1. Overview
SpeakSense AI Inc. ("SpeakSense", "we", "us", "our") does business as SpeakSense — an AI-powered collaboration platform where "Experts" upload content (such as PDFs, slides, videos, and other files) to create Spaces that "Users" can join and interact with.
Anyone on SpeakSense may act as both an Expert and a User.
We are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your information. This Privacy Policy explains how SpeakSense processes personal information under the laws of:
- Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA)
- The United States, including California's CCPA/CPRA
- The European Union and European Economic Area, under the General Data Protection Regulation (GDPR)
2. Who We Are
30 Adelaide Street East, Suite 1201
Toronto, Ontario, Canada M5S 3G8
Email: hello@speaksense.ai
SpeakSense AI Inc. is incorporated federally in Canada and is the data controller for purposes of applicable privacy laws.
3. Information We Collect
We collect the following categories of information:
| Type | Examples | Purpose |
|---|---|---|
| Account & Authentication Information | Name, email address (which may be an Apple private relay address), profile photo, and — if you register directly — a password; or, if you sign in via a provider, a unique identifier from that provider | To create, authenticate, and manage your account |
| Uploaded Content | Files, PDFs, slides, videos, audio, and images uploaded by Experts | To enable Space creation and AI interaction |
| AI Interaction Data | Prompts, responses, and contextual messages exchanged with the SpeakSense agent | To provide, improve, and personalize AI performance |
| Device & Analytics Data | IP address, browser type, operating system, device identifiers, usage metrics | For security, diagnostics, and performance analytics |
| Payment Data | Processed securely by third-party providers (e.g., Stripe or equivalent) | For billing and subscription management |
| Cookies and Similar Technologies | Session identifiers, preference cookies | To maintain sessions and enhance usability |
| Biometric or Voice Data | Audio samples if you use voice-based interaction | To enable speech recognition and AI response |
| Integration Data (future) | Tokens or credentials from linked services such as Google Drive, Notion, Dropbox | To import or manage connected resources |
4. How We Use Your Information
We process personal information for the following purposes:
- To operate and improve SpeakSense – providing functionality for Experts and Users, maintaining Spaces, and optimizing AI accuracy.
- To develop and train models – using public Spaces and publicly marked resources only. Private or restricted data are excluded from training.
- To ensure platform security and integrity – via tools such as Sentry for error reporting and analytics.
- To process payments – through secure, third-party payment providers.
- To comply with legal obligations – including responding to lawful requests or enforcing our Terms of Service.
SpeakSense's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Where you sign in using a third-party provider (Google or Apple), we use the information that provider shares with us solely to authenticate you and manage your account. We honour Apple's "Hide My Email" choice and will not ask for your personal email address when you supply an Apple private relay address.
We do not sell personal data, share information with marketing or advertising partners, or use user data for third-party profiling.
5. Public and Private Spaces
Experts control the visibility of their uploaded content:
- Public Spaces: Visible to other Users and accessible by the overarching SpeakSense AI agent. Content and interactions may be used for training and inference to improve the platform.
- Private Spaces: Accessible only to invited Users. Data from private Spaces are used strictly for inference, not for model training.
Experts can mark individual files as private even within a public Space.
6. Data Retention and Deletion
- You may delete your account or any Space at any time.
- We automatically delete inactive Spaces (and their data) after one year of inactivity.
- You may request deletion of personal data by emailing hello@speaksense.ai.
- Backup copies may remain temporarily in secure archives for disaster recovery but are purged regularly.
- Users who have connected a Google account may revoke SpeakSense's access at any time via their Google account permissions dashboard (https://myaccount.google.com/permissions).
- Users who signed in with Apple may revoke SpeakSense's access at any time via Settings → [your name] → Sign in with Apple on an Apple device, or at account.apple.com under "Sign in with Apple."
7. Data Hosting and Cross-Border Transfers
We host and process data as follows:
| Location | Purpose | Provider |
|---|---|---|
| Montreal, Canada (GCP) | Primary cloud storage, compute, and database | Google Cloud Platform |
| U.S. Central (Vertex AI) | Model hosting and inference (Gemini model) | Google Cloud / Vertex AI |
| U.S. (Sentry) | Error logging and diagnostics | Functional SaaS provider |
| Codemagic | Build and deployment automation | CI/CD provider |
| United States | User authentication and sign-in (Google and Apple) | Auth0 / Okta |
Because our operations span multiple jurisdictions, your information may be transferred to and processed in the United States and Canada. We implement Standard Contractual Clauses (SCCs) and equivalent safeguards to ensure compliance with GDPR, PIPEDA, and CCPA/CPRA requirements.
8. Legal Bases for Processing (EU/EEA)
Under the GDPR, we process personal data based on the following legal grounds:
- Contractual necessity: to provide platform functionality and maintain your account.
- Consent: for collecting optional or sensitive data (e.g., voice interactions).
- Legitimate interests: to ensure platform security, improve models, and conduct analytics.
- Legal obligations: to comply with applicable law and protect our rights.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete information
- Erase ("right to be forgotten") your personal data
- Withdraw consent at any time for consent-based processing
- Object or restrict certain processing activities
- Port your data to another provider in a machine-readable format
To exercise these rights, contact us at hello@speaksense.ai.
