Privacy Policy

Introduction

Canarie AI ("Canarie," "we," "us," or "our") provides machine-assisted governance solutions for banks, fintechs, and financial institutions. We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, use our platform, or engage with our services.

As a company serving the financial services industry, we understand the critical importance of data security and privacy. We apply the same rigor to protecting your information that we help our clients apply to their compliance obligations.

Information We Collect

Account Information

When you create an account, we collect information through our authentication provider, Clerk:

• Email address
• First and last name
• Organization name and membership
• Role within your organization
• Profile photo (if provided)

Organization Profile Information

To provide relevant regulatory intelligence, we collect business profile information including:

• Legal name and DBA name
• Entity type and operating structure
• Primary regulatory framework and charter type
• Industry verticals and financial products offered
• Customer types served
• Operating states and jurisdictions
• Federal regulator oversight
• Licensing status and compliance concerns
• Asset size and institution type

Compliance Content

When you use our platform, you may upload or create:

• Policies and procedures documents
• Compliance evidence and attestations
• Task completions and workflow data
• Audit trails and sign-offs
• Notes and annotations on regulatory documents

Usage and Session Data

We use analytics tools to understand how users interact with our platform:

• Session recordings of platform interactions
• Feature usage patterns and navigation
• Browser type, operating system, and device information
• Error logs and performance data

This helps us identify and fix issues, improve user experience, and understand which features provide the most value. Session recordings do not capture sensitive document content or passwords.

How We Use Your Information

Platform Services

• Regulatory Intelligence: Your organization profile determines which regulatory changes and alerts are relevant to you through our Radar module.
• AI-Powered Analysis: We use your uploaded documents and organization profile to provide applicability assessments, policy analysis, and compliance recommendations.
• Workflow Automation: Organization data enables automated task scheduling, assignment, and tracking through Console and Ledger.
• Evidence Management: Your compliance documentation is stored and organized for audit and examination preparation.

Service Operations

• User authentication and access control
• Customer support and issue resolution
• Platform performance monitoring and improvement
• Security incident detection and prevention
• Service communications and updates

Third-Party Services

We work with trusted service providers to operate our platform. These include:

AI and Machine Learning

Canarie uses artificial intelligence to provide regulatory analysis and compliance recommendations. Important information about our AI practices:

• Document Processing: When you request AI analysis, your documents may be processed by our AI service providers. These providers may temporarily process document content to generate responses.
• No Model Training: Your institutional data and documents are not used to train AI models. We use commercial AI APIs that do not retain your data for training purposes.
• Data Isolation: Each organization's data is completely isolated. Your data is never shared with or accessible to other organizations.
• Human Oversight: AI-generated analyses and recommendations are clearly marked and require human review before any compliance actions are taken.

How We Share Your Information

We do not sell your personal information or compliance data. We share information only in these circumstances:

• Service Providers: With the third-party providers listed above to operate our platform. Each provider is bound by data processing agreements.
• Within Your Organization: With other members of your organization based on roles and permissions you configure.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
• With Your Consent: When you explicitly authorize sharing.

Data Security

We implement security measures appropriate for financial services data:

• Encryption: Data encrypted at rest and in transit using industry-standard protocols (AES-256, TLS 1.3).
• Access Controls: Role-based access controls within organizations. Multi-factor authentication available through Clerk.
• Multi-Tenant Isolation: Complete data isolation between organizations at the database level.
• Infrastructure Security: Hosted on AWS with SOC 2 compliant data centers in the United States.
• Monitoring: Continuous security monitoring and logging of system access.

Data Retention

• Account Data: Retained while your account is active. Upon account deletion, personal data is removed within 30 days.
• Organization Data: Retained while the organization subscription is active. Compliance evidence and audit trails may be retained longer per regulatory requirements.
• Session Recordings: Analytics session data is retained according to our service provider's retention policies.
• Backups: Database backups are retained for disaster recovery and rotated according to our backup schedule.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Export: Export your data in standard formats (CSV, JSON, PDF) from the platform.
• Opt-Out: Opt out of marketing communications at any time.

To exercise these rights, contact us at hello@canarie.ai.

Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Essential cookies to maintain your login session.
• Preferences: Remember your settings like theme preferences.
• Analytics: Understand platform usage and improve user experience.

You can control cookies through your browser settings, though disabling essential cookies will prevent platform access.

California Privacy Rights

California residents have additional rights under the CCPA:

• Right to Know: Request information about data collection and use.
• Right to Delete: Request deletion of personal information.
• No Sale: We do not sell personal information.
• Non-Discrimination: We will not discriminate against you for exercising privacy rights.

Children's Privacy

Canarie is a B2B platform designed for business use. We do not knowingly collect information from individuals under 18. If you believe we have inadvertently collected such information, contact us immediately.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We'll notify you of material changes by posting an updated policy with a new "Last Updated" date. For significant changes, we may provide additional notice through the platform or via email.

Contact Us

Questions about this Privacy Policy or our data practices?