Privacy Policy

1. Who We Are

Avidra is a Canadian software-as-a-service company. Our service enables local service businesses to automatically respond to missed calls via SMS.

Contact our Privacy Officer:
Email: support@avidra.net
Website: avidra.net

2. Information We Collect

Account information: When you sign up, we collect your name, email address, business name, and phone number.

Payment information: Billing is handled by our payment processor. We do not store full card numbers. Your payment card details are collected and processed by our payment processor subject to their own privacy policy.

Business configuration: We store the SMS reply message you set, your forwarding number, and any customizations you configure in the dashboard.

Call and SMS records: We log metadata about missed calls forwarded through your Avidra number (caller ID, timestamp, call duration) and outbound SMS messages sent on your behalf (recipient number, message body, delivery status). We do not record call audio.

Your customers' phone numbers: When a missed call triggers an SMS, the caller's phone number is processed to send that reply. These numbers are stored in your account as leads.

Usage data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for security and analytics.

Cookies: We use cookies and similar tracking technologies as described in our Cookie Policy.

Voice-recovery recordings (where enabled): If your workspace has the voice-recovery feature enabled, additional audio recordings and transcripts are collected via our voice AI partner (Retell). Section 3 describes how this data is made available to authorized users through the Avidra mobile app.

3. Avidra Mobile App (iOS / Android)

The Avidra mobile app provides authorized account holders with read-only access to their workspace's call data on iOS and Android devices. The mobile app collects and processes the following:

Account information: Your name, email address, and workspace membership are loaded from your existing Avidra account when you sign in. The mobile app does not create new accounts — sign-in is delegated to the avidra.net web flow.

Authentication tokens: After sign-in, the app stores a secure session token in your device's encrypted keychain (iOS Keychain or Android Keystore). The token expires after 30 days and is revoked when you sign out or delete your account.

Call data: The app fetches call records, transcripts, and SMS messages associated with your workspace from the Avidra backend. This data is delivered over HTTPS and is not stored persistently on your device. The app caches data in memory for up to 30 seconds for performance.

Voice-recovery audio recordings (where enabled): If your workspace has the voice-recovery feature enabled, the app also fetches the corresponding audio recordings from our voice AI partner (Retell). Recordings are streamed over HTTPS and are not stored persistently on your device.

Push notification tokens (if enabled): When you enable push notifications, the app shares a unique device-specific token with our servers so we can deliver lead alerts. You can revoke this by disabling notifications in your device settings or by signing out.

Device information: We collect basic device metadata (iOS/Android version, device model) sent automatically as part of API requests, used for diagnostics and security.

Account deletion: You can request account deletion from within the mobile app via the account menu, which sends a deletion request to support@avidra.net. All your account data, including call records and tokens, will be permanently deleted within 30 days. To delete only your mobile session without deleting your account, sign out from the app.

What the mobile app does not collect:

• Your phone's contacts, photos, or files
• Your location
• Microphone or camera access
• Advertising identifiers
• Cross-app or cross-site tracking data

The mobile app does not show advertisements and does not share data with third parties beyond the Avidra backend services already disclosed in this policy.

4. How We Use Your Information

We use personal information to:

• Provide, operate, and maintain the Avidra service
• Send automated SMS replies to your callers on your behalf
• Process subscription payments through our payment processor
• Provide customer support and respond to inquiries
• Send transactional emails (account confirmations, billing receipts)
• Monitor service reliability, diagnose technical issues, and prevent abuse
• Comply with legal obligations and enforce our Terms of Service

We do not sell personal information. We do not use your customers' phone numbers for any purpose other than sending the SMS reply you configured.

5. Legal Basis and Consent

Under PIPEDA, we rely on the following bases to collect and use personal information:

• Consent: By creating an account and enabling the missed-call SMS feature, you consent to us processing your information and your customers' phone numbers for the purpose of sending automated replies.
• Contractual necessity: Processing is required to fulfill the service described in our Terms of Service.
• Legitimate interests: We process usage data to improve service reliability and security.
• Legal obligation: We may retain records as required by Canadian law.

6. Sharing and Disclosure

We share personal information only with trusted third-party service providers necessary to operate Avidra, including providers for:

• SMS delivery and communication services
• Payment processing and subscription management
• Secure cloud database and infrastructure hosting
• Application hosting and deployment

All service providers are contractually bound to use personal information only to provide their services to us and to maintain appropriate security safeguards.