We will respond within 30 days (or as required by law).
10. Cookies and Tracking Technologies
We use cookies and local storage to:
- Keep you signed in between sessions
- Remember preferences
- Conduct anonymous analytics
You can disable cookies in your browser, but some features may not function properly.
11. Children's Privacy
SpeakSense is intended for users aged 13 and older (or 16+ in jurisdictions with higher minimums).
We do not knowingly collect personal information from minors below this threshold. If you believe a minor has provided information to us, please contact hello@speaksense.ai for prompt deletion.
12. Security
We employ administrative, technical, and physical safeguards consistent with industry best practices to protect your data, including:
- Encryption in transit and at rest
- Access controls and authentication
- Secure infrastructure via Google Cloud Platform
- Continuous monitoring and regular audits
No system is perfectly secure, but we strive to minimize risk through rigorous design.
13. Third-Party Services
We may engage limited service providers (as outlined above) solely for hosting, error monitoring, payments, and deployment. We use Auth0 (Okta) to process login identifiers and email addresses for authentication, under a data protection agreement and only to provide the sign-in feature. Each provider is contractually required to meet applicable privacy and data protection standards.
We do not permit these providers to use your personal information for their own purposes.
Where Google APIs are used, SpeakSense complies with Google's API Services User Data Policy and processes Google user data solely to provide and improve user-facing features.
14. Data Protection Addenda
(a) European Union / EEA
Users in the EU/EEA are protected under GDPR. We provide:
- Lawful basis for each processing activity
- Standard Contractual Clauses (SCCs) for cross-border data transfers
- A designated contact for privacy concerns at hello@speaksense.ai
(b) Canada
We comply with PIPEDA and other applicable provincial laws.
By using SpeakSense, you consent to the collection, use, and disclosure of your information as described in this Policy.
(c) United States (CCPA/CPRA)
California residents may request access to, deletion of, or information about data we hold on them by contacting hello@speaksense.ai.
We do not "sell" personal information as defined under the CCPA/CPRA.
15. Data Retention Periods
| Data Type | Retention Duration | Notes |
|---|---|---|
| Account data | While account is active | Deleted upon closure |
| Uploaded content | Until deletion or 1-year inactivity | Expert-controlled |
| AI interaction logs | Up to 12 months | Used to improve performance |
| Payment records | As legally required | Retained for accounting |
| Backup archives | ≤ 90 days | For disaster recovery |
16. Google API Services User Data Disclosure
SpeakSense integrates with certain Google APIs (including but not limited to Google Drive API and Google Cloud / Vertex AI services) to enable users to import, process, and interact with content.
This section supplements the rest of this Privacy Policy and applies specifically to Google user data accessed through Google APIs.
16.1 Data Accessed (Google User Data)
If you choose to connect your Google account to SpeakSense (e.g., via Google Drive integration), we may access the following types of Google user data:
- Google account basic profile information (name, email address)
- Google OAuth access tokens
- Files and file metadata explicitly selected by you from Google Drive
- Google Drive file content for the purpose of importing into a SpeakSense Space
- Usage metadata necessary for API functionality
We only access data that you explicitly authorize via Google's OAuth consent screen.
We do not access Gmail, Google Contacts, Calendar data, or any Google data beyond the scopes explicitly disclosed during authentication.
16.2 How We Use Google User Data
Google user data accessed through Google APIs is used strictly for the following purposes:
- To import files you select into SpeakSense Spaces
- To enable AI processing and interaction with those files
- To provide requested platform functionality
- To maintain platform security and prevent abuse
- To comply with legal obligations
We do not use Google user data for:
- Advertising purposes
- Marketing profiling
- Sale to third parties
- Training generalized AI models beyond your Space settings
- Any purpose unrelated to core SpeakSense functionality
If a file imported from Google Drive is placed into a:
- Private Speaker / Space → It is used only for inference and is not used for model training.
- Public Speaker / Space → It may be used for platform improvement consistent with your visibility settings.
16.3 Data Sharing (Google User Data)
We do not sell Google user data.
We do not share Google user data with third parties except:
- Google Cloud Platform (for storage and compute)
- Vertex AI (for AI inference processing)
- Sentry (for diagnostics, where necessary)
- Payment processors (if applicable to billing metadata only)
All third-party service providers:
- Operate under written data protection agreements
- May process data solely to provide services to SpeakSense
- Are prohibited from using Google user data for their own purposes
We do not transfer Google user data to data brokers, advertisers, or analytics resale entities.
16.4 Data Storage & Protection
Google user data is stored:
- In encrypted databases hosted on Google Cloud Platform (Montreal region)
- With encryption in transit (TLS 1.2+)
- With encryption at rest (AES-256 or equivalent)
Security safeguards include:
- Role-based access controls
- Least-privilege authentication
- OAuth token encryption
- Continuous infrastructure monitoring
- Incident response procedures
Access to Google user data is limited to authorized personnel strictly for operational needs.
