Bridge AI

Contact Us

Parties

(1) Bridge, owned by Kassad Enterprises Ltd., a corporation incorporated under the laws of Ontario, having its principal place of business at 36-15 Stauffer Woods Trail, Kitchener, Ontario, email: [email protected], phone: 416 854 4091 (the “Company” or “Bridge“), being the data controller and processor providing AI and automation solutions through third-party services including Make.com, ElevenLabs, OpenAI, and Twilio.

(2) Customer, being individuals who visit Bridge’s website, utilize Bridge’s AI and automation services, or whose personal information is otherwise collected, processed, or stored by Bridge in connection with its business operations (collectively, the “Data Subjects” or “Users“).

Background

  • Bridge operates as an enterprise-level provider of artificial intelligence and automation solutions, leveraging advanced third-party platforms including Make.com for workflow automation, ElevenLabs for voice AI services, OpenAI for language processing and machine learning capabilities, and Twilio for communications infrastructure.
  • In the course of delivering these AI and automation services to clients, Bridge necessarily collects, processes, stores, and transmits various categories of personal information belonging to end users, employees, clients, and other stakeholders.
  • The processing of personal information through Bridge’s AI and automation platform involves complex data flows between Bridge’s systems and the aforementioned third-party service providers, each of which may have their own data processing requirements and security protocols.
  • Bridge recognizes its obligations as a data controller and processor under Ontario’s privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable provincial privacy laws.
  • The sophisticated nature of AI-driven services requires comprehensive data governance frameworks to ensure that all personal information is handled in accordance with applicable privacy laws, industry best practices, and client expectations for enterprise-level data security.
  • This Privacy Policy establishes the framework governing Bridge’s collection, use, disclosure, retention, and protection of personal information in connection with its AI and automation services, website operations, and business activities.
  • Definitions
    • AI Services means the artificial intelligence and machine learning solutions provided by Bridge through its platform, including but not limited to natural language processing, voice synthesis, automated workflows, and intelligent data analysis.
    • Automation Platform means Bridge’s integrated technology infrastructure that utilizes third-party service providers to deliver workflow automation, communication services, and AI-powered solutions to clients.
    • Biometric Information means any physiological, biological, or behavioral characteristics that can be used to establish individual identity, including but not limited to voice patterns, facial recognition data, and other unique biological identifiers processed through AI Services.
    • Client Data means any personal information provided to Bridge by its enterprise clients for processing through the AI Services and Automation Platform, including end-user data, employee information, and customer records.
    • Data Controller means the natural or legal person who determines the purposes and means of processing personal information, which may include Bridge or its clients depending on the specific processing activity.
    • Data Processor means the natural or legal person who processes personal information on behalf of and according to the instructions of a Data Controller.
    • Data Subject means any identified or identifiable natural person whose Personal Information is collected, used, disclosed, or otherwise processed by Bridge.
    • ElevenLabs Services means the voice AI and speech synthesis services provided by ElevenLabs Inc., utilized by Bridge for generating artificial speech and voice-related AI functionalities.
    • Make.com Services means the workflow automation and integration platform services provided by Make.com, utilized by Bridge for creating automated business processes and data integrations.
    • OpenAI Services means the artificial intelligence and machine learning services provided by OpenAI, including language models, natural language processing, and other AI capabilities integrated into Bridge’s platform.
    • Personal Information means any information about an identifiable individual, including but not limited to name, address, telephone number, email address, age, identification numbers, income, ethnic origin, opinions, evaluations, comments, social status, disciplinary actions, employee files, credit records, loan records, medical records, existence of a dispute, and any other information that can be used to identify an individual.
    • Privacy Breach means any unauthorized access to, collection, use, disclosure, disposal, or destruction of Personal Information, or any incident where Personal Information is at risk of being compromised.
    • Processing means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
    • Sensitive Personal Information means Personal Information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, health information, or information concerning sexual orientation or sexual life.
    • Third-Party Service Providers means Make.com, ElevenLabs, OpenAI, Twilio, and any other external service providers engaged by Bridge to deliver AI Services, automation capabilities, or related technical infrastructure.