We may disclose personal information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Avidra, our customers, or the public.

We do not transfer personal information outside Canada except to the service providers described above, some of which operate servers in the United States. Where applicable, we rely on PIPEDA's transfer-for-processing provisions and require comparable protection from those providers.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the service. After account deletion:

• Account data is deleted within 30 days.
• Call and SMS logs are deleted within 90 days.
• Billing records are retained for 7 years as required by Canadian tax law.

You may request deletion of your account and associated data at any time by emailing support@avidra.net.

8. Account Deletion

Avidra is operated by Hypnics Inc. To delete your Avidra account, you have two options:

In-app deletion (recommended): open the Avidra mobile app, go to account settings, and tap Delete account. You will be asked to type “DELETE” to confirm. The same option is available in the web dashboard at avidra.net under Settings → Danger zone → Delete my account.

Email request: if you cannot access the in-app option, email support@avidra.net from the address registered to your account with the subject “Account Deletion Request”. We may ask for additional information to verify ownership before processing.

Data that is permanently deleted:

• Your account profile and workspace
• Captured leads and contact records
• Call records and metadata
• SMS conversation history
• Voice-recovery transcripts and audio recordings (where enabled)
• Payment method tokens and billing contact information
• Mobile push notification tokens

Deletion is irreversible. We cannot recover data after it has been purged.

Data that is retained, and for how long:

• Billing and tax records — invoices and transaction history are retained for 7 years to comply with Canadian tax and financial record-keeping requirements. These records contain only the minimum information required by law.
• Security and audit logs — retained for up to 12 months in accordance with our internal security policy, to investigate abuse, fraud, or unauthorized access.
• Anonymized analytics — aggregated, de-identified service-usage metrics may be retained indefinitely. Because these records contain no identifiers, they cannot be linked back to you.

Timing: deletion requests are processed within 30 days of receipt. Most data is removed immediately; call and SMS logs may take up to 90 days to fully purge from backup systems. You will receive an email confirmation once your account has been deleted.

9. Your Rights

Under PIPEDA, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Withdraw consent for processing (subject to legal or contractual limitations)
• Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca

To exercise any of these rights, email us at support@avidra.net. We will respond within 30 days.

10. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted database storage, access controls, and audit logging. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach that poses a real risk of significant harm to individuals, we will notify affected users and the OPC as required under PIPEDA's mandatory breach reporting rules.

11. Children's Privacy

Avidra is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

12. Rights of European Economic Area, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the EU/UK General Data Protection Regulation grants you additional rights with respect to your personal data. Avidra acts as a data controller for account-holder information and as a data processor for the customer phone numbers our business customers process through the service.

Under GDPR you have the right to:

• Access the personal data we hold about you and receive a copy in a portable format.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”) where one of the grounds in Article 17 GDPR applies.
• Restrict or object to processing in certain circumstances, including for direct marketing.
• Withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Lodge a complaint with your local supervisory authority. A list of EEA authorities is available at edpb.europa.eu; UK residents may contact the ICO at ico.org.uk.

Legal bases for processing (Article 6 GDPR): contract performance to provide the service; consent for non-essential cookies and marketing communications; legitimate interests in operating, securing, and improving the service; and legal obligation to retain records as required by law.

International transfers: some of our service providers are located in Canada or the United States. For transfers out of the EEA/UK/Switzerland we rely on the European Commission's adequacy decision for Canada (where applicable) and on Standard Contractual Clauses with our processors. A copy of the relevant safeguards is available on request.

Data Processing Agreement: business customers who require a GDPR Article 28 Data Processing Agreement should contact support@avidra.net and reference our Data Processing Addendum.

To exercise any GDPR right, email support@avidra.net. We respond within one month and may extend by two further months for complex requests.

13. Rights of California Residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to opt out of the sharing of personal information for cross-context behavioral advertising. See our dedicated Do Not Sell or Share My Personal Information page for full details and request instructions.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the dashboard. Continued use of the service after the effective date of any change constitutes acceptance of the updated policy.

15. Contact Us

Questions or concerns about this Privacy Policy or our privacy practices?

Avidra
Email: support@avidra.net
Website: avidra.net