Last Updated: 2026-03-13
1. INTRODUCTION
Dimedove Technologies Inc., operating as “Dimedove” (“we,” “us,” “our,” or “Company”), is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information in connection with our AI agent building platform and related services (collectively, the “Services”). Our Business: Dimedove powers businesses with intelligent agents that engage, qualify, and delight visitors, driving more conversions and better customer experience. Our platform enables businesses to build and configure AI agents for various use cases through our website at https://dimedove.com and platform at https://dashboard.dimedove.com (the “Platform”). Additionally, through Dimedove Apps, businesses can build custom applications on top of our platform using our API. Legal Basis: This Privacy Policy is designed to comply with applicable Canadian privacy laws, including Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Bill 25), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant provincial and federal privacy regulations. Dimedove is committed to respecting the privacy rights of all individuals who interact with our Services, regardless of their jurisdiction. Scope: This Policy applies to personal information collected through our Services, including information collected from business customers who use our platform, end users who interact with AI agents created through our platform, and external users who interact with Dimedove Apps built by our business customers.2. DEFINITIONS
For purposes of this Privacy Policy:- “Personal Information” means information about an identifiable individual, as defined under applicable Canadian privacy laws
- “Business Customer” means organizations that use our platform to create and deploy AI agents or build Dimedove Apps
- “End User” means individuals who interact with AI agents created by our Business Customers
- “External User” means individuals who interact with Dimedove Apps built by our Business Customers through the Dimedove API
- “Dimedove Apps” means custom applications built by Business Customers using the Dimedove API
- “Services” means our AI agent building platform, APIs, Dimedove Apps, website, and all related services and features
- “De-identified Information” means personal information that no longer allows an individual to be directly identified
- “Anonymized Information” means information that irreversibly no longer allows an individual to be identified, directly or indirectly, in accordance with recognized best practices under Quebec law
3. INFORMATION WE COLLECT
3.1 Information Collected from Business Customers
Account and Profile Information:- Name, email address, phone number, job title
- Company name, business address, industry
- Billing information and payment details
- Account credentials and authentication data
- AI agent configurations and customizations
- Platform usage patterns and feature utilization
- Performance metrics and analytics data
- Support interactions and communications
- IP addresses, device identifiers, browser information
- Log files, cookies, and similar tracking technologies
- System performance and diagnostic data
3.2 Information Collected from End Users and External Users
Interaction Data:- Conversations and interactions with AI agents (across all supported channels, including web chat, email, phone, SMS, Slack, Facebook Messenger, and Instagram)
- Session data and engagement metrics
- User preferences and behavioral patterns
- Device and technical information
- Information voluntarily provided during AI agent interactions
- Contact details when provided for follow-up (email addresses, phone numbers)
- Any personal information shared during conversations
- External user identifiers provided by Business Customers through the Dimedove API
- For phone-based AI agent interactions, audio is processed in real-time by our telephony provider (Twilio) and voice synthesis provider (ElevenLabs). Dimedove does not store voice recordings. Only conversation transcripts are retained.
- For SMS-based interactions, phone numbers and message content are processed and retained as part of conversation data.
- For email-based AI agent interactions, email addresses, email content, and thread history are processed and retained as part of conversation data.
- For interactions via Facebook Messenger or Instagram, user profile identifiers, usernames, and message content are processed and retained as part of conversation data.
3.3 Information Collected Through Dimedove Apps
When Business Customers build applications using the Dimedove API, the following information may be collected:- Conversation content between External Users and AI agents
- External user identifiers provided by the Business Customer
- Request metadata, including origin information, token usage, and response performance data
- Any personal information that External Users share during interactions
3.4 Information Collected Automatically
Website and Platform Analytics:- Page views, navigation patterns, time spent
- Referring websites and search terms
- Geographic location (general region, derived from IP address)
- Browser fingerprint data (including user agent, accept encoding headers, and similar technical attributes) used for cross-session visitor identification and profile continuity
- IP address, used for geographic location approximation (country-level) and security purposes
- Session identifiers for tracking individual browsing sessions
- Authentication logs and security events
- Suspicious activity monitoring
- Access patterns and anomaly detection
- When Business Customers use our knowledge base features, the content of uploaded documents and scraped web pages is stored as part of Customer Data. This content may contain personal information depending on the source material.