    • Training Data means Personal Information used to develop, improve, or train artificial intelligence models, algorithms, or machine learning systems, whether processed by Bridge or Third-Party Service Providers.
    • Twilio Services means the cloud communications platform services provided by Twilio Inc., utilized by Bridge for messaging, voice communications, and related communication infrastructure.
    • User Account Information means Personal Information associated with individual user accounts on Bridge’s platform, including login credentials, user preferences, usage history, and account settings.
  • Scope and Application
    • This Privacy Policy applies to all Personal Information collected, used, disclosed, retained, or otherwise processed by Bridge in connection with:
      • The provision of AI Services and Automation Platform solutions to clients;
      • Operation of Bridge’s website, online portals, and digital platforms;
      • Client relationship management and business development activities;
      • Employment and contractor relationships;
      • Marketing, communications, and promotional activities.
    • This Privacy Policy covers Personal Information in all formats, including:
      • Digital data stored in databases, cloud systems, or electronic files;
      • Audio recordings and voice data processed through ElevenLabs Services;
      • Text-based communications and content processed through OpenAI Services;
      • Workflow and automation data processed through Make.com Services;
      • Communications data transmitted through Twilio Services;
      • Physical documents and records containing personal information.
    • This Privacy Policy applies to the following categories of Data Subjects:
      • Current and prospective clients of Bridge’s services;
      • End users of client systems that incorporate Bridge’s AI Services;
      • Visitors to Bridge’s website and digital platforms;
      • Current and former employees, contractors, and consultants;
      • Vendors, suppliers, and business partners;
      • Any other individuals whose Personal Information Bridge collects in the course of business operations.
    • This Privacy Policy is governed by and construed in accordance with the laws of Ontario, Canada, including:
      • The Personal Information Protection and Electronic Documents Act (PIPEDA);
      • Applicable provincial privacy legislation in Ontario;
      • Other relevant federal and provincial laws governing data protection and privacy.
    • Where Bridge processes Personal Information of individuals located outside Ontario, this Privacy Policy applies to the extent permitted by applicable local privacy laws, with additional protections implemented as required by such laws.
    • This Privacy Policy does not apply to:
      • Personal Information that has been anonymized or de-identified such that individuals cannot be reasonably identified;
      • Publicly available information as defined under applicable privacy legislation;
      • Business contact information used solely for business communications as permitted under PIPEDA.
  • Information We Collect
    • Information Collected Directly from Users
      • We collect personal information that you provide directly to us when creating user accounts, requesting services, or communicating with Bridge, including name, email address, phone number, company affiliation, job title, and payment information.
      • When using our AI Services, you may provide content, documents, voice recordings, images, or other data that contains personal information, which we process to deliver the requested automation or AI functionality.
      • We collect information you provide through customer support interactions, feedback forms, surveys, and other communications with Bridge personnel.
    • Information Collected Automatically
      • Our systems automatically collect technical information when you access our services, including IP addresses, device identifiers, browser type and version, operating system, referring URLs, and access timestamps.
      • We collect usage data regarding your interaction with our AI Services and Automation Platform, including feature utilization, workflow execution logs, API calls, processing times, and service performance metrics.
      • When you use voice-enabled AI Services through ElevenLabs Services, we may collect voice patterns and audio characteristics necessary for voice synthesis and processing.
      • Our systems log authentication events, security-related activities, and system access patterns for security monitoring and incident response purposes.
    • Information from Third-Party Service Providers
      • We receive personal information processed through Make.com Services as part of automated workflows you configure, which may include data from your connected applications and external systems.
      • OpenAI Services may process and return personal information contained in content you submit for language processing, analysis, or generation tasks.
      • Twilio Services may collect phone numbers, message content, and communication metadata when facilitating SMS, voice calls, or other communications through our platform.
      • We may receive personal information from business partners, resellers, or integration platforms that connect with our AI Services.
    • Sensitive Personal Information
      • Depending on your use of our services, we may inadvertently process Sensitive Personal Information contained within documents, communications, or other content you provide to our AI Services.
