WIAM.AI — PRIVACY POLICY
The English and French versions are both published. In case of divergence, the French version prevails (Québec Law 96).
Effective date: July 1, 2026
Controller: Rocket Science Development Inc. ("WIAM", "we"), 220-370 boul. Nobert, Longueuil, Québec J4J 2Z3, Canada — NEQ 1176414408.
Privacy Officer (Law 25): support@wiam.ai
1. Scope
This Policy explains how we handle personal information when business customers ("Customers") use the WIAM.ai service (the "Service"). It covers two categories:
- Customer data — information about the Customer and its representatives (we are the controller).
- Audience data — personal information of people who interact with the Customer's connected social accounts (e.g., commenters, message senders). For this data we act as the Customer's service provider / processor; the Customer is the controller and is responsible for its own privacy notices and legal bases (see Section 9).
2. Information we collect
- Account & business profile: name, email, business name, address, phone, website, time zone, role.
- Google data: your Google Maps / Business Profile listing details and photos that you direct us to use.
- Connected-platform credentials: OAuth tokens for the social accounts you connect (stored encrypted). We do not receive or store your platform passwords.
- Content: source material, generated videos/captions, schedules, and analytics about their performance.
- Audience data: comments and direct messages on your connected accounts (which may contain the personal information of your audience) and engagement metrics.
- Payment data: processed by Stripe; we receive limited billing metadata (e.g., plan, status).
- Usage & device data: logs, IP address, browser/device info, and diagnostics, for security and reliability.
3. How we use information
- To provide, operate, secure, and support the Service;
- To generate content and publish/schedule it on your connected accounts;
- To process payments and manage subscriptions and credits;
- To detect, prevent, and investigate fraud, abuse, and security incidents;
- To comply with legal obligations.
We do NOT sell or "share" personal information, and we do NOT use Customer content or Audience data to train or improve generative AI models.
4. Legal bases / consent
We process personal information on the bases of performance of our contract with the Customer, our legitimate/business interests (e.g., security and service operation that does not involve AI model training on your data), consent where required, and legal obligation. The Customer is responsible for the legal basis and consents required for Audience data processed on its behalf.
5. Service providers & sub-processors
We share personal information only with vendors that process it on our behalf under contract. By category of recipient:
| Category of recipient | Purpose |
|---|---|
| Cloud infrastructure & storage | Hosting, storage, and compute (region: us-east-1) |
| Payment processor | Payments and billing |
| AI content-generation providers | Generation of video, audio, and text (no training on your data) |
| Social-publishing connectivity | Connecting your accounts and publishing content |
| Source business-data providers | Public business-listing data (e.g., Google Maps) |
We require each provider to offer appropriate safeguards. A current list of our named sub-processors is available to Customers on request and forms part of our Data Processing Agreement.
6. AI processing
The Service relies on automated AI systems to generate content. Generated content may be inaccurate and is subject to human review by the Customer (see the Terms). We do not make solely-automated decisions producing legal or similarly significant effects about individuals.
7. Retention
We keep personal information only as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Audience data is retained per the Customer's instructions and our 12-month retention period. On account closure we delete or de-identify Customer data within 30 days, subject to legal holds and backups.
8. Security
We use technical and organizational safeguards including encryption in transit and at rest, encryption of stored OAuth tokens, access controls, and audit logging. No method is perfectly secure; we maintain an incident-response process and will notify affected parties and regulators as required by law (e.g., Law 25, PIPEDA, applicable U.S. state laws).
9. Audience data (your customers' personal information)
When we process comments and messages from your connected accounts, you are the controller and we are your processor / service provider. You are responsible for providing any required privacy notice to, and obtaining any required consent from, your audience, and for honouring their requests. We process such data only to provide the Service to you and per your instructions.
10. International transfers
We are based in Canada and use service providers in the United States and elsewhere. Personal information may therefore be stored or processed outside your province or country, including the U.S., under appropriate contractual safeguards. (Law 25: we conduct a privacy impact assessment before communicating personal information outside Québec and transfer only where that assessment confirms the information will benefit from adequate protection, supported by contractual safeguards with our U.S.-based processors.) A record of this assessment is maintained by our Privacy Officer and made available to the Commission d'accès à l'information on request.
11. Your privacy rights
Canada (PIPEDA) / Québec (Law 25): you may request access to, and correction of, your personal information, withdraw consent (subject to contract), and obtain information about its use and disclosure. Québec residents also have rights regarding de-indexing, portability, and automated processing. Complaints: the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada (OPC).
United States (CCPA/CPRA and similar state laws — CA, VA, CO, CT, etc.): depending on your state, you may have the right to know/access, delete, correct, and to opt out of sale/sharing/targeted advertising. We do not sell or share personal information and do not use it for cross-context behavioral advertising. We do not discriminate against you for exercising these rights.
To exercise any right, contact support@wiam.ai. We verify and respond within the timeframes required by applicable law. For Audience data, direct requests to the Customer that controls the account; we will assist that Customer.
12. Children
The Service is for businesses and is not directed to children; we do not knowingly collect personal information from anyone under 18.
13. Changes
We may update this Policy. Material changes take effect on notice; the current version and date appear at the top.
14. Contact & complaints
Rocket Science Development Inc. — Privacy Officer, 220-370 boul. Nobert, Longueuil, Québec J4J 2Z3, Canada · support@wiam.ai