Privacy Policy

1. Introduction

IAXOV Inc. ("IAXOV," "we," "us," or "our") is a federally incorporated Canadian corporation headquartered in Calgary, Alberta. This Privacy Policy describes how we collect, use, store, disclose, and protect personal information when you use our websites, platforms, applications, and services (collectively, "Services"). By accessing or using our Services, you consent to the practices described in this policy.

2. Information We Collect

We may collect the following categories of information with your consent:

• Personal Information: Name, email address, phone number, mailing address, job title, organization name, and similar identifiers provided through forms, registrations, or correspondence.
• Voice and Audio Data: Voice recordings, transcriptions, and related audio data when you interact with our voice-enabled services or participate in AI-driven interviews and assessments.
• Video and Visual Data: Video recordings, images, and visual data captured during video-enabled interactions, assessments, or sessions conducted through our platforms.
• Biometric and Behavioral Information: Voice patterns, speech characteristics, facial recognition data, facial expression cues, posture analysis, gaze tracking, environmental context, and other biometric or behavioral identifiers derived from audio, video, or sensor interactions. This information is collected only with your explicit consent and used solely for the purposes disclosed at the time of collection.
• Assessment and Performance Data: Competency evaluations, skills assessments, career pathway information, and related analytical outputs generated through our platforms.
• Usage Data: IP addresses, browser type, device information, pages visited, referring URLs, and interaction patterns collected through standard web technologies.
• Communications Data: Content of messages, emails, and other communications you send to us or through our platforms.
• User-Generated Content: Any content you create, upload, or submit through our Services.

3. How We Use Your Information

We use your information for the following purposes, each with your consent where required by law:

• Providing, operating, and improving our Services
• Processing AI-driven assessments, interviews, and analytical outputs
• Communicating with you via email, SMS, phone, push notifications, and other channels you have consented to
• Sending service-related notifications, updates, and administrative messages
• Responding to inquiries, support requests, and feedback
• Conducting research and analytics to improve our platforms and services
• Ensuring security, preventing fraud, and enforcing our terms
• Complying with legal obligations and responding to lawful requests

4. Outbound Communications

With your consent, we may communicate with you through various channels including email, SMS, telephone, push notifications, and other electronic means. You may withdraw your consent to receive non-essential communications at any time by contacting us at [email protected] or using the unsubscribe mechanism provided in each communication. Service-critical notifications related to your active use of our platforms may continue as necessary for the operation of the Services.

5. Client Application Services

IAXOV provides platform services to organizational clients who deploy our technology for their employees, members, or stakeholders. When you interact with an IAXOV-powered application made available by one of our clients, that client acts as the data controller and maintains their own privacy policies and terms of service governing your use. We act as a data processor on behalf of such clients and process your data solely in accordance with our agreements with them. Please refer to the deploying organization's privacy policy for information about how your data is handled in those contexts.

6. Third-Party Data Processing

Our systems may transmit data to third-party services for processing, including but not limited to AI model providers, cloud infrastructure providers, communication services, and analytics platforms. Every third-party processor we engage is required to maintain SOC 2 Type 2, ISO 27001, or equivalent or superior security certifications. Where applicable, third-party processors must also adhere to all relevant regulatory controls for the jurisdictions and data types involved. We require these standards contractually; however, each third-party provider is independently responsible for maintaining their own certifications and compliance posture.

7. Data Security

We employ industry best practices as current at the time of implementation to ensure that all data, systems, processes, and integrations are secure, private, and audited. This includes encryption in transit and at rest, access controls, monitoring, and regular security reviews. Our platforms are designed to be certification-ready and adhere to the practices of SOC 2 Type 2, ISO 27001, ISO 42001, and ISO 9001 frameworks by default. Specific certifications may be obtained as part of individual client deployments at the client's election.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specific retention practices include:

• Account and service data: Retained for the duration of your relationship with us or the deploying client, and for a reasonable period thereafter for legitimate business and legal purposes.
• User-generated content: Upon deletion or exercise of your right to be forgotten, user-generated content is securely retained for 30 days to accommodate lawful requests and policy assurance requirements, after which it is permanently deleted.
• Communications and logs: Retained in accordance with applicable legal requirements and our internal data governance policies.

9. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Right of Access: Request a copy of the personal information we hold about you.
• Right of Correction: Request correction of inaccurate or incomplete information.
• Right to Be Forgotten: Request deletion of your personal information. We honor this right, subject to the 30-day secure retention period for user-generated content as described above, and any overriding legal obligations.
• Right to Withdraw Consent: Withdraw consent for processing at any time, without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Data Portability: Request your data in a structured, commonly used, machine-readable format where technically feasible.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or as required by applicable law.

10. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Data sharing is limited to the third-party processing described in Section 6 and as required by law.

11. SMS and Telephone Communications

We will only contact you via SMS or telephone with your explicit prior consent. SMS communications are used solely for service-related purposes and are never used for marketing unless you have separately opted in. Standard message and data rates may apply. You may opt out of SMS communications at any time by replying STOP or contacting [email protected].

12. Jurisdiction-Specific Rights

Canada (PIPEDA): You have the right to access your personal information, challenge its accuracy, and withdraw consent for its collection, use, or disclosure.

European Union and United Kingdom (GDPR): In addition to the rights in Section 9, you have the right to restrict processing, object to processing based on legitimate interests, and lodge a complaint with your local supervisory authority. Where processing is based on consent, you may withdraw consent at any time.

California (CCPA/CPRA): You have the right to know what personal information we collect, request its deletion, opt out of any sale (though we do not sell data), and not be discriminated against for exercising your rights.

13. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to operate our Services, analyze usage patterns, and improve user experience. You may control cookie preferences through your browser settings. We use analytics services to understand how our Services are used; these services may collect information about your interactions with our websites in accordance with their own privacy policies.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

15. International Data Transfers

Your information may be processed in Canada and other jurisdictions where our service providers operate. Where data is transferred outside of Canada, we ensure appropriate safeguards are in place in accordance with applicable privacy legislation, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the General Data Protection Regulation (GDPR).

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through our Services or by other appropriate means. Your continued use of our Services after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: