AnswerBot

PIPEDA & CASL Compliance

Last updated: April 22, 2026

AnswerBot is a Canadian-owned company based in Mississauga, Ontario. We built our platform from the ground up to comply with Canada's privacy and anti-spam regulations. This page explains how we meet our obligations under PIPEDA and CASL.

Canadian Data Residency

All AnswerBot customer data is stored in Canada. Our database infrastructure runs in the ca-central-1 (Montreal) region through Supabase, a PostgreSQL-based platform. Personal information collected from business subscribers and their callers never leaves Canadian data centres for storage or processing purposes.

  • Database: Supabase PostgreSQL, ca-central-1 (Montreal, Canada)
  • Telephony: Twilio, with Canadian phone numbers and A2P 10DLC registration
  • Payments: Stripe, PCI-DSS compliant (no credit card data stored by AnswerBot)
  • Email: Postmark, transactional email only (no marketing email to callers)

PIPEDA Compliance

AnswerBot complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law governing how private-sector organizations collect, use, and disclose personal information in the course of commercial activity.

Accountability

AnswerBot is responsible for all personal information under its control. Our privacy officer can be reached at info@answerbot.ca.

Identifying Purposes

We collect personal information for the following purposes:

  • Providing the missed-call text-back and AI lead recovery service
  • Qualifying and scoring leads on behalf of business subscribers
  • Processing payments and managing subscriptions
  • Sending transactional communications (welcome emails, account updates)
  • Improving service quality and AI response accuracy

Consent

We obtain meaningful consent before collecting, using, or disclosing personal information:

  • Business subscribers: Express consent provided during account registration
  • Callers: Implied consent based on the act of calling a business (valid for 6 months under CASL)
  • Opt-out: Any individual can withdraw consent at any time by replying STOP or ARRET to any AnswerBot message

Limiting Collection

We collect only the personal information necessary to provide our service: phone numbers, SMS message content, call metadata, and lead qualification data. We do not collect information unrelated to the missed-call text-back service.

Limiting Use, Disclosure, and Retention

  • Personal information is used only for the purposes identified at the time of collection
  • We do not sell personal information to any third party
  • Operational logs are retained for 30 days; CASL consent and audit logs for 3 years
  • Lead and conversation data is retained for the duration of the business subscriber's active subscription
  • Upon cancellation, client data (leads, conversations, call logs, analytics) is automatically deleted after 90 days. CASL consent records are retained for 3 years as required by law.

Accuracy

We keep personal information as accurate and up-to-date as necessary for its intended purpose. Business subscribers can update their information at any time through their account settings.

Safeguards

  • All data transmitted over HTTPS/TLS encryption
  • Database access restricted to service-role authentication with Row Level Security (RLS)
  • Webhook endpoints secured via Cloudflare Tunnel with IP allowlisting
  • No personal data stored in application logs
  • Stripe handles all payment card data (PCI-DSS compliant)

Individual Access

Any individual has the right to request access to their personal information held by AnswerBot. To make an access request, contact info@answerbot.ca. We will respond within 30 days.

Challenging Compliance

If you believe AnswerBot has not complied with PIPEDA, you can file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

CASL Compliance

AnswerBot complies with Canada's Anti-Spam Legislation (CASL), which regulates commercial electronic messages (CEMs) including SMS text messages.

Consent Framework

  • Implied consent: When a person calls a business and the call goes unanswered, we treat this as an inquiry under CASL. Implied consent from an inquiry is valid for 6 months from the date of the call.
  • Express consent: When a caller replies to an AnswerBot text, this establishes express consent which does not expire unless withdrawn.
  • Consent tracking: Every contact record tracks consent type (implied or express), consent date, and expiry date. The system automatically stops messaging contacts whose implied consent has expired.

Unsubscribe Mechanism

Every automated SMS sent by AnswerBot includes the message "Reply STOP/ARRET to unsubscribe" as required by CASL. When a recipient replies STOP or ARRET:

  • The opt-out is processed immediately and permanently
  • The contact is marked as opted-out in our database
  • No further messages are sent to that phone number
  • The opt-out applies across all business subscribers using AnswerBot

Message Identification

All automated messages clearly identify the business on whose behalf they are sent and include the business name in the message body.

Data Deletion Requests

You have the right to request deletion of your personal information. To request data deletion, email info@answerbot.ca with the subject line "Data Deletion Request" and include the phone number or email address associated with the data you want deleted. We will process deletion requests within 30 days and confirm completion by email.

Contact

For questions about our privacy and compliance practices:

  • Email: info@answerbot.ca
  • Company: AnswerBot, Mississauga, Ontario, Canada