Privacy Policy
Last updated June 05, 2026
Table of Contents
- About this Privacy Policy
- Personal Information We Collect
- How We Use Personal Information
- Personal Information Generated Through Service Operations
- Cookies, Analytics, and Preference Signals
- How We Share Personal Information
- AI Features
- How Long We Keep Personal Information
- How We Keep Personal Information Safe
- Enterprise-Only Access
- International Transfers
- Your Rights and Choices
- Legal Bases for Processing (EU, UK, and Switzerland)
- Supplemental Disclosures for Residents of Canada
- Changes to This Notice
- How to Contact Us
1. About this Privacy Policy
Silmo Inc. ("Silmo," "we," "us") provides an AI-powered automation platform and related websites, applications, and offerings to enterprise customers (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and process your personal information when you visit silmo.ai and other Silmo websites, use the Silmo platform at console.silmo.ai, communicate with us about our products or services, or apply for a job with us.
This Privacy Policy does not describe what we do with data our enterprise customers submit to the Silmo platform for processing, such as business documents, business communications, recorded phone calls, financial records, and information about the customer's own customers, employees, vendors, or third parties. We process that data only on the customer's instructions, under our agreement with the customer. If you have questions or want to exercise rights with respect to data your employer or another organization has submitted to our platform, please contact that organization directly.
2. Personal Information We Collect
We collect the following categories of personal information:
Information you provide to us
- Identity and contact information. Your name, email address, phone number, job title, and similar details, which you provide when you create an account, contact us, request information about Silmo, or apply for a job. Where you communicate with us, we collect the contents of those communications.
- Account and authentication information. When you create or sign in to an account on the Silmo platform, we collect information needed to provision and authenticate your account, including your username, role, and authentication credentials. Providing this information is necessary for us to give you access to the platform; if you do not provide it, we cannot provision your account.
- Job application information. If you apply for a job with us, we collect your resume, employment history, education, and any other information you choose to share through our application process.
Information we collect automatically when you use our Services
- Device and connection information. When you visit our websites or use the Silmo platform, we automatically collect information about your device and connection, consistent with your device or browser permissions, about when and how you access or use our Services. This includes information such as your device type, operating system information, browser information, mobile network, connection information, mobile operator or internet service provider (ISP), time zone setting, IP address (including information about the location of the device derived from your IP address), identifiers (including device or advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers), and device location.
- Usage information. We collect information about how you use the Services, including dates and times of access, features used, agents configured, sessions, pages viewed, and similar activity.
- Log and troubleshooting information. We collect information about how our Services are performing when you use them. This information includes log files. If you or your device experiences an error, we may collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred.
- Cookies and similar technologies. We use a limited set of first-party cookies and similar technologies to operate our websites and the Silmo platform, remember your preferences, and analyze usage. See Section 5 for more on our cookie practices and your choices.
Information we receive from third parties
- Identity providers. If you sign in to or register with the Silmo platform using your organization's identity provider (such as Google or Microsoft), we receive your name, business email, profile picture, and similar profile information through our authentication service WorkOS.
- Your organization. When an administrator at your organization provisions your account or otherwise provides information about you in connection with your use of the Silmo platform.
- Business information providers and public sources. We may obtain business contact information from commercial providers and public sources to support our sales and marketing activities.
We do not collect sensitive personal information from website visitors, platform users, business contacts, or job applicants as defined by US state privacy laws (for example, government identifiers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of mail or messages other than support correspondence with us, genetic data, biometric identifiers for identification, health information, or sexual orientation).
