Last updated June 2026
This Privacy Policy explains how SmartSMB (“SmartSMB”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal information. SmartSMB operates the website at smartsmb.ai and provides an AI receptionist and missed-call recovery service that answers calls, sends and receives text messages, qualifies leads, and books and rebooks appointments for small businesses.
SmartSMB is operated by SmartSMB Inc., based in Alberta, Canada. We are committed to handling personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), Canada’s Anti-Spam Legislation (“CASL”), and applicable provincial privacy laws.
We handle personal information in two distinct capacities, and your rights differ depending on which applies:
From business customers: name, business name, email address, phone number, billing and payment details, account credentials, the configuration of your AI agent, and the integrations you connect (such as your calendar).
From callers and end users (on behalf of our customers): phone number, name, the reason for the call, appointment and scheduling details, address or service location, and any other information a caller provides during a call or text conversation.
Call and message content: audio recordings of phone calls, automated transcriptions of those calls, and the content of SMS/text conversations handled by the service.
Automatically: call metadata (time, duration, caller ID, outcome), usage and performance metrics, log data, device and browser information, IP address, and cookies/similar technologies used to operate the site.
The service records and transcribes phone calls so the AI can understand and respond, so calls can be reviewed for quality and accuracy, and so we can confirm the system worked. Recording begins at the start of a call.
We use de-identified and aggregated data (which does not identify any individual) to measure and improve the service. We do not sell personal information, and we do not use the content of customer calls, messages, or transcripts to train third-party foundation models.
We rely on consent to collect, use, and disclose personal information, except where collection, use, or disclosure without consent is permitted or required by law. By using the service, business customers consent to this Policy. Business customers are responsible for obtaining the consent of their callers and end users for the recording, messaging, and processing performed through the service. You may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice, by contacting us — though doing so may prevent us from providing the service.
The service sends commercial and transactional electronic messages (such as missed-call text-backs, confirmations, reminders, and follow-ups) on behalf of our business customers. Our customers are responsible for ensuring they have the consent required under CASL to message their recipients. Every recipient can opt out by replying STOP (or as otherwise indicated in the message), and opt-out requests are honoured promptly.
We do not sell or rent personal information. We disclose it only as follows:
Some of our service providers store and process data in the United States and other countries. As a result, personal information may be transferred to, stored in, and processed outside Canada, where it may be accessible to courts, law enforcement, and regulatory authorities under the laws of those jurisdictions. We use providers that offer contractual and technical safeguards comparable to those required under Canadian law.
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, and row-level security on stored data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We retain personal information only as long as needed for the purposes described in this Policy, to provide the service, and to meet legal, accounting, and reporting requirements, after which it is deleted or de-identified. Business customers may request deletion of data processed on their behalf, subject to legal retention obligations. Demo recordings are deleted on request.
Subject to legal limits, you have the right to: access the personal information we hold about you; request correction of inaccurate information; request deletion; withdraw consent; and ask questions about how your information is handled. To exercise these rights, email support@smartsmb.ai. We will respond within the time required by applicable law. End users should generally direct requests to the business they contacted; we will assist in routing such requests.
Our website uses cookies and similar technologies to operate the site, remember preferences, and measure usage. You can control cookies through your browser settings; disabling them may affect site functionality.
The service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
We may update this Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by additional notice. Continued use of the service after changes take effect constitutes acceptance.
For privacy questions, requests, or complaints, contact our Privacy Officer at support@smartsmb.ai. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.