      • We implement additional safeguards when Sensitive Personal Information is identified and will process such information only as necessary to deliver the requested services.
  • How We Use Your Information
    • Service Delivery and Operations
      • Bridge processes Personal Information to provide, maintain, and improve its AI Services and Automation Platform, including configuring workflows, executing automated processes, and delivering customized solutions to clients.
      • We use Personal Information to authenticate users, manage User Account Information, process transactions, and provide customer support and technical assistance.
      • Personal Information is processed to monitor system performance, diagnose technical issues, and ensure the security and reliability of our services.
    • AI Model Training and Enhancement
      • Bridge may use anonymized and aggregated Personal Information as Training Data to improve the performance and accuracy of AI models and automation workflows.
      • Personal Information may be processed to customize AI responses, enhance natural language processing capabilities, and optimize automation sequences for individual clients.
      • Voice recordings and transcripts may be used to train and improve speech recognition and synthesis capabilities through ElevenLabs Services.
    • Third-Party Service Integration
      • Personal Information is shared with and processed by Third-Party Service Providers including Make.com Services, ElevenLabs Services, OpenAI Services, and Twilio Services to deliver integrated AI and automation solutions.
      • We process Personal Information to establish and maintain API connections, synchronize data across platforms, and ensure seamless workflow execution.
    • Business Operations and Administration
      • Bridge processes Personal Information for internal business purposes including accounting, billing, contract management, and compliance with legal obligations.
      • Personal Information is used to conduct privacy impact assessments, security audits, and risk assessments related to our AI Services.
      • We process Personal Information to investigate and respond to privacy breaches, security incidents, and compliance violations.
    • Communications and Marketing
      • Personal Information is used to send service-related communications, system notifications, and updates regarding changes to our AI Services or this Privacy Policy.
      • With appropriate consent, Personal Information may be used for marketing communications about new features, services, or enterprise solutions.
    • Legal Compliance and Protection
      • Bridge processes Personal Information to comply with applicable laws, regulations, court orders, and government requests.
      • Personal Information may be processed to protect the rights, property, and safety of Bridge, its clients, users, and the public, including detecting and preventing fraud, abuse, or unauthorized access.
  • Third-Party Service Providers
    • Bridge utilizes the following Third-Party Service Providers in the delivery of its AI Services and Automation Platform:
      • Make.com Services for workflow automation, data integration, and process orchestration;
      • ElevenLabs Services for voice synthesis, speech processing, and audio generation capabilities;
      • OpenAI Services for natural language processing, machine learning models, and generative AI functionality;
      • Twilio Services for communications infrastructure, messaging, and telephony services.
    • Each Third-Party Service Provider acts as a Data Processor on behalf of Bridge and may have access to Personal Information necessary for the performance of their designated services.
    • The categories of Personal Information that may be shared with Third-Party Service Providers include:
      • User Account Information for authentication and service provisioning;
      • Communications data including voice recordings, text messages, and conversation logs;
      • Usage data and system logs required for service optimization and troubleshooting;
      • Client Data processed through automation workflows and AI model interactions.
    • Bridge maintains contractual agreements with all Third-Party Service Providers that include:
      • Data processing limitations restricting use of Personal Information to the specific services contracted;
      • Security and confidentiality obligations equivalent to those maintained by Bridge;
      • Data retention and deletion requirements aligned with Bridge’s retention policies;
      • Incident notification and breach response procedures.
    • Bridge conducts regular assessments of Third-Party Service Providers’ privacy and security practices to ensure ongoing compliance with applicable privacy legislation.
    • Users acknowledge that Third-Party Service Providers may process Personal Information outside of Canada and may be subject to foreign laws and government access requirements.
    • Bridge remains responsible for the protection of Personal Information shared with Third-Party Service Providers and maintains oversight of their data processing activities.
  • Legal Basis for Processing
    • Bridge processes Personal Information only where we have a valid legal basis under applicable Ontario privacy legislation and other relevant laws.
    • Consent: We process Personal Information based on your explicit or implied consent, including when you:
      • Create a User Account or engage our AI Services;
      • Provide information through our website, applications, or service interfaces;
      • Subscribe to communications or marketing materials;
      • Participate in surveys, feedback processes, or user research activities.
