Privacy Policy

Last updated: April 29, 2026

BadenAI provides software for Canadian life insurance agents — AgencyCRM (a client management system) and BadenAI (an AI assistant for proposals, underwriting research, and call transcripts). This policy explains what personal information we collect, why we collect it, how we protect it, and what choices you have.

This policy applies to badenai.com, app.badenai.com, and any service we provide that links to it. We are committed to handling personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Law 25, and applicable provincial privacy laws.

1. Two roles, two relationships

Our products handle two categories of personal information, and we play different roles for each:

  • Agent information. When you sign up for an account, we are the controller of your information. This policy describes how we use it.
  • Client information. When you upload information about your clients (names, health information, financial information, call recordings, documents), you are the controller and we are your processor. We process that information on your instructions, only for the purposes of providing the service to you. Your obligations to your clients under PIPEDA, PHIPA, and provincial privacy laws remain yours.

If you are an end client whose advisor uses our software, please contact your advisor first — they hold your information and can answer most questions about how it is used. We will assist your advisor in responding to access, correction, or deletion requests.

2. Information we collect

From agents (account holders)

  • Name, business name, email address, phone number
  • Login credentials and two-factor authentication setup
  • Billing information (payment is processed by Stripe — we do not store full card numbers)
  • Province of operation, licensing details if you provide them
  • Communications you send us (support requests, feedback)

From you, about your clients

  • Client contact and demographic information you enter
  • Health and lifestyle information for underwriting research
  • Financial information for needs analysis and proposals
  • Documents and forms you upload (quotes, applications, scanned files)
  • Call recordings you upload for transcription
  • Notes, tasks, and correspondence you record in the CRM

Automatically

  • IP address, browser type, device information
  • Pages visited and basic usage metrics (so we can improve the product)
  • Error logs (so we can fix bugs)

We do not use third-party advertising trackers. We do not sell your information or your clients' information to anyone — ever.

3. How we use information

  • To provide and operate the service you signed up for
  • To process AI requests through Claude (see section 4 below)
  • To generate proposals, transcripts, and other outputs you request
  • To bill you and manage your subscription
  • To provide customer support and respond to your questions
  • To send service-related notifications (account changes, billing, security alerts)
  • To improve the product (using aggregated, non-identifying usage patterns)
  • To meet our legal and regulatory obligations

We will not use your client data to train AI models. We do not use it for marketing. We do not analyze it for any purpose other than delivering the feature you used.

4. AI processing

BadenAI uses Claude, an AI model provided by Anthropic (a U.S. company). Queries we send to Anthropic for processing are covered by Anthropic's Zero Data Retention policy. Because Anthropic operates in the United States, AI processing constitutes a transfer of information outside Canada. You consent to this transfer when you use our AI features.

Within BadenAI itself, we apply the following retention rules to data you submit for AI processing:

  • Files you upload (needs analyses, quotes, call recordings, scanned documents) are automatically deleted 30 days after upload.
  • Prompts and AI conversations are retained until you delete them, so you can revisit, refine, and reuse them.

Call transcription itself is performed entirely on our own servers in Canada using local AI models — call recordings and the resulting transcripts are stored only on Canadian infrastructure. If you choose to generate an AI summary or task list from a transcript, the transcript is sent to Claude for that one operation under the same Zero Data Retention terms described above. Generation of summaries or tasks is optional; transcripts alone never leave Canada.

5. Where your data lives

Your data — and your clients' data — is stored on our own hardware in a Canadian colocation facility. We do not use public cloud services (AWS, Google Cloud, Azure) for storage. Your data is in Canada, on infrastructure we control.

The single exception is real-time AI processing through Claude as described in section 4. Stored data, including all backups, is in Canada.

6. Sharing and disclosure

We share information only with the following categories of third parties, and only as necessary to operate the service:

  • Anthropic — for AI processing under the Zero Data Retention agreement described above.
  • Stripe — for payment processing. Stripe receives the payment information you provide at checkout; we do not store full card numbers.
  • Email and SMS providers — when you connect your Gmail/Outlook account or use the SMS feature, we route messages through those providers as part of the service you requested.
  • Service providers under contract — engineers, hosting partners, and similar service providers, all bound by confidentiality and limited to specific purposes.
  • Legal authorities — only when we are required to by valid Canadian legal process. We will challenge overly broad or inappropriate requests.

We do not sell, rent, or share your information for advertising, marketing, or analytics purposes.

7. Retention

  • Active accounts: we keep your account information and CRM data for as long as your account is active.
  • Uploaded files: automatically deleted 30 days after upload, as described in section 4.
  • AI prompts and conversations: retained until you delete them.
  • After cancellation: we retain your account data for 30 days so you can reactivate or export it. After that, we delete account data within a reasonable period.
  • Backups: deleted data may persist in encrypted backups for up to 90 days before backup rotation removes it.
  • Billing records: we retain billing records for as long as required by Canadian tax and accounting law (typically six years).

You can request earlier deletion of specific data at any time — see section 9.

8. Security

We protect personal information with safeguards appropriate to its sensitivity:

  • Encryption in transit (TLS) for all connections
  • Two-factor authentication required for all account logins
  • Access controls — only authorized personnel with a business need can access systems
  • Logging and monitoring of access to client data
  • Regular software updates and security patches
  • Physical security at our colocation facility

No system can be perfectly secure. If we ever experience a security breach affecting your information, we will notify affected users and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA's breach notification requirements.

9. Your rights

Under PIPEDA and applicable provincial laws, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correct — ask us to fix inaccurate information
  • Delete — ask us to delete your account and personal information
  • Withdraw consent — withdraw your consent to specific uses (note this may limit our ability to provide the service)
  • Port — receive your data in a portable format (export)
  • Complain — file a complaint with us, and if unsatisfied, with the Office of the Privacy Commissioner of Canada or your provincial commissioner

To exercise any of these rights, email glenn@badenai.com. We will respond within 30 days.

10. Quebec residents — Law 25

If you reside in Quebec, you have additional rights under An Act respecting the protection of personal information in the private sector (Law 25), including the right to be informed when we use your personal information to render a decision based exclusively on automated processing, and the right to data portability.

We do not use automated decision-making to determine eligibility, pricing, or service for our customers. AI features in BadenAI are tools used by you to assist your work — they do not make decisions about you.

11. Cookies and analytics

We use a small number of necessary cookies for authentication and session management. We use minimal first-party analytics to understand how the product is used (page views, feature usage). We do not use third-party advertising or tracking cookies.

12. Children

Our service is for licensed life insurance agents. It is not directed to children under 16 and we do not knowingly collect personal information from children. Agent users may, in the course of their business, enter information about minors as part of family applications — that information is treated as client data under section 1.

13. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify account holders by email and update the "Last updated" date at the top of this page. Continued use of the service after a change means you accept the updated policy.

14. Contact us

Questions, requests, or complaints about this policy or our handling of personal information:

Privacy Officer — BadenAI

Email: glenn@badenai.com

If you are not satisfied with our response, you have the right to contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or your provincial privacy commissioner.