Privacy policy

Canary's AI features leverage cutting-edge machine learning (ML) and language models. Your data—including any retrieved from Google services—is never used to develop, improve, or train generalized or non-personalized AI/ML models. Personalized models are trained and stored on-device, and only you have access to your own models.

Because modern language models are extremely large and require significant compute resources, they are hosted on secure servers. Our AI features utilize providers such as OpenAI, Azure, AWS, Google, Anthropic, and others. These providers help power:

• Auto-drafting replies
  

• Answering queries
  

• Analyzing customer support trends and top issues
  

We do not allow these providers to retain or use your data to train or improve their models. We have opted out of all such data-sharing.

AI Chatbot Configuration: Admins can upload documents and configure settings to shape the chatbot's tone and knowledge. These documents and messages are sent to LLM providers to power the chatbot experience.

These features are designed to improve operational efficiency while preserving privacy and data integrity.

Our AI processing is designed to exclude sensitive data from training datasets and is fully aligned with GDPR, HIPAA, and CCPA compliance frameworks.

Also, we only access and process the email data that is required to provide you with the shared inbox features, such as email status, email assignee, email history, labels, requesters, timestamps, and email content relevant to team collaboration.

We may also use anonymized, aggregated data for internal analytics and to improve the Service. This data does not identify individual users.

We use the collected information to:

• Provide, maintain, and improve the Service
  

• Manage your account and subscriptions
  

• Communicate with you regarding updates, support, and marketing (you can opt out anytime)
  

• Ensure the security and integrity of the Service
  

• Analyze usage trends to improve user experience
  

• Comply with applicable legal and regulatory obligations, including HIPAA requirements when handling Protected Health Information (PHI)
  

We collect and process information about EU residents only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only where:

• We need it to provide you the Services, including to operate the Services, provide customer support and to protect the safety and security of the Services;
  

• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
  

• You give us consent to do so for a specific purpose; or
  

• We need to process your data to comply with a legal obligation.
  

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

Limited, audited access to your account data may be granted to authorized Canary personnel strictly for troubleshooting or customer support purposes and only upon your request.

We do not sell your personal data. We may share your information with:

• Service providers: Hosting (e.g., AWS), analytics (e.g., Firebase, Google Analytics, Mixpanel), payment processing (e.g., Stripe).
  

• Affiliates and contractors: For internal business operations under confidentiality agreements.
  

• Legal authorities: If required to comply with applicable law or protect rights.
  

A full list of third-party subprocessors is available upon request.

If we process Protected Health Information (PHI), we do so in accordance with HIPAA requirements and only with appropriate Business Associate Agreements (BAAs) in place.

We use cookies and similar technologies to:

• Authenticate users
  

• Store preferences
  

• Analyze user behavior and usage
  

You can control cookies through your browser settings or opt out of analytics cookies. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked.

We implement industry-standard security measures including:

The information we collect is stored on our servers in Germany. Germany has been recognized by the European Commission as offering an adequate level of data protection such that personal data can flow from the EU to that country without any need for further safeguards.

Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. By using our Services, you consent to any transfer and processing in accordance with this policy. Whenever we transfer your information, we take steps to protect it.