Privacy Policy

Last updated March 09, 2026

This Privacy Notice for Silmo Inc. ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://silmo.ai or any website of ours that links to this Privacy Notice
  • Access or use our platform at https://console.silmo.ai as an authorized user of an organization that has engaged our Services
  • Submit data to our Services for processing via email, API, webhooks, or other integrations
  • Engage with us in other related ways, including sales, onboarding, or support

Important distinction: Silmo operates as an AI-powered back-office automation platform for enterprises. In providing our Services, we act in two capacities: (a) as a data controller when we collect and process personal information from our platform users (e.g., account information, usage data); and (b) as a data processor when we process data submitted by or on behalf of our enterprise customers ("Customer Data") to perform automation tasks. The processing of Customer Data is governed by our agreements with the applicable enterprise customer, and this Privacy Notice applies to Customer Data only to the extent described herein.

Enterprise Customers: If your organization has entered into a master services agreement, data processing agreement, or other written agreement with us, that agreement governs the processing of Customer Data and takes precedence over this Privacy Notice to the extent of any conflict.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Summary of Key Points

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, such as financial data or the contents of communications. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we collect any information from third parties? In limited cases, yes. If your organization enables federated sign-in, we may receive basic profile details from identity providers such as Google or Microsoft.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical measures in place to protect your personal information. However, no system is 100% secure. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by visiting https://console.silmo.ai, or by contacting us at [email protected].

Table of Contents

  1. What Information Do We Collect?
  2. How Do We Process Your Information?
  3. What Legal Bases Do We Rely On to Process Your Personal Information?
  4. When and With Whom Do We Share Your Personal Information?
  5. Do We Offer Artificial Intelligence-Based Products?
  6. Authentication Providers
  7. How Long Do We Keep Your Information?
  8. How Do We Keep Your Information Safe?
  9. Enterprise-Only Access
  10. Healthcare Customers and Protected Health Information
  11. What Are Your Privacy Rights?
  12. Tracking and Do-Not-Track
  13. Do United States Residents Have Specific Privacy Rights?
  14. Do We Make Updates to This Notice?
  15. How Can You Contact Us About This Notice?
  16. How Can You Review, Update, or Delete the Data We Collect from You?

1. What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, when your organization engages us to provide our Services, when you submit data for processing through the platform, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • names
  • email addresses
  • phone numbers
  • job titles
  • business email contents and attachments submitted for processing
  • documents, files, and data submitted to the platform for automation tasks
  • voice and audio recordings from phone-based interactions

Voice and Telephony Data. As part of our AI-powered automation Services, we may initiate or receive phone calls on your behalf or at your request using third-party telephony providers (such as Telnyx). During these calls, we may collect and process voice data, call recordings, call metadata (such as phone numbers, call duration, and timestamps), and any information you provide verbally during the call. Voice data may be transcribed and processed by our AI Service Providers to fulfill the purpose of the interaction. We retain call data only for as long as necessary to provide the Services and as described in this Privacy Notice. You and your organization are responsible for providing any legally required notices and obtaining any legally required consents for call recording and related processing.

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • financial data

Authentication Data. We may provide you with the option to register with us using your existing identity provider credentials, such as your Google or Microsoft account. If you choose to register in this way, we will collect certain profile information about you from the identity provider, as described in "Authentication Providers" below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. How Do We Process Your Information?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To deliver our Services and fulfill contractual obligations. We process Customer Data as necessary to perform the automation tasks requested by you or your organization, including document processing, data extraction, information exchange, and other workflows configured through the platform.
  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To communicate with you about the Services. We may process your information to send you service-related communications, respond to support requests, and contact you about your use of our Services.
  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To improve our Services. We may process information about how you use our Services to better understand usage patterns so we can improve them. We do not use Customer Data to train general-purpose AI models.
  • To comply with legal obligations. We may process your information when necessary to comply with applicable laws, regulations, or legal processes.

3. What Legal Bases Do We Rely On to Process Your Information?

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Performance of a Contract. We process your information when necessary to provide the Services to your organization, including account administration, authentication, support, and operation of the platform.
  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
    • Analyze how our Services are used so we can improve them for our customers
    • Diagnose problems and/or prevent fraudulent activities
    • Understand how our customers use our platform so we can improve service quality and reliability
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If the information is publicly available and is specified by the regulations

4. When and With Whom Do We Share Your Personal Information?

We may need to share your personal information in the following situations:

  • Third-Party Service Providers (Sub-Processors). We share data with third-party service providers who assist us in delivering the Services, including AI service providers (Google Cloud AI, Anthropic, OpenAI, Amazon Bedrock, Microsoft Azure AI, ElevenLabs, Exa), telephony providers (Telnyx), cloud infrastructure providers (DigitalOcean), authentication providers (WorkOS), and analytics services. These providers process data on our behalf and are contractually bound to use it only for the purposes of providing their services to us.
  • Your Organization. If you access the Services as an authorized user of an organization, we may share information about your use of the Services with that organization's administrators.
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Legal Requirements. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

5. Do We Offer Artificial Intelligence-Based Products?

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including Google Cloud AI, Anthropic, OpenAI, ElevenLabs, Exa, and Telnyx. As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in "What Legal Bases Do We Rely On to Process Your Personal Information?" You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:

  • AI-powered document processing and data extraction
  • Workflow automation
  • Voice-based data gathering via AI-assisted phone calls
  • Web search and information retrieval
  • Browser or computer-use based task automation

How We Process Your Data Using AI

All personal information processed using our AI Products is handled in line with this Privacy Notice and our contractual agreements with our AI Service Providers. Customer Data is transmitted to AI Service Providers solely to execute the automation tasks requested by you or your organization. We do not use Customer Data to train general-purpose AI or machine learning models. Our AI Service Providers are contractually prohibited from using Customer Data for their own training purposes.

6. Authentication Providers

Our Services use a third-party authentication provider (WorkOS) to manage user registration and login. You may authenticate using your existing identity provider credentials (such as your Google or Microsoft account). Where you choose to do this, we will receive certain profile information about you from the identity provider, which may include your name, email address, and profile picture.

We will use the information we receive only for the purposes described in this Privacy Notice. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party identity provider. We recommend that you review their privacy notice to understand how they handle your personal information.

7. How Long Do We Keep Your Information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, including to provide the Services, maintain security, comply with legal obligations, and satisfy contractual commitments to enterprise customers. Retention periods may vary by data category and service configuration and may extend beyond account termination where required by law, legal hold, backup lifecycle, or contract.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. How Do We Keep Your Information Safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. Enterprise-Only Access

Our Services are intended for business use by authorized representatives of enterprise customers. We do not offer consumer accounts and do not knowingly market the Services for personal, family, or household purposes. If we become aware that an account is being used outside this intended scope, we may suspend access and take appropriate corrective action.

10. Healthcare Customers and Protected Health Information

Where Silmo processes Protected Health Information ("PHI") on behalf of a customer that is a HIPAA Covered Entity or Business Associate, Silmo acts as a Business Associate under HIPAA. Our processing of PHI in those engagements is governed exclusively by the executed Business Associate Agreement ("BAA") between Silmo and that customer. To the extent this Privacy Notice or our Terms of Use conflict with the BAA with respect to PHI, the BAA controls.

PHI is not used to train, fine-tune, or improve any AI model. Sub-processors that process PHI are limited to those specifically authorized under the executed BAA, regardless of the broader list of AI Service Providers identified elsewhere in this Privacy Notice. Individuals seeking access to their PHI should contact the Covered Entity that originally collected it.

11. What Are Your Privacy Rights?

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "How Can You Contact Us About This Notice?" below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "How Can You Contact Us About This Notice?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

You may review and update certain account profile data through the platform. Account provisioning and deprovisioning are generally managed by your organization's administrators. If you wish to request account deletion or changes beyond self-service controls, contact your organization administrator or email [email protected].

Upon valid request and subject to applicable law and enterprise contractual obligations, we will deactivate or delete personal information from active systems. We may retain limited records to prevent fraud, troubleshoot problems, support audits and investigations, enforce our legal terms, and comply with legal requirements.

If you have questions or comments about your privacy rights, you may email us at [email protected].

12. Tracking and Do-Not-Track

No tracking cookies. We do not use tracking cookies, third-party advertising pixels, or commercial analytics services such as Google Analytics. Our analytics are self-hosted and privacy-focused, and we do not share browsing data with third parties for advertising or tracking purposes.

Do-Not-Track signals. Because we do not engage in cross-site tracking, Do-Not-Track ("DNT") browser signals do not change the behavior of our Services. There is currently no uniform technology standard for DNT, but our default practices already align with DNT intent.

Global Privacy Control. We recognize and honor GPC signals as required by the California Consumer Privacy Act (CCPA), though our default practices already align with GPC intent since we do not sell or share personal information for advertising purposes.

13. Do United States Residents Have Specific Privacy Rights?

Categories of Personal Information We Collect

In the past twelve (12) months, we have collected the following categories of personal information (as defined by applicable US state privacy laws):

CategoryExamplesRetention
A. IdentifiersName, email address, phone number, IP address, account nameAs long as the user has an account with us
G. Audio, electronic, or similar informationCall recordings created in connection with our ServicesAs long as necessary to fulfill the purpose of the interaction
K. Sensitive personal informationAccount login information, contents of email or text messages submitted for processingAs long as the user has an account with us

We do not collect biometric data, geolocation data, browsing history, or demographic data. We do not process sensitive personal information for the purpose of inferring characteristics about you. For a full description of what we collect and why, see "What Information Do We Collect?" and "How Do We Process Your Information?"

In the preceding twelve (12) months, we have not sold personal information, shared personal information for cross-context behavioral advertising, or engaged in targeted advertising. We do disclose personal information to service providers and processors solely to deliver and secure the Services, as described in "When and With Whom Do We Share Your Personal Information?".

Your Rights

Under applicable US state data protection laws (including the Delaware Personal Data Privacy Act and the CCPA), you may have the following rights:

  • Right to know whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to obtain a copy of your personal data in a portable format
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at [email protected] or visit https://console.silmo.ai. We may need to verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf, provided they submit proof of valid authorization.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

14. Do We Make Updates to This Notice?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

15. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

Silmo Inc.
119 Spadina Avenue, Unit 304
Toronto, Ontario M5V 2L1, Canada

16. How Can You Review, Update, or Delete the Data We Collect from You?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: https://console.silmo.ai.