This Privacy Policy covers how HoneOS.ai Inc. collects, uses, stores, and shares personal information. It applies to our platform, website, and all related services. We are committed to compliance with PIPEDA (Canada), GDPR (EU/UK), and applicable US privacy laws. This policy is hosted on our own domain (www.honeoss.com) and is available without signing in.
1. Who we are
HoneOS.ai Inc. (“HoneOS.ai”, “we”, “us”, or “our”) is a corporation incorporated under the laws of British Columbia, Canada. We operate the HoneOS.ai Vision software-as-a-service platform for lead and account data enrichment. For the purposes of applicable privacy law, HoneOS.ai acts as:
- A data controller in respect of personal information we collect directly from users, website visitors, and prospective customers; and
- A data processor in respect of personal information submitted to the Platform by our customers in the course of using our services.
Our Privacy Officer can be contacted at: [email protected]
2. Information we collect
2.1 Information you provide directly
We collect personal information that you provide to us when you create an account, subscribe to the Platform, contact us, or participate in our beta or feedback programs, including:
- Identity information: full name, job title, company name;
- Contact information: email address, phone number, business address;
- Account credentials: username and encrypted password;
- Payment and billing information: credit card details (processed by our payment processor), billing address, and invoicing information;
- Communications: the content of emails, support requests, survey responses, and feedback you send to us.
2.2 Information collected automatically
When you access the Platform or our website, we automatically collect:
- Usage and behavioural analytics: pages visited, features used, session duration, click patterns, and in-platform actions;
- Technical data: IP address, browser type and version, operating system, device identifiers, and referring URLs;
- API usage data: API call logs, request volumes, and integration activity;
- Cookies and similar technologies: as described in our Cookie Policy (available on our website).
2.3 Firmographic & business data
As part of providing our data enrichment services, we collect and process company and firmographic data, including company names, industry classifications, company size, revenue ranges, and other business-level information. Where such data relates to identifiable individuals (e.g. named business contacts), it constitutes personal information under applicable law.
2.4 Information from third parties
We may receive personal information about you from third parties, including data enrichment providers, business directories, social networks (such as LinkedIn), and referral partners, where permitted by applicable law. We take reasonable steps to verify that such third parties have the right to share this information with us.
2.5 Sign in with Google (OAuth)
If you choose Sign in with Google, Google shares with us the personal data that you authorize through the Google consent screen—typically your Google account email address and name, and sometimes your profile picture, depending on your Google settings and the scopes we request.
We use this information only to authenticate you, create and secure your account, display your identity in the product where appropriate, and communicate with you about the Services. We do not receive your Google password. We do not use Google account data for unrelated advertising or resale.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
3. How we use your information
We use personal information for the following purposes and on the following legal bases:
| Purpose | Legal basis (GDPR) | Legal basis (PIPEDA/Canada) |
|---|---|---|
| Providing and operating the Platform | Contract performance | Consent / Contractual necessity |
| Processing payments and invoicing | Contract performance | Contractual necessity |
| Sending service and account notices | Contract performance | Contractual necessity |
| Improving and developing the Platform | Legitimate interests | Implied consent |
| Usage analytics and product research | Legitimate interests | Implied consent |
| Marketing and promotional communications | Consent | Express consent |
| Security monitoring and fraud prevention | Legitimate interests | Legitimate business purpose |
| Legal compliance and regulatory obligations | Legal obligation | Legal obligation |
| Responding to support requests | Contract performance | Contractual necessity |
4. How we share your information
We do not sell personal information. We may share personal information with:
- Service providers and sub-processors: third-party vendors who process data on our behalf to provide the Platform (e.g. cloud hosting, payment processing, analytics). A current list of our sub-processors is available at www.honeoss.com/subprocessors;
- Business partners: with your consent, we may share information with integration partners to enable connected features;
- Professional advisors: lawyers, accountants, and auditors under confidentiality obligations;
- Regulatory authorities and law enforcement: where required by applicable law, court order, or legal process;
- Acquirers: in connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, subject to confidentiality protections.
All third parties with whom we share personal information are required to implement appropriate technical and organizational safeguards and to process personal information only as instructed by us.
5. International data transfers
HoneOS.ai is headquartered in British Columbia, Canada. We may transfer personal information to countries outside your country of residence, including Canada, the United States, and other countries where our service providers operate. Where we transfer personal information from the European Economic Area or the United Kingdom to countries not recognized as providing an adequate level of protection, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- UK International Data Transfer Agreements (IDTAs) as applicable;
- Other legally recognized transfer mechanisms as required.
Transfers from Canada to other jurisdictions are conducted in accordance with PIPEDA’s accountability principle, including contractual protections with all recipients.
6. Data retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including for the duration of our relationship with you, to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:
- Account and subscription data: for the duration of the subscription plus seven (7) years for tax and financial record-keeping purposes;
- Usage and analytics data: up to two (2) years from collection, then aggregated or anonymized;
- Marketing communications data: until you withdraw consent or opt out;
- Support and communications records: three (3) years from the date of the interaction;
- Beta program data: fifteen (15) days following the end of the Beta Period, then deleted.
7. Your privacy rights
Depending on your location, you may have the following rights in respect of your personal information:
| Right | Canada (PIPEDA/Law 25) | EU/UK (GDPR) | US (CCPA/CPRA) |
|---|---|---|---|
| Access your data | ✓ | ✓ | ✓ |
| Correct inaccurate data | ✓ | ✓ | ✓ |
| Delete your data | Limited | ✓ | ✓ |
| Restrict processing | — | ✓ | Limited |
| Data portability | — | ✓ | ✓ |
| Object to processing | — | ✓ | — |
| Opt out of sale/sharing | N/A (no sale) | N/A (no sale) | ✓ |
| Withdraw consent | ✓ | ✓ | ✓ |
| Lodge a complaint | ✓ (OPC) | ✓ (DPA) | ✓ (AG) |
To exercise any of your rights, please contact us at [email protected]. We will respond within the timeframes required by applicable law (generally 30 days, with extensions where permitted). We may need to verify your identity before processing your request.
8. Security
We implement and maintain commercially reasonable technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. In the event of a personal data breach that poses a risk to individuals, we will notify affected individuals and relevant regulatory authorities as required by applicable law.
9. Children’s privacy
The Platform is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe we have collected information from a child, please contact us at [email protected].
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. We will notify you of material changes by email or via a prominent notice on the Platform at least thirty (30) days before the change takes effect. The current version of this Privacy Policy is always available at www.honeoss.com/privacy.html.
11. Contact & complaints
For questions, concerns, or to exercise your privacy rights, please contact our Privacy Officer:
If you are located in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. If you are located in Canada, you may contact the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.