- When Business Customers configure workflows, execution data (including HTTP request and response metadata and action results) is logged for debugging and audit purposes.
4. HOW WE USE YOUR INFORMATION
4.1 Service Delivery and Operations
- Providing, operating, and maintaining our Services, including AI agent interactions and Dimedove Apps
- Processing transactions and managing accounts
- Delivering customer support and technical assistance
- Personalizing user experience and platform functionality
4.2 Business Operations and Analytics
- Analyzing platform usage and performance
- Developing new features and improving Services
- Conducting research and data analysis
- Managing business relationships and communications
4.3 Legal and Compliance
- Complying with applicable laws and regulations
- Enforcing our Terms of Service and other agreements
- Protecting our rights, property, and safety
- Responding to legal requests and regulatory inquiries
4.4 Marketing and Communications
- Sending service-related notifications and updates
- Providing marketing communications (with appropriate consent where required)
- Conducting surveys and market research
- Promoting new features and services
4.5 Legitimate Business Interests
- Protecting our legal rights and interests
- Preventing fraud, abuse, and unauthorized access
- Ensuring network and information security
- Internal administrative purposes and business operations
5. INFORMATION SHARING AND DISCLOSURE
5.1 Categories of Recipients
Dimedove Group Companies:- Any current or future subsidiaries, affiliates, or related entities of Dimedove Technologies Inc.
- Cloud hosting and infrastructure providers (Amazon Web Services)
- Payment processing services (Stripe)
- AI model and technology providers (OpenAI, Google, Anthropic, Groq, Meta), as selected by the Business Customer’s agent configuration
- Voice synthesis services (ElevenLabs) for phone-based AI agents
- Telephony and messaging services (Twilio) for phone and SMS-based AI agents
- Authentication and identity management services (Kinde)
- Web content processing services (Spider Cloud Technologies) for knowledge base features
- Email delivery services (Resend) for transactional email
- Analytics and performance monitoring providers
- Customer support and communication tools (Intercom)
- Security and fraud prevention services
- Other consultants and vendors engaged to support our business operations
- When Business Customers connect third-party integrations (such as CRM platforms including HubSpot, Attio, Zoho CRM, Pipedrive, Close, or Salesforce), data sharing with those services is initiated and controlled by the Business Customer. Dimedove facilitates the connection, but the Business Customer determines what data is shared and how it is used.
- Similarly, when Business Customers connect Slack workspaces, Facebook pages, or Instagram accounts, interaction data flows to those platforms as configured by the Business Customer.
- Lawyers, accountants, auditors, insurers, and other professional service providers in the course of services they render to us
- Government agencies, courts, law enforcement, and regulatory bodies when required by law or legal process
- Parties involved in legal proceedings where disclosure is necessary to protect our rights or comply with legal obligations
- Parties to actual or potential business transactions, including mergers, acquisitions, asset sales, or bankruptcy proceedings (and their professional advisors)
5.2 Purposes for Disclosure
- Providing and improving our Services
- Processing payments and managing accounts
- Ensuring platform security and preventing fraud
- Complying with legal obligations and regulatory requirements
- Protecting our rights, property, and safety, and that of our users
- Facilitating business operations and professional services
5.3 Legal Requirements and Protection
We may disclose personal information when required by law or when we believe disclosure is necessary to:- Comply with legal obligations, court orders, subpoenas, or regulatory requests
- Protect our rights, property, or safety, or that of others
- Prevent fraud, security breaches, or illegal activities
- Enforce our Terms of Service or other agreements
- Respond to emergency situations involving threats to personal safety
5.4 Business Transfers
In the event of a merger, acquisition, bankruptcy, dissolution, or other business transaction (including platform discontinuation), personal information may be transferred as part of the business assets, subject to appropriate privacy protections and notification requirements under applicable law. In the event of a planned discontinuation of Services: (a) Dimedove will provide advance notice to affected individuals in accordance with the Terms of Service; (b) Personal information will remain subject to the protections of this Privacy Policy during any Core Services Continuation Period (as defined in the Terms of Service); (c) Upon final cessation of Services, personal information will be securely deleted or destroyed in accordance with Section 6.3 of this Privacy Policy and applicable legal retention requirements, unless transferred to a successor entity that agrees to be bound by substantially similar privacy protections.5.5 No Sale of Personal Information