    • Contractual Necessity: We process Personal Information where necessary to perform our contractual obligations, including:
      • Delivering AI Services and Automation Platform functionality;
      • Providing technical support and customer service;
      • Processing payments and managing billing arrangements;
      • Fulfilling service level agreements and performance metrics.
    • Legitimate Business Interests: We process Personal Information to pursue legitimate business interests, provided such interests do not override your privacy rights, including:
      • Improving and developing our AI Services and platform capabilities;
      • Conducting system monitoring, security assessments, and fraud prevention;
      • Analyzing usage patterns to optimize service performance;
      • Managing business operations, vendor relationships, and corporate governance.
    • Legal Compliance: We process Personal Information to comply with legal obligations, including:
      • Regulatory reporting and audit requirements;
      • Court orders, subpoenas, or other legal processes;
      • Tax obligations and financial reporting requirements;
      • Industry-specific compliance standards applicable to AI Services.
    • Vital Interests: We may process Personal Information where necessary to protect vital interests of individuals, including emergency situations or threats to health and safety.
    • Bridge will clearly communicate the specific legal basis for processing at the time of collection and will not process Personal Information for purposes incompatible with the original collection purpose without obtaining additional consent or establishing a new legal basis.
    • Where we rely on consent as the legal basis for processing, you have the right to withdraw such consent at any time, though withdrawal will not affect the lawfulness of processing conducted prior to withdrawal.
  • Data Retention
    • Bridge retains Personal Information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in Section 4 of this Privacy Policy, or as required by applicable law.
    • General Retention Periods for different categories of Personal Information are as follows:
      • User Account Information is retained for the duration of the active account relationship plus seven (7) years following account closure or termination of services.
      • Client Data processed through AI Services is retained for the duration of the service agreement plus three (3) years, unless longer retention is required by contractual obligations or applicable law.
      • Training Data used for AI model development and improvement is retained indefinitely in anonymized or aggregated form, provided individual identifiers have been permanently removed.
      • Communication records and support interactions are retained for five (5) years from the date of last communication.
      • Financial and billing information is retained for seven (7) years from the date of last transaction to comply with applicable tax and accounting requirements.
      • Website analytics and usage data is retained for twenty-four (24) months from the date of collection.
    • Extended Retention may occur where:
      • Legal proceedings are pending, threatened, or reasonably anticipated;
      • Regulatory investigations or audits require preservation of specific records;
      • Contractual obligations with clients specify longer retention periods;
      • Business continuity requirements necessitate extended retention for critical operational data.
    • Retention Criteria applied when determining specific retention periods include:
      • The nature and sensitivity of the Personal Information;
      • Applicable legal and regulatory requirements;
      • Legitimate business purposes and operational needs;
      • Client contractual requirements and industry standards;
      • The potential risks associated with continued retention versus destruction.
    • Secure Disposal of Personal Information occurs through:
      • Permanent deletion of electronic records using industry-standard data wiping protocols;
      • Physical destruction of paper records through certified document destruction services;
      • Secure deletion of data from Third-Party Service Providers’ systems in accordance with their data retention and deletion policies.
    • Bridge conducts annual reviews of retained Personal Information to ensure continued compliance with this retention schedule and to identify data eligible for secure disposal.
    • Data Subjects may request earlier deletion of their Personal Information in accordance with Section 10, subject to Bridge’s legal and contractual obligations.
  • Data Security and Protection
    • Bridge implements comprehensive enterprise-level security measures designed to protect Personal Information against unauthorized access, use, disclosure, alteration, or destruction throughout the data lifecycle.
    • Encryption Protocols
      • All Personal Information is encrypted both at rest and in transit using industry-standard encryption algorithms, including AES-256 encryption for stored data and TLS 1.2 or higher for data transmission.
      • Encryption keys are managed through secure key management systems with regular rotation schedules and are stored separately from encrypted data.
      • End-to-end encryption is implemented for sensitive communications and data transfers between Bridge’s systems and Third-Party Service Providers.