3. How We Use Personal Information
We use your personal information for the following purposes:
- To provide and operate the Services, including authenticating you, creating and maintaining your account, supporting you when you have questions, and personalizing your experience
- To communicate with you about the Services, including service announcements, security notices, and responses to your inquiries
- To secure the Services, including monitoring for fraud, abuse, and unauthorized access, and maintaining audit logs
- To investigate and resolve disputes and security incidents
- To analyze how authorized users navigate and use the Silmo platform, including which features they use, where they encounter errors, and how long sessions last, to diagnose problems, develop new features, and improve usability
- To manage our sales, marketing, and business operations, including identifying and communicating with prospective and existing business contacts, organizing events, and managing customer relationships
- To market our services, including sending you newsletters, product updates, event invitations, and other promotional information, where you have agreed to receive these or where applicable law otherwise permits us to send them
- To evaluate candidates who apply for employment with us
- To manage our business, including internal reporting, financial accounting, audit, and corporate transactions
- To comply with legal obligations and to exercise or defend legal rights
4. Personal Information Generated Through Service Operations
The Silmo platform generates operational data when it runs automated workflows for our customers, including logs, performance metrics, error traces, billing meters, and similar telemetry from the agent processing layer. We use this operational data to run, secure, support, and bill for the Services.
Separately, where our customer agreements permit it, we aggregate, anonymize, or de-identify information derived from Service operations and use the resulting data to improve, develop, and enhance our products and services, including the underlying AI systems we build and operate. We take reasonable measures to de-identify this information consistent with our customer agreements, and we do not attempt to re-identify it. We do not use information that identifies you to train third-party general-purpose AI models, and our AI service providers are contractually prohibited from using data we send them to train their own general-purpose models.
5. Cookies, Analytics, and Preference Signals
We do not use third-party advertising trackers, advertising pixels, or commercial analytics services such as Google Analytics. Our website and console analytics are self-hosted and privacy-focused, and we do not share browsing data with third parties for advertising or tracking purposes.
Because we do not engage in cross-site tracking, Do-Not-Track browser signals do not change the behavior of our websites. We recognize and honor Global Privacy Control signals where applicable law requires us to do so, though our default practices already align with the intent of those signals.
6. How We Share Personal Information
We share personal information with:
- Service providers who help us operate our business and maintain the Services, including for cloud hosting and infrastructure, authentication, AI model processing, telephony, security, customer support, sales and marketing operations, and analytics. These providers act on our instructions and are contractually bound to handle information consistently with this notice.
- Your organization's administrators where you access the Silmo platform through an enterprise account. Administrators can typically see information about your use of the Silmo platform.
- Authorities and other parties where we are required by law, where necessary to protect our rights or the safety of others, or in connection with a corporate transaction such as a merger, financing, or acquisition.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or targeted advertising.
We disclose the categories of personal information described in Section 2 to the categories of service providers described above for the business purposes described in Section 3. In the preceding twelve months, we have not sold personal information, shared personal information for cross-context behavioral advertising, or engaged in targeted advertising.
7. AI Features
The Silmo platform uses AI models provided by third parties. When you use the platform, information you submit may be sent to those providers solely to generate the requested output. Our contracts with these providers prohibit them from using information you submit to train their general-purpose models.
We do not use automated decision-making, including profiling, to make decisions about you that produce legal or similarly significant effects. Our enterprise customers may configure the Silmo platform to make decisions in their own business operations; any such decisions are made by the customer, not by us, and are governed by the customer's own privacy practices.
8. How Long We Keep Personal Information
We keep personal information only for as long as we have a legitimate need to do so. Specific retention practices vary by category of information:
- Platform user account information: for as long as your account is active, plus a reasonable period after account closure for legal, security, and audit purposes.
- Usage logs and platform telemetry: typically retained for a period of months to support security, fraud prevention, and product improvement, then deleted or aggregated.
- Business contact and marketing information: for as long as you remain a prospect or contact, or until you ask us to remove you, subject to applicable retention requirements.
- Support and inquiry correspondence: for the duration of the matter and a reasonable period thereafter.
- Job applicant information: for the duration of the hiring process and the period permitted or required by applicable employment law.
- Backup and archival copies: retained per our backup lifecycle and then overwritten or deleted in the ordinary course.
We may retain information for longer where required by law, where necessary to exercise or defend legal claims, or where governed by contractual obligations to our enterprise customers.