We do not sell, rent, or share personal information for advertising purposes. Any sharing of personal information is limited to the purposes outlined in this Privacy Policy.5.6 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information with third parties for research, analytics, and business improvement purposes. Such information does not identify you individually and may include usage patterns, performance metrics, and statistical data about how our Services are used. If we are required under applicable law to treat such information as personal information, then we will only disclose it as described in this Privacy Policy.5.7 Third-Party Websites
Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Dimedove. This Privacy Policy applies solely to information processed by us. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.6. DATA RETENTION
6.1 Retention Principles
We retain personal information for reasonable periods as necessary to:- Provide Services and maintain platform integrity
- Comply with legal obligations and regulatory requirements
- Enforce our agreements and resolve disputes
- Fulfill legitimate business purposes
6.2 Specific Retention Periods
Account Information: Retained for the duration of the business relationship and up to 7 years after account closure for legal and compliance purposes Transaction Records: Retained for 7 years as required by applicable financial and tax regulations Conversation Data and Transcripts: Retained for the duration of the business relationship, including voice call transcripts and messaging history across all channels Usage and Analytics Data: Retained for up to 3 years for service improvement and analytics purposes API Usage Logs (Dimedove Apps): Retained for the duration of the business relationship for debugging, analytics, and billing purposes Visitor Data (fingerprints, IP addresses, session data): Retained for the duration of the business relationship for visitor identification and platform functionality Support Communications: Retained for up to 3 years for quality assurance and training purposes Security Logs: Retained for up to 2 years for security monitoring and incident response Webhook and Workflow Execution Logs: Retained for the duration of the business relationship for debugging and audit purposes Discontinuation Period Data: In the event of a platform discontinuation, all Customer Data and associated personal information will be retained and accessible during the Core Services Continuation Period and Final Export Window as defined in the Terms of Service, after which standard deletion procedures apply6.3 Data Anonymization and Deletion
Where possible, personal information is anonymized or pseudonymized to protect individual privacy while allowing us to derive insights for service improvement. Some non-personal metadata may be retained indefinitely for internal audit, compliance, or performance tracking purposes. Upon expiration of retention periods, personal information is securely deleted or destroyed using industry-standard data destruction methods. However, please note that some content you create or share through our Services (such as AI agent configurations) may remain visible to your team members even after individual account changes, unless specifically deleted by an authorized team administrator. We may also retain personal information for longer periods where required by law, to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legal rights and interests.7. DATA SECURITY
7.1 Security Measures
We implement commercially reasonable and industry-standard security controls to protect personal information, including: Encryption:- End-to-end encryption for data in transit and at rest
- Advanced encryption standards (AES-256) for data storage
- Encrypted transmission protocols (TLS 1.3)
- Multi-factor authentication (MFA) for secure account access
- Role-based access controls and principle of least privilege
- Regular access reviews and credential management
- Secure hosting via AWS
- Network security monitoring and intrusion detection
- Regular security assessments and penetration testing
- Encrypted storage of sensitive personal and financial data
- Data loss prevention and backup systems
- Incident response and breach notification procedures
- Dimedove implements technical safeguards to minimize the exposure of personally identifiable information when transmitting data to third-party AI or foundation model providers (such as OpenAI, Anthropic, Google, Groq, and Meta). The specific AI provider that processes data depends on the Business Customer’s agent configuration.
- All transmissions to AI providers occur over encrypted channels, and data is encrypted in transit following industry best practices.
- Our AI provider agreements include provisions that prohibit the use of customer conversation data for model training purposes.
- Voice audio for phone-based AI agents is processed in real-time by Twilio (telephony) and ElevenLabs (voice synthesis). Dimedove does not store voice recordings. ElevenLabs receives only text content for speech synthesis.
- Only conversation transcripts are retained by Dimedove.