16.5 Data Retention & Deletion (Google User Data)
Google user data is retained:
- Only as long as necessary to provide the requested service
- Until the user deletes the imported file
- Until the user deletes their Space
- Until the user disconnects their Google account
- Or until account deletion
Upon deletion request:
- Data is removed from active systems within 30 days
- Backup copies are purged within 90 days
- OAuth tokens are revoked upon disconnection
Users may request deletion by:
- Deleting the content directly within SpeakSense
- Disconnecting their Google account
- Emailing hello@speaksense.ai
We comply with Google's Limited Use requirements and delete Google user data when it is no longer needed for the stated purpose.
17. Sign in with Apple
SpeakSense offers "Sign in with Apple" as an authentication option. This section supplements the rest of this Privacy Policy and applies specifically to data accessed through Sign in with Apple.
17.1 Data We Receive
When you authenticate with Apple, we receive a unique, stable identifier that Apple assigns specifically for SpeakSense and uses to recognize your account on return visits. If you consent at first sign-in, we also receive your name and an email address. You may use Apple's "Hide My Email" feature, in which case the email we receive is a private, Apple-generated relay address (ending in @privaterelay.appleid.com), not your personal address. We do not receive your Apple Account password or any other data from your Apple Account.
17.2 How We Use Apple Data
We use this information solely to create and authenticate your account, recognize you when you return, and send account-related, security, and transactional messages. Where you provide a private relay address, we use it only for communications relating to your SpeakSense account, and we will not ask you to supply your personal email address instead. We do not use Apple-provided data for advertising, marketing profiling, sale to third parties, or any purpose unrelated to operating SpeakSense.
17.3 Private Email Relay
If you choose "Hide My Email," your real email address remains hidden from us. Messages we send are routed through Apple's private email relay to your personal inbox. You can disable this relay at any time from your Apple Account settings, which will stop our messages from reaching you.
17.4 Sharing
We do not sell Apple-provided data. We share it only with the service providers identified in this Policy — including our authentication provider and cloud hosting — and solely to operate the sign-in feature on our behalf.
17.5 Your Controls
You can revoke SpeakSense's access to Sign in with Apple at any time via Settings → [your name] → Sign in with Apple on an Apple device, or at account.apple.com. You may also delete your account and associated data as described in Section 6.
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in technology or legal requirements. Material updates will be communicated via email or within the platform. Your continued use of SpeakSense constitutes acceptance of any revisions.
19. Contact Us
For any privacy-related inquiries, requests, or complaints, please contact:
30 Adelaide Street East, Suite 1201
Toronto, Ontario, Canada M5S 3G8
Email: hello@speaksense.ai
Privacy at a Glance
Who we are
SpeakSense AI Inc. (d/b/a "SpeakSense") is a Canadian company headquartered at 30 Adelaide Street East, Suite 1201, Toronto, Ontario M5S 3G8.
We build SpeakSense — an AI platform where Experts upload content to create "Spaces" that Users can explore, converse with, and learn from.
What we collect
- Account info (email, name, password)
- Uploaded content (files, images, video, audio)
- AI interactions (prompts and responses)
- Device and analytics data (IP, usage, browser type)
- Payment details (handled via secure third-party provider)
- Optional voice data (if you use audio features)
- Sign-in details when you use Google or Apple to log in
How we use it
- To operate and improve SpeakSense
- To train and enhance AI models using public Spaces only
- To maintain platform security and troubleshoot errors
- To process payments
Your choices
- Delete your data or account anytime
- Control whether a Space is public or private
- Opt out of cookies or revoke consent
- Request access, correction, or deletion at hello@speaksense.ai
What we don't do
- We never sell your data
- We don't share information with advertisers or marketing partners
How long we keep it
- Active data: as long as your account is active
- Inactive Spaces: deleted after 1 year
- Backups: securely purged within 90 days
Children
For users 13 + (16 + in some jurisdictions).
Data Safety Table
| Data Category | Examples | Collected? | Purpose | User Control |
|---|---|---|---|---|
| Personal Info | Name, email (may be an Apple private relay address) | ✅ | Account setup, login | Delete via account settings |
| Files & Docs | PDFs, PPTs, videos, images | ✅ | AI context & collaboration | Expert controls visibility |
| Audio | Voice input | ✅ (if used) | Speech-to-text & interaction | Delete at any time |
| App Activity | Prompts, usage logs | ✅ | Model improvement (public data only) | Request deletion |
| Device or other IDs | IP, browser, OS | ✅ | Security, analytics | Limited opt-out via cookies |
| Payment Info | Through Stripe or similar | ✅ | Subscription, billing | Contact payment provider |
| Diagnostics | Error reports via Sentry | ✅ | Troubleshooting | Not user-configurable |
| Location | Approx. IP-based region | ✅ | Regional compliance, latency optimization | N/A |
| Marketing | Email newsletters | ❌ | N/A | N/A |
| Third-Party Sharing | Hosting & analytics vendors | ✅ | Platform functionality only | Covered by contracts |
| Data Encryption | In transit & at rest | ✅ | Protection | Standard industry practice |
| Data Deletion Window | Within 30 days of request or 1 year inactivity | ✅ | Compliance | User-initiated or automatic |