This Privacy Policy applies solely to information processed by us. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.6. DATA RETENTION
6.1 Retention Principles
We retain personal information for reasonable periods as necessary to:- Provide Services and maintain platform integrity
- Comply with legal obligations and regulatory requirements
- Enforce our agreements and resolve disputes
- Fulfill legitimate business purposes
6.2 Specific Retention Periods
Account Information: Retained for the duration of the business relationship and up to 7 years after account closure for legal and compliance purposesTransaction Records: Retained for 7 years as required by applicable financial and tax regulations
Usage and Analytics Data: Retained for up to 3 years for service improvement and analytics purposes
Support Communications: Retained for up to 3 years for quality assurance and training purposes
Security Logs: Retained for up to 2 years for security monitoring and incident response
6.3 Data Anonymization and Deletion
Where possible, personal information is anonymized or pseudonymized to protect individual privacy while allowing us to derive insights for service improvement. Some non-personal metadata may be retained indefinitely for internal audit, compliance, or performance tracking purposes. Upon expiration of retention periods, personal information is securely deleted or destroyed using industry-standard data destruction methods. However, please note that some content you create or share through our Services (such as AI agent configurations or public interactions) may remain visible even after account termination, unless specifically deleted. We may also retain personal information for longer periods where required by law, to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legal rights and interests.7. DATA SECURITY
7.1 Security Measures
We implement commercially reasonable and industry-standard security controls to protect personal information, including: Encryption:- End-to-end encryption for data in transit and at rest
- Advanced encryption standards (AES-256) for data storage
- Encrypted transmission protocols (TLS 1.3)
- Multi-factor authentication (MFA) for secure account access
- Role-based access controls and principle of least privilege
- Regular access reviews and credential management
- Secure hosting via AWS with SOC 2 Type II compliance
- Network security monitoring and intrusion detection
- Regular security assessments and penetration testing
- Encrypted storage of sensitive personal and financial data
- Data loss prevention and backup systems
- Incident response and breach notification procedures
- Before transmitting personal information to third-party AI or foundation model providers (e.g., OpenAI, Anthropic, Google, Groq), Dimedove systematically de-identifies or anonymizes any personally identifiable information (PII).
- All transmissions occur over encrypted channels, and data is encrypted at rest and in transit, following industry best practices.
7.2 Security Limitations
We continuously monitor our systems for security threats and vulnerabilities, conducting regular security audits and maintaining incident response capabilities to address potential security events promptly. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of personal information.8. YOUR RIGHTS AND DATA CONTROL
8.1 Access and Correction Rights
You have the right to:- Access your personal information held by Dimedove
- Update and correct inaccurate or incomplete information
- Request information about our data processing activities
- Obtain copies of your personal information in a structured format
8.2 Deletion and Portability Rights
You may request to:- Delete your personal information subject to legal retention requirements, technical limitations, and legitimate business interests
- Withdraw consent for specific processing activities where consent is the legal basis
- Port your data to another service provider where technically feasible and legally required
- Restrict processing in certain circumstances as permitted by law
8.3 Communication Preferences
You can:- Opt-out of marketing communications via unsubscribe links or by contacting us
- Manage notification preferences through your account settings
- Update communication preferences at any time
8.4 Exercising Your Rights
To exercise these rights, contact us at support@dimedove.com or legal@dimedove.com. We will make reasonable efforts to respond to your requests within applicable legal timeframes, subject to verification of your identity and the feasibility of the request. Some requests may be subject to limitations based on legal requirements, technical constraints, or legitimate business interests.9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies and Technologies
Dimedove uses cookies and similar tracking technologies for: Essential Functionality:- Platform performance and core functionality
- User authentication and session management
- Security and fraud prevention measures
- Website and platform usage analytics
- Performance monitoring and optimization
- User experience enhancement and personalization
- Delivering consistent and optimal user experience
- Fraud prevention and security monitoring
- Technical support and troubleshooting
9.2 Cookie Management
Users can manage cookies through:- Browser settings and privacy controls
- Platform preference settings where available
- Third-party opt-out mechanisms
- Our Cookie Policy for detailed instructions
10. INTERNATIONAL DATA TRANSFERS
10.1 Cross-Border Processing
Although Dimedove primarily operates in Quebec, Canada, some personal information may be securely transferred to and processed by service providers located outside Canada, including in the United States and other jurisdictions.10.2 Transfer Safeguards
We ensure such international transfers meet high standards of security and regulatory compliance through:- Encrypted transmission using industry-standard protocols
- Secure cross-border networking and data protection measures
- Trusted vendors with appropriate privacy certifications and contractual safeguards
- Adequacy determinations or appropriate safeguards as required by law
- Privacy Impact Assessments (PIAs): We conduct PIAs for cross-border transfers of personal information, including transfers to service providers located in the United States and other regions around the world where our technology providers may process data. These PIAs are available upon request for the relevant entities.
