Sera AI

Privacy Policy

This privacy policy explains how we collect, use, and protect your information.

Introduction

Welcome to Sera AI, an AI automation platform specializing in intelligent voice agents that help businesses manage customer support, outbound engagement, and operational efficiency. Our AI agents assist businesses by answering calls, booking appointments, handling customer support inquiries, and offering personalized experiences.

Information We Collect

Customer Data

To provide our services on behalf of our clients, we may collect limited information from their customers, including:

  • Contact Information: Name, phone number, and email address.
  • Interaction Data: Details of calls, messages, or inquiries made to the business.
  • Service Information: Appointment requests, support tickets, or order-related details shared during interactions.

Client (Business) Data

From businesses using Sera AI, we collect:

  • Account Information: Company name, contact details, and billing information.
  • Business Data: Product/service details, pricing, scheduling information, and custom workflows needed to power the AI agent.
  • Usage Data: Metrics on call volume, customer interactions, and system performance.

How We Use Your Information

For Clients (Businesses)

  • Service Provision: To deploy AI agents that answer calls, book appointments, and support customer engagement.
  • Communication: To send updates, reports, invoices, and support notifications.
  • Optimization: To improve AI performance through analytics and customer feedback.

For Customers (End Users)

  • Support & Service: To handle inquiries, bookings, troubleshooting, and other customer requests on behalf of our clients.
  • Personalized Interactions: To provide tailored responses and service recommendations.
  • Follow-Up Communication: To send reminders or confirmations when authorized by the business.

Third-Party Applications

Sera AI integrates with third-party services (e.g., telephony, CRM, and scheduling platforms) to enhance functionality. We only share the minimum necessary data with these services to enable proper operation.

Shared data may include:

  • Contact information for communication and scheduling purposes.
  • Interaction data such as call transcripts or summaries (when enabled) to improve customer service and record-keeping.

Each third-party service maintains its own privacy policy. We encourage reviewing their policies to understand how they manage data. Sera AI is not responsible for how third parties handle data but ensures integration only with trusted, compliant providers.

Subprocessors and Third-Party Services (Vapi & Twilio)

To provide voice and SMS functionality, we use trusted infrastructure providers acting as our data processors. We share only the minimum necessary data for the purposes described below.

  • Vapi, Inc. (voice infrastructure): processes call audio streams, call recordings and transcripts (if enabled), and call metadata (timestamps, duration, IDs) to place and manage calls, transcribe, and provide analytics.
  • Twilio Inc. (telecommunications): processes phone numbers, SMS/MMS message content and delivery status, and call routing/metadata to provision phone numbers and deliver calls and messages.

Each provider processes personal data solely on our instructions, under a data processing agreement. Data may be transferred to or stored in the United States. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses). We do not sell personal data.

Data Security

  • Encryption: All sensitive data is encrypted in transit and at rest.
  • Access Controls: Only authorized personnel have access to sensitive information.
  • Monitoring & Audits: Regular system audits and security reviews to maintain compliance.

Data Storage & Location

We store personal data with reputable cloud providers using encrypted databases and object storage. Data may be processed and stored in the United States and other jurisdictions, depending on infrastructure location and carrier routing. We apply role-based access controls, audit logging, regular backups, and least-privilege principles to protect data. Where transfers occur outside of your region, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) as required by law.

Data Retention

We retain personal and business data only as long as necessary to provide services, comply with legal obligations, and fulfill the purposes outlined in this policy. When data is no longer required, it is securely deleted or anonymized.

Retention periods

  • Call recordings & transcripts: 2 years from the date of the call.
  • Call logs & analytics: 1 year from the date of the call.
  • Abandoned checkouts: 90 days from creation.
  • Audit logs: 2 years (for compliance and security purposes).
  • Customer contact information: retained while the merchant's account is active, or until deletion is requested.

After the retention period expires, data is automatically and permanently deleted from our systems. Merchants can configure custom retention periods in their account settings to meet their specific business and legal requirements.

GDPR Compliance

We comply with GDPR requirements for data deletion:

  • Customer Data Requests: Customers can request access to their data through Shopify's GDPR tools. We respond within 48 hours.
  • Right to Erasure: Customers can request deletion of their personal data. We process deletion requests within 48 hours.
  • Shop Data Deletion: When a merchant uninstalls the app, all shop data is deleted within 48 hours, including customer data, recordings, and analytics.

All data deletion requests are logged in our audit system for compliance purposes. Audit logs are retained for 2 years as required by data protection regulations.

Requesting Data Deletion

Merchants can initiate shop data deletion directly through the app or by contacting us at info@seratech.ca. Customers should first contact the merchant (store owner) to submit access or deletion requests; we assist merchants with fulfilling these requests via Shopify's GDPR mechanisms.

For verification and security, we may request additional information to confirm identity. We generally respond within 48 hours and complete deletion promptly unless a longer period is required by law.

Cookie Policy

We use cookies and similar technologies to operate and secure the services. These include essential cookies for authentication, session management, fraud prevention, and security (e.g., CSRF protection), functional cookies that remember preferences, and—where enabled—analytics cookies that help us understand feature usage.

You can control cookies through your browser settings; disabling essential cookies may impact core functionality. Shopify may also set cookies necessary to operate embedded app experiences and authentication. We do not use third-party advertising cookies or sell personal data.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request updates to incorrect or incomplete data.
  • Deletion: Request deletion of your data under certain conditions.
  • Objection: Object to specific types of data processing.

To exercise these rights, please contact us using the details below.

Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in law, business operations, or service features. Updates will be posted on our website, and businesses will be notified of any significant changes.

Contact Us

Email: info@seratech.ca

Website: seratech.ca