7.2 Security Limitations
We continuously monitor our systems for security threats and vulnerabilities, conducting regular security audits and maintaining incident response capabilities to address potential security events promptly. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of personal information.8. YOUR RIGHTS AND DATA CONTROL
8.1 Access and Correction Rights
You have the right to:- Access your personal information held by Dimedove
- Update and correct inaccurate or incomplete information
- Request information about our data processing activities
- Obtain copies of your personal information in a structured format
8.2 Data Export and Portability Rights
Business Customers may request a full copy of their Customer Data at any time during the Subscription Term by contacting us at support@dimedove.com. This includes conversation data, contact data, usage logs, and configurations, including data collected through Dimedove Apps. Dimedove will use commercially reasonable efforts to provide the requested data in a standard, machine-readable format (such as JSON or CSV) within thirty (30) business days of receiving a verified request. For additional details about data export and portability, please refer to the Data Portability and Export section of our Terms of Service.8.3 Deletion Rights
You may request to:- Delete your personal information subject to legal retention requirements, technical limitations, and legitimate business interests
- Withdraw consent for specific processing activities where consent is the legal basis
- Restrict processing in certain circumstances as permitted by law
8.4 Communication Preferences
You can:- Opt-out of marketing communications via unsubscribe links or by contacting us
- Manage notification preferences through your account settings
- Update communication preferences at any time
8.5 Exercising Your Rights
To exercise these rights, contact us at support@dimedove.com or legal@dimedove.com. We will make reasonable efforts to respond to your requests within applicable legal timeframes, subject to verification of your identity and the feasibility of the request. Some requests may be subject to limitations based on legal requirements, technical constraints, or legitimate business interests.9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies and Technologies
Dimedove uses cookies and similar tracking technologies for: Essential Functionality:- Platform performance and core functionality
- User authentication and session management
- Security and fraud prevention measures
- Website and platform usage analytics
- Performance monitoring and optimization
- User experience enhancement and personalization
- Browser fingerprinting data (user agent, accept encoding, and similar technical attributes) is used for cross-session visitor identification, allowing returning visitors to be recognized for a consistent experience
- IP-based geographic identification for content localization and security
- Fraud prevention and security monitoring
9.2 Cookie Management
Users can manage cookies through:- Browser settings and privacy controls
- Platform preference settings where available
- Third-party opt-out mechanisms
- Our Cookie Policy for detailed instructions
10. INTERNATIONAL DATA TRANSFERS
10.1 Cross-Border Processing
Dimedove primarily operates in Quebec, Canada. Some personal information may be securely transferred to and processed by service providers located outside Canada, including in the United States and other jurisdictions where our technology providers operate.10.2 Transfer Safeguards
We ensure such international transfers meet high standards of security and regulatory compliance through:- Encrypted transmission using industry-standard protocols
- Secure cross-border networking and data protection measures
- Trusted vendors with appropriate privacy certifications and contractual safeguards
- Adequacy determinations or appropriate safeguards as required by law
- Privacy Impact Assessments (PIAs): We conduct PIAs for cross-border transfers of personal information, including transfers to service providers located in the United States and other regions around the world where our technology providers may process data. These PIAs are available upon request for the relevant entities.
10.3 Data Localization
Where required by applicable law, we implement data localization measures to ensure compliance with provincial and federal requirements regarding the storage and processing of personal information.10.4 International Privacy Frameworks
Dimedove is committed to respecting the privacy rights of individuals regardless of their jurisdiction. While our primary legal framework is based on Canadian privacy law (Bill 25, PIPEDA), we recognize that individuals from other jurisdictions may interact with our Services:- European Economic Area (EEA) and United Kingdom: If and when Dimedove processes personal data of individuals in the EEA or UK, we will do so in accordance with applicable data protection requirements, including providing appropriate legal bases for processing and ensuring adequate safeguards for cross-border data transfers.
- United States: We acknowledge privacy frameworks such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell personal information. The rights described in Section 8 of this Privacy Policy (access, deletion, portability) are available to all users regardless of location.