10.3 Data Localization
Where required by applicable law, we implement data localization measures to ensure compliance with provincial and federal requirements regarding the storage and processing of personal information.11. CHILDREN’S PRIVACY
11.1 Eligibility
Minimum Age Requirement: By using Dimedove, you confirm that you are at least 13 years old or meet the minimum legal age required in your local jurisdiction.11.2 Underage Use
We do not knowingly collect personal information from children under 13 years of age. If we become aware of underage use of our Services, we will:- Terminate the account promptly
- Delete any personal information collected from the minor
- Take steps to prevent future underage access
11.3 Parental Rights
Parents or guardians who believe their child has provided personal information to Dimedove should contact us immediately at legal@dimedove.com to request deletion of such information.12. QUEBEC-SPECIFIC PRIVACY RIGHTS
12.1 Bill 25 Compliance
In compliance with Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Bill 25), residents of Quebec have additional rights including: Enhanced Consent Requirements:- Clear and specific consent for personal information collection and use
- Right to withdraw consent at any time (subject to legal limitations)
- Granular consent options for different processing purposes
- We have implemented governance rules and practices regarding personal information, including rules for retention, destruction, complaint handling, and staff awareness. These rules are available upon request.
- We conduct PIAs for projects involving the collection, use, communication, or cross-border transfer of personal information. These PIAs are available upon request to relevant entities, such as regulators, business customers, or other appropriate parties, subject to confidentiality and security considerations.
- Our AI agents are designed to support lead qualification and engagement. While they may generate automated outputs, Dimedove does not use AI to make binding or solely automated decisions that produce legal or significant effects on individuals.
- If any automated processing is used to render a decision, individuals will be informed and have the right to request human review.
- We de-identify or anonymize personal information before sending data to third-party AI providers, ensuring compliance with Quebec’s requirements for protecting personal information.
- Prompt notification to relevant authorities in case of data breaches
- Individual notification where there is a real risk of serious harm
- Maintenance of breach registers and incident documentation
12.2 Quebec Residents’ Rights
Quebec residents may exercise additional rights under Bill 25, including:- Enhanced access to personal information and processing details
- Improved correction and deletion rights
- Right to request cessation of dissemination of their personal information
- Right to request de-indexation, re-indexation, deletion, or “right to be forgotten” of their personal information
- Right to request that all personal information held by Dimedove be returned or securely destroyed
13. BUSINESS CUSTOMER RESPONSIBILITIES
13.1 Data Controller Obligations
Business Customers who use our platform to collect personal information through AI agents are responsible for:- Ensuring lawful basis for personal information collection
- Providing appropriate privacy notices to End Users
- Obtaining necessary consents for data processing
- Complying with applicable privacy laws in their jurisdiction
13.2 Data Processing Agreements
Where Dimedove processes personal information on behalf of Business Customers, we enter into appropriate data processing agreements that outline:- Scope and purpose of processing activities
- Data security and protection measures
- Data retention and deletion procedures
- Incident response and breach notification protocols
14. CHANGES TO THIS PRIVACY POLICY
14.1 Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. For significant changes that materially affect your privacy rights, we will make reasonable efforts to provide notice through appropriate channels, which may include:- Provide advance notice via email to registered users
- Post prominent notifications on our website and platform
- Offer in-app notifications for active platform users
- Maintain previous versions for reference and comparison
14.2 Acceptance of Changes
Continued use of Dimedove after changes indicates your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of our Services and may request deletion of your personal information.14.3 Material Changes
For material changes that significantly expand our use or sharing of personal information, we may seek additional consent where required by applicable law.15. CONTACT INFORMATION
15.1 Privacy Inquiries
For questions, concerns, or data-related inquiries regarding this Privacy Policy or our privacy practices, please contact: Privacy Officer (Bill 25):Felix Simard, CEO
Email: security@dimedove.com Support: support@dimedove.com Mailing Address:
Dimedove Technologies Inc.
4 Pl. Ville-Marie #300
Montréal, QC H3B 2E7
Canada
15.2 Response Process
We will make reasonable efforts to respond to privacy-related requests in accordance with applicable legal requirements. Response times may vary depending on the complexity of the request and verification requirements.This Privacy Policy represents our commitment to protecting your personal information and maintaining transparency in our data practices. We encourage you to review this Policy regularly and contact us with any questions or concerns.