    • Access Controls and Authentication
      • Bridge employs multi-factor authentication for all system access and maintains role-based access controls that limit employee and contractor access to Personal Information based on job responsibilities and the principle of least privilege.
      • All access to Personal Information is logged, monitored, and subject to regular audit and review procedures.
      • Administrative access to systems containing Personal Information requires additional authorization and is continuously monitored for suspicious activity.
    • Infrastructure Security
      • Physical security measures include restricted access to data centers, environmental controls, and 24/7 monitoring of facilities where Personal Information is stored or processed.
      • Network security includes firewalls, intrusion detection systems, vulnerability scanning, and regular security assessments of all systems handling Personal Information.
      • Regular security updates and patches are applied to all systems, with critical security patches implemented within 72 hours of availability.
    • Third-Party Security Requirements
      • All Third-Party Service Providers are required to maintain security standards equivalent to or exceeding Bridge’s own security requirements through contractual obligations and regular security assessments.
      • Bridge conducts due diligence reviews of Third-Party Service Providers’ security practices and requires evidence of appropriate security certifications and compliance frameworks.
    • Incident Response Procedures
      • Bridge maintains a comprehensive incident response plan that includes immediate containment, assessment, notification, and remediation procedures for any suspected or confirmed Privacy Breach.
      • The incident response team is available 24/7 and includes designated privacy officers, security specialists, and legal counsel to ensure rapid and appropriate response to security incidents.
      • All security incidents involving Personal Information are documented, investigated, and reported in accordance with applicable legal requirements and client notification obligations.
    • Security Monitoring and Auditing
      • Continuous monitoring systems track access to Personal Information, detect anomalous behavior, and generate alerts for potential security threats.
      • Regular internal and external security audits are conducted to assess the effectiveness of security controls and identify areas for improvement.
      • Security metrics and performance indicators are regularly reviewed and reported to senior management and clients as required.
    • Employee Security Training
      • All employees and contractors with access to Personal Information receive mandatory privacy and security training upon hiring and annually thereafter.
      • Specialized training is provided to personnel working directly with AI Services and automation platforms to address the unique security considerations of these technologies.
  • International Data Transfers
    • Bridge may transfer Personal Information to countries outside of Canada in connection with the provision of AI Services and operation of the Automation Platform. International transfers of Personal Information occur primarily through our Third-Party Service Providers:
      • OpenAI Services may involve transfers to the United States for language processing and machine learning operations. ElevenLabs Services may involve transfers to the United Kingdom and European Union for voice AI processing.Make.com Services may involve transfers to various jurisdictions depending on integrated workflow applications. Twilio Services may involve transfers to the United States and other jurisdictions where Twilio maintains infrastructure.
      Bridge implements appropriate safeguards for international data transfers including:
      • Contractual protections equivalent to Canadian privacy standards through data processing agreements with all Third-Party Service Providers. Technical safeguards including encryption in transit and at rest for all cross-border data transmissions. Organizational measures including access controls, staff training, and regular audits of international data handling practices.
      Bridge conducts due diligence assessments of the privacy laws and practices in destination countries before engaging Third-Party Service Providers for international data processing. Where required by applicable law, Bridge will obtain explicit consent from Data Subjects before transferring their Personal Information to jurisdictions with substantially different privacy protections than Canada. Data Subjects have the right to request information about specific international transfers of their Personal Information and the safeguards applied to such transfers.
    • Bridge maintains records of all international data transfers including the categories of Personal Information transferred, destination countries, and applicable safeguards implemented.
  • Your Privacy Rights
    • Right of Access
      • You have the right to request access to your Personal Information that Bridge processes, including information about the purposes of processing, categories of data, and recipients of your information.
      • Bridge will provide you with a copy of your Personal Information in a structured, commonly used format within thirty (30) days of receiving your verified request.
      • Access requests may be subject to reasonable verification procedures to confirm your identity and prevent unauthorized disclosure.
    • Right to Correction
      • You may request correction of inaccurate or incomplete Personal Information that Bridge maintains about you.
      • Bridge will make reasonable efforts to correct verified inaccuracies within thirty (30) days of receiving your request and will notify relevant Third-Party Service Providers of such corrections where applicable.