11. CHILDREN’S PRIVACY
11.1 Eligibility
Minimum Age Requirement: By using Dimedove, you confirm that you are at least 13 years old or meet the minimum legal age required in your local jurisdiction.11.2 Underage Use
We do not knowingly collect personal information from children under 13 years of age. If we become aware of underage use of our Services, we will:- Terminate the account promptly
- Delete any personal information collected from the minor
- Take steps to prevent future underage access
11.3 Parental Rights
Parents or guardians who believe their child has provided personal information to Dimedove should contact us immediately at legal@dimedove.com to request deletion of such information.12. QUEBEC-SPECIFIC PRIVACY RIGHTS
12.1 Bill 25 Compliance
In compliance with Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Bill 25), residents of Quebec have additional rights including: Enhanced Consent Requirements:- Clear and specific consent for personal information collection and use
- Right to withdraw consent at any time (subject to legal limitations)
- Granular consent options for different processing purposes
- We have implemented governance rules and practices regarding personal information, including rules for retention, destruction, complaint handling, and staff awareness. These rules are available upon request.
- We conduct PIAs for projects involving the collection, use, communication, or cross-border transfer of personal information. These PIAs are available upon request to relevant entities, such as regulators, business customers, or other appropriate parties, subject to confidentiality and security considerations.
- Our AI agents are designed to support lead qualification and engagement. While they may generate automated outputs, Dimedove does not use AI to make binding or solely automated decisions that produce legal or significant effects on individuals.
- If any automated processing is used to render a decision, individuals will be informed and have the right to request human review.
- Dimedove implements technical safeguards to minimize the exposure of personally identifiable information when transmitting data to third-party AI providers. All transmissions are encrypted and our AI provider agreements prohibit the use of customer data for model training.
- Notification to the Commission d’acces a l’information du Quebec and affected individuals within seventy-two (72) hours of confirming a data breach that presents a real risk of serious harm
- Individual notification where there is a real risk of serious harm
- Maintenance of breach registers and incident documentation in accordance with Bill 25 requirements
12.2 Quebec Residents’ Rights
Quebec residents may exercise additional rights under Bill 25, including:- Enhanced access to personal information and processing details
- Improved correction and deletion rights
- Right to request cessation of dissemination of their personal information
- Right to request de-indexation, re-indexation, deletion, or “right to be forgotten” of their personal information
- Right to request that all personal information held by Dimedove be returned or securely destroyed
13. BUSINESS CUSTOMER RESPONSIBILITIES
13.1 Data Controller Obligations
Business Customers who use our platform to collect personal information through AI agents or Dimedove Apps are responsible for:- Ensuring lawful basis for personal information collection
- Providing appropriate privacy notices to End Users and External Users
- Obtaining necessary consents for data processing
- Complying with applicable privacy laws in their jurisdiction
- For Dimedove Apps: providing their own terms of service and privacy policy to External Users
13.2 Data Processing Agreements
Where Dimedove processes personal information on behalf of Business Customers, we enter into appropriate data processing agreements that outline:- Scope and purpose of processing activities
- Data security and protection measures
- Data retention and deletion procedures
- Incident response and breach notification protocols
14. CHANGES TO THIS PRIVACY POLICY
14.1 Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. For significant changes that materially affect your privacy rights, we will make reasonable efforts to provide notice through appropriate channels, which may include:- Provide advance notice via email to registered users
- Post prominent notifications on our website and platform
- Offer in-app notifications for active platform users
- Maintain previous versions for reference and comparison
14.2 Acceptance of Changes
Continued use of Dimedove after changes indicates your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of our Services and may request deletion of your personal information.14.3 Material Changes
For material changes that significantly expand our use or sharing of personal information, we may seek additional consent where required by applicable law.15. CONTACT INFORMATION
15.1 Privacy Inquiries
For questions, concerns, or data-related inquiries regarding this Privacy Policy or our privacy practices, please contact: Privacy Officer (Bill 25): Felix Simard, CEO Email: security@dimedove.com Support: support@dimedove.comLegal: legal@dimedove.com Mailing Address: Dimedove Technologies Inc. 4 Pl. Ville-Marie #300 Montréal, QC H3B 2E7 Canada
15.2 Response Process
We will make reasonable efforts to respond to privacy-related requests in accordance with applicable legal requirements. Response times may vary depending on the complexity of the request and verification requirements.This Privacy Policy represents our commitment to protecting your personal information and maintaining transparency in our data practices. We encourage you to review this Policy regularly and contact us with any questions or concerns.