Privacy Policy

Effective Date: March 23, 2026

Last Updated: March 23, 2026

Contents

  1. 1. Overview
  2. 2. What Data We Collect
  3. 3. How We Use Your Data
  4. 4. AI Processing & Third-Party AI Services
  5. 5. Third-Party Services
  6. 6. Data Storage & Security
  7. 7. Data Retention
  8. 8. Your Rights
  9. 9. Cookies & Tracking
  10. 10. Canadian Privacy Law (PIPEDA)
  11. 11. International Users
  12. 12. Children's Privacy
  13. 13. Changes to This Policy
  14. 14. Contact & Privacy Inquiries

1. Overview

This Privacy Policy explains how newdigi ("we," "us," or "our"), operating The Automator at theautomator.ai (the "Service"), collects, uses, stores, and protects your personal information.

We are committed to handling your data responsibly and transparently. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and strive to meet the expectations of privacy laws in the jurisdictions where our users are located.

By using the Service, you consent to the data practices described in this policy. Please read it alongside our Terms of Service.

2. What Data We Collect

Account Information

  • Email address
  • Password (stored as a cryptographic hash — we never store your password in plain text)
  • Name (if provided)
  • Account creation date

Assessment & Business Data

When you complete assessments, you may provide:

  • Industry and business type
  • Your role or job title
  • Company size (number of employees)
  • Software tools and platforms you currently use
  • Business pain points and operational challenges
  • Current workflows and processes
  • Goals and priorities for AI adoption

AI Coach Conversations

When you use the AI Coach feature, we store:

  • Your messages and questions
  • AI-generated responses
  • Conversation timestamps
  • Session context (which assessment or topic you were discussing)

Usage Data

  • Pages visited and features used
  • Assessment completion status
  • Interaction patterns (clicks, time on page)
  • Device type, browser, and operating system
  • IP address
  • Referring URL

Payment Information

Payment details (credit card number, billing address) are collected and processed by Stripe, our payment processor. We do not store your full payment card details on our servers. We receive from Stripe: the last four digits of your card, card type, billing email, and transaction history.

3. How We Use Your Data

We use your data for the following purposes:

Purpose Data Used
Deliver the Service Account info, assessment data, conversations
Generate AI recommendations Assessment data, business context
Power AI Coach conversations Conversation history, assessment context
Process payments Email, payment info (via Stripe)
Send service communications Email address
Improve the Service Aggregated, anonymized usage data
Prevent fraud and abuse IP address, usage patterns
Comply with legal obligations As required by law

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. AI Processing & Third-Party AI Services

Transparency Notice

Your data is processed by an external AI service to generate recommendations. Here is exactly what happens.

How AI Processing Works

When you complete an assessment or interact with the AI Coach, your input data is sent to Anthropic's Claude API for processing. This means:

  • Your assessment responses (industry, role, company size, pain points, tools used) are transmitted to Anthropic's servers to generate personalized recommendations.
  • AI Coach messages are sent to Anthropic's API in real-time to generate responses.
  • Previous conversation context may be included to maintain continuity in AI Coach sessions.

Anthropic's Data Handling

According to Anthropic's commercial API terms:

  • Data sent through the API is not used to train Anthropic's models
  • API inputs and outputs are retained by Anthropic for a limited period for safety and abuse prevention
  • Anthropic's privacy policy applies to their handling of this data

For more information, see Anthropic's Privacy Policy.

What We Do NOT Send to AI Services

  • Your password or authentication credentials
  • Your payment or billing information
  • Your email address (unless you include it in a conversation)

5. Third-Party Services

The Service relies on the following third-party providers. Each has their own privacy practices:

Anthropic (Claude API)

AI processing for recommendations and coaching

Data shared: Assessment responses, conversation messages, business context

Anthropic Privacy Policy

Stripe

Payment processing

Data shared: Email, payment card details, billing address, transaction amounts

Stripe Privacy Policy

Fly.io

Application hosting and infrastructure

Data shared: All application data resides on Fly.io infrastructure (encrypted at rest)

Fly.io Privacy Policy

We vet our third-party providers for adequate security and privacy practices. However, we are not responsible for the privacy practices of third-party services. We encourage you to review their policies.