    • Right to Deletion
      • You may request deletion of your Personal Information where it is no longer necessary for the purposes for which it was collected or where you withdraw consent for processing based on consent.
      • Bridge may retain certain Personal Information where required by law, for legitimate business purposes, or where deletion would compromise the integrity of AI Services or Training Data.
    • Right to Data Portability
      • You have the right to receive Personal Information that you provided to Bridge in a structured, machine-readable format and to transmit such data to another service provider.
      • Data portability rights apply only to Personal Information processed based on your consent or for contract performance.
    • Right to Withdraw Consent
      • Where processing is based on your consent, you may withdraw such consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
      • Withdrawal of consent may limit Bridge’s ability to provide certain AI Services or features that depend on the processing of your Personal Information.
    • Right to Object to Processing
      • You may object to processing of your Personal Information for direct marketing purposes or where processing is based on legitimate interests.
      • Bridge will cease such processing unless it can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
    • Limitations on Rights
      • Your privacy rights may be limited where exercising such rights would adversely affect the rights and freedoms of others or interfere with law enforcement activities.
      • Certain rights may not be available with respect to Personal Information that has been anonymized or aggregated for Training Data purposes.
    • Exercising Your Rights
      • Privacy rights requests must be submitted in writing to Bridge’s Privacy Officer using the contact information provided in Section 16 of this Privacy Policy.
      • Bridge may request additional information to verify your identity before processing rights requests, particularly for sensitive operations such as data deletion or portability.
      • There is no fee for exercising your privacy rights unless requests are manifestly unfounded, excessive, or repetitive, in which case Bridge may charge a reasonable administrative fee.
  • Cookies and Tracking Technologies
    • Types of Tracking Technologies. Bridge uses cookies, web beacons, pixel tags, local storage, and similar tracking technologies on our website, client portals, and AI Services platform to enhance user experience, analyze service performance, and optimize our Automation Platform functionality.
    • Essential Cookies. We deploy strictly necessary cookies to enable core platform functionality, maintain User Account Information sessions, secure API communications with Third-Party Service Providers, and ensure proper operation of our AI Services.
    • Analytics and Performance Cookies. Bridge utilizes analytics cookies to collect aggregated data on user interactions with our AI Services, measure automation workflow performance, track API usage patterns with Make.com Services, OpenAI Services, ElevenLabs Services, and Twilio Services, and generate platform usage reports.
    • Functional Cookies. We implement functional cookies to remember user preferences within our Automation Platform, maintain customized dashboard configurations, store language and regional settings, and preserve AI model training preferences where applicable.
    • Third-Party Tracking Technologies. Our Third-Party Service Providers may place their own cookies and tracking technologies when users interact with integrated AI Services, subject to their respective privacy policies and our data processing agreements with such providers.
    • Cookie Duration and Storage. Session cookies are automatically deleted when users close their browser, while persistent cookies remain on user devices for periods ranging from thirty (30) days to two (2) years, depending on their specific function and user preferences.
    • Cross-Device Tracking. Bridge may link user activity across multiple devices and sessions to provide seamless AI Services experience, optimize automation workflows, and maintain consistent User Account Information synchronization.
    • Cookie Management and Consent. Users may manage cookie preferences through their browser settings or our cookie preference center, provided that disabling essential cookies may limit access to certain AI Services functionality and Automation Platform features.
    • Tracking Technology Updates. Bridge reserves the right to implement new tracking technologies as our AI Services evolve, with appropriate notice provided through our privacy policy updates and cookie preference center notifications.
  • Children’s Privacy
    • Bridge does not knowingly collect Personal Information from children under the age of thirteen (13) years without obtaining verifiable parental consent, except as permitted by applicable law.
    • Where Bridge becomes aware that Personal Information has been collected from a child under thirteen (13) years of age without proper parental consent, Bridge will take immediate steps to delete such information from its systems.
    • For children between the ages of thirteen (13) and eighteen (18) years, Bridge requires either:
      • verifiable parental consent; or
      • consent from the minor where such minor has the legal capacity to provide consent under Ontario law.