6. Data Storage & Security

Where Your Data Is Stored

Your data is stored in a SQLite database hosted on Fly.io infrastructure. Fly.io operates data centers in multiple regions. Our primary application runs in North American data centers.

Security Measures

We implement reasonable security measures to protect your data, including:

  • Passwords stored using industry-standard cryptographic hashing
  • HTTPS encryption for all data in transit
  • Encrypted storage at rest on Fly.io infrastructure
  • Access controls limiting who can access production systems
  • Regular security reviews of our codebase

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately at hello@newdigi.ca.

7. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

Data Type Retention Period
Account information Until account deletion + 30 days
Assessment data Until account deletion + 30 days
AI Coach conversations Until account deletion + 30 days
Payment records 7 years (legal/tax requirements)
Usage/analytics data 12 months (anonymized after)
Server logs 90 days

When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

8. Your Rights

You have the following rights regarding your personal data:

Access Request a copy of the personal data we hold about you.
Correction Request correction of inaccurate or incomplete data.
Deletion Request deletion of your personal data, subject to legal retention requirements.
Export Request your data in a portable, machine-readable format (JSON or CSV).
Withdraw Consent Withdraw consent for data processing at any time (this may limit your ability to use the Service).
Complaint File a complaint with the Office of the Privacy Commissioner of Canada or your local data protection authority.

To exercise any of these rights, contact us at hello@newdigi.ca. We will respond to requests within 30 days. We may ask you to verify your identity before processing a request.

9. Cookies & Tracking

What Cookies We Use

Cookie Type Purpose
Session cookie Essential Keeps you logged in during your visit
Authentication token Essential Securely identifies your account
Event tracking Functional Tracks feature usage to improve the Service

What We Do NOT Use

  • Third-party advertising cookies
  • Cross-site tracking pixels
  • Social media tracking widgets

Essential cookies are required for the Service to function. You can disable cookies in your browser settings, but this may prevent you from using the Service.

10. Canadian Privacy Law (PIPEDA)

As a Canadian business, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). In accordance with PIPEDA's ten fair information principles:

  • Accountability: We are responsible for personal information under our control. Our Privacy Officer can be reached at hello@newdigi.ca.
  • Identifying Purposes: We identify the purposes for collecting personal information before or at the time of collection, as described in this policy.
  • Consent: We obtain your meaningful consent for the collection, use, and disclosure of personal information. By using the Service, you consent to the practices described here.
  • Limiting Collection: We collect only the information necessary to fulfill the identified purposes.
  • Limiting Use, Disclosure, and Retention: Personal information is used only for the purposes for which it was collected, and retained only as long as necessary.
  • Accuracy: We take reasonable steps to ensure personal information is accurate, complete, and up-to-date. You may update your information at any time.
  • Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.
  • Openness: This Privacy Policy makes our data practices readily available to you.
  • Individual Access: Upon request, we will inform you of the existence, use, and disclosure of your personal information and give you access to it.
  • Challenging Compliance: You may challenge our compliance with these principles by contacting us. If unresolved, you may file a complaint with the Office of the Privacy Commissioner of Canada.

11. International Users

The Service is operated from Canada. If you access the Service from outside Canada, your data may be transferred to, stored, and processed in Canada and the United States (where our third-party service providers operate).

By using the Service, you consent to the transfer of your information to Canada and other countries that may have different data protection laws than your country of residence.

European Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

  • Our legal basis for processing your data is your consent (provided when you create an account) and our legitimate interests in operating the Service.
  • You have the right to lodge a complaint with your local supervisory authority.
  • You may request restriction of processing or object to processing based on legitimate interests.
  • Cross-border data transfers are conducted in accordance with applicable legal mechanisms.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this page
  • For material changes, we will notify you by email or through a prominent notice on the Service
  • We will provide at least 14 days' notice before material changes take effect

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact & Privacy Inquiries

For questions about this Privacy Policy, to exercise your data rights, or to raise a privacy concern, contact us:

newdigi — Privacy Officer

Vancouver, British Columbia, Canada

Email: hello@newdigi.ca

Web: theautomator.ai

We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.