    • Bridge will not use children’s Personal Information for AI model training, profiling, or automated decision-making purposes without explicit parental consent and appropriate safeguards.
    • Parents and legal guardians have the right to:
      • review any Personal Information collected from their child;
      • request deletion of their child’s Personal Information;
      • refuse to permit further collection or use of their child’s Personal Information; and
      • withdraw previously given consent at any time.
    • Bridge implements additional security measures and data minimization practices when processing children’s Personal Information, including restricted access controls and enhanced retention limitations.
    • Third-Party Service Providers processing children’s Personal Information on behalf of Bridge must demonstrate compliance with applicable children’s privacy protection requirements and maintain appropriate contractual safeguards.
    • Bridge will not disclose children’s Personal Information to third parties for marketing purposes or permit such third parties to contact children directly through Bridge’s platforms.
  • Data Breach Notification
    • Bridge shall maintain documented procedures for identifying, assessing, containing, and responding to Privacy Breaches involving Personal Information processed through its AI Services and Automation Platform.
    • Upon becoming aware of a Privacy Breach, Bridge shall conduct an immediate risk assessment to determine:
      • the scope and nature of Personal Information involved in the breach;
      • the number of Data Subjects potentially affected;
      • the likelihood of harm to affected individuals;
      • whether the breach involves Sensitive Personal Information or Biometric Information;
      • the potential for identity theft, fraud, or other adverse consequences.
    • Where a Privacy Breach creates a real risk of significant harm to affected individuals, Bridge shall notify the Privacy Commissioner of Canada and any applicable provincial privacy commissioners without unreasonable delay and in any event within seventy-two (72) hours of becoming aware of the breach.
    • Notification to privacy regulators shall include:
      • a description of the circumstances of the Privacy Breach;
      • the categories and approximate number of Data Subjects affected;
      • the categories and approximate number of Personal Information records involved;
      • the likely consequences of the Privacy Breach;
      • measures taken or proposed to address the breach and mitigate potential adverse effects;
      • contact information for Bridge’s privacy officer or designated representative.
    • Bridge shall notify affected Data Subjects without unreasonable delay where the Privacy Breach creates a real risk of significant harm, except where:
      • Bridge has implemented appropriate technological safeguards that render the Personal Information unintelligible to unauthorized persons;
      • Bridge has taken subsequent measures that effectively mitigate the risk of harm;
      • notification would cause disproportionate effort, in which case Bridge may substitute public notification through prominent website posting and media advisories.
    • Individual breach notifications shall be communicated in clear and plain language and include:
      • a description of the Privacy Breach and the Personal Information involved;
      • the date or estimated date of the breach;
      • steps Bridge has taken to reduce the risk of harm;
      • specific steps the individual should take to protect themselves;
      • Bridge’s contact information for inquiries about the breach.
    • Where the Privacy Breach involves Third-Party Service Providers including Make.com Services, ElevenLabs Services, OpenAI Services, or Twilio Services, Bridge shall:
      • immediately notify the affected service provider of the breach;
      • coordinate response efforts and notification obligations with the service provider;
      • ensure that contractual breach notification requirements with service providers are fulfilled.
    • Bridge shall maintain comprehensive records of all Privacy Breaches, including documentation of risk assessments, notification decisions, remedial measures taken, and communications with regulators and affected individuals.
    • Bridge shall conduct post-breach reviews to identify system vulnerabilities, process improvements, and additional safeguards necessary to prevent similar incidents, with particular attention to AI Services security protocols and data flows between Third-Party Service Providers.
  • Privacy Impact Assessments
    • Bridge shall conduct a Privacy Impact Assessment (“PIA“) prior to implementing any new AI Services, Automation Platform features, or data processing activities that may create privacy risks for Data Subjects.
    • A PIA shall be mandatory in the following circumstances:
      • Implementation of new AI models or machine learning algorithms that process Personal Information;
      • Integration of additional Third-Party Service Providers into Bridge’s data processing ecosystem;
      • Changes to existing data processing purposes or the introduction of new processing purposes;
      • Processing of Sensitive Personal Information or Biometric Information through AI Services;
      • Implementation of automated decision-making systems that may significantly affect Data Subjects;
      • Cross-border data transfers to new jurisdictions or service providers.
    • Each PIA shall include, at minimum:
      • Description of the proposed data processing activities and their business justification;
      • Assessment of privacy risks and potential impact on Data Subjects;
      • Evaluation of compliance with applicable privacy legislation;
      • Analysis of data minimization and purpose limitation principles;
      • Review of security safeguards and risk mitigation measures;
      • Consultation requirements with affected stakeholders or privacy authorities.
    • PIAs shall be conducted by qualified privacy professionals and reviewed by Bridge’s privacy officer before implementation of any assessed activities.
    • Bridge shall maintain records of all PIAs for a minimum of seven years and make them available to privacy regulators upon request.
    • PIAs shall be updated when there are material changes to the assessed processing activities or when privacy risks materially increase.
  • Updates to This Policy
    • Bridge reserves the right to modify, update, or revise this Privacy Policy at any time to reflect changes in our AI Services, business practices, legal requirements, or regulatory guidance.
    • Material changes to this Privacy Policy will be communicated through the following methods:
      • Prominent notice posted on Bridge’s website for a minimum of thirty (30) days prior to the effective date of changes;
      • Direct email notification to registered users and active clients at least thirty (30) days before implementation;
      • In-platform notifications within user dashboards and client portals where applicable.
    • Non-material changes, including administrative updates, clarifications, or corrections that do not affect the substance of our privacy practices, may be implemented immediately upon posting the updated Privacy Policy on our website.
    • The effective date of any revised Privacy Policy will be clearly indicated at the top of the document, and the previous version will be archived and made available upon request for a period of three (3) years.
    • Continued use of Bridge’s AI Services, Automation Platform, or website following the effective date of any Privacy Policy updates constitutes acceptance of the revised terms.
    • Data Subjects who do not agree to material changes in this Privacy Policy may:
      • Discontinue use of Bridge’s services;
      • Request deletion of their Personal Information in accordance with Section 10;
      • Contact Bridge’s privacy officer to discuss alternative arrangements where feasible.
    • For enterprise clients with existing service agreements, material Privacy Policy changes may require amendment to underlying contracts and will be subject to any notice provisions contained therein.
    • Bridge will maintain records of all Privacy Policy versions and the dates of their implementation for regulatory compliance and audit purposes.
  • Contact Information
    • Privacy Officer Designation
  • Bridge has designated a Privacy Officer who is responsible for overseeing compliance with this Privacy Policy and applicable privacy legislation.
    • Privacy Officer Contact Information
  • All privacy-related inquiries, requests, and complaints should be directed to Bridge’s Privacy Officer at:
    • Mailing Address: 36-15 Stauffer Woods Trail, Kitchener, Ontario, N2P 0L1
    • Phone: 416 854 4091
    • Response Timeframes
      • Bridge will acknowledge receipt of privacy inquiries within five (5) business days of receipt.
      • Bridge will provide a substantive response to privacy requests within thirty (30) days of receipt, or such shorter period as may be required under applicable privacy legislation.
      • If additional time is required to respond to complex requests, Bridge will notify the requestor and provide an estimated timeline for completion.
    • Required Information for Privacy Requests
  • Privacy requests must include sufficient information to verify the identity of the requestor and locate the relevant Personal Information, including:
    • Full name and contact information of the Data Subject;
    • Description of the Personal Information or privacy concern;
    • Preferred method of response; and
    • Valid identification documentation as may be reasonably required.
    • Escalation Process
      • If a privacy concern cannot be resolved directly with Bridge’s Privacy Officer, individuals may file a complaint with the Office of the Privacy Commissioner of Canada.
      • Contact information for the Privacy Commissioner: www.priv.gc.ca or 1-800-282-1376.
    • Business Hours and Availability
  • The Privacy Officer is available to respond to privacy inquiries during regular business hours, Monday through Friday, 9:00 AM to 5:00 PM Eastern Time, excluding statutory holidays.

Verified by MonsterInsights