9. How We Keep Personal Information Safe
We maintain technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. No system is perfectly secure, and we cannot guarantee the absolute security of any information.
10. Enterprise-Only Access
The Silmo platform is intended for business use by authorized representatives of our enterprise customers. We do not offer consumer accounts, and we do not knowingly collect personal information from children.
11. International Transfers
Silmo has operations in the United States and Canada. We use service providers and infrastructure located primarily in the United States, as well as in Canada and other countries, to provide the Services.
Where we transfer personal information across borders, we take reasonable measures to ensure it receives an appropriate level of protection through contractual safeguards and technical and organizational measures.
Where we transfer personal information out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the following safeguards:
- For transfers to Canada, we rely on the European Commission's adequacy decision for Canadian commercial organizations, and the United Kingdom and Swiss equivalents.
- For transfers to the United States and other countries without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses, the United Kingdom International Data Transfer Addendum, and the Swiss equivalent, supplemented as necessary by additional technical and organizational measures. Where a recipient is certified under the EU-US Data Privacy Framework or its UK Extension, we may also rely on those frameworks.
You can request a copy of the safeguards we use by contacting us at [email protected].
12. Your Rights and Choices
Depending on where you live and the laws that apply to you, you may have rights with respect to your personal information, including:
- To know what personal information we hold about you, including the categories of personal information, the categories of sources from which it is collected, the business or commercial purposes for collecting it, and the categories of third parties to whom we disclose it
- To access the personal information we hold about you and to receive a copy
- To correct inaccurate personal information
- To delete your personal information, subject to certain exceptions
- To receive your personal information in a portable format
- To object to or restrict certain processing, including processing based on our legitimate interests
- To withdraw consent where we rely on it. Withdrawal does not affect the lawfulness of processing carried out before withdrawal
- To opt out of the sale of personal information, sharing for cross-context behavioral advertising, targeted advertising, and certain profiling. We do not engage in any of these activities.
- To limit our use of sensitive personal information. We do not collect sensitive personal information from individuals covered by this notice, so this right is generally moot in practice.
- Not to be retaliated against for exercising your rights, including as a job applicant, student or applicant to an educational program, employee, or independent contractor
- Not to be subject to decisions producing legal or similarly significant effects made solely by automated means. We do not use automated decision-making for significant decisions about individuals covered by this notice.
The specific rights available to you, and the conditions under which they apply, depend on the law in your jurisdiction. See Section 13 for the legal bases on which we process personal information of individuals in the EEA, UK, and Switzerland, and Section 14 for supplemental information relevant to residents of Canada.
How to exercise your rights
To submit a request, email [email protected] with your name, the right(s) you wish to exercise, and information sufficient for us to verify your identity (such as the email address associated with your account or business contact record). You may also designate an authorized agent to make a request on your behalf, with appropriate proof of authorization. We will confirm receipt of your request within 10 business days and respond within 45 calendar days of receipt, with one extension of up to 45 additional days where reasonably necessary (in which case we will notify you of the extension within the first 45 days).
Appeals
If we decline to take action on your request, you may appeal our decision by emailing [email protected]. We will respond to your appeal in writing, explaining the action taken or the reasons for declining. If your appeal is denied, you may have the right to file a complaint with your data protection authority or state attorney general. See Section 13 for EEA/UK/Swiss authorities and Section 14 for Canadian authorities.
Account information
If you are an authorized user of the Silmo platform, you may also review and update certain account information directly through the platform. Account provisioning and deprovisioning are generally managed by your organization's administrators; if you wish to deactivate your account or remove information that is not self-service, please contact your administrator or email us.
For data your organization has submitted to the Silmo platform
If your question relates to data that an enterprise customer has submitted to the Silmo platform for processing, please contact that organization directly. We act on the customer's instructions with respect to that data and cannot independently honor rights requests about it.
13. Legal Bases for Processing (EU, UK, and Switzerland)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:
- Legitimate interests: We rely on this basis for operating, securing, and improving the platform. Specifically, we have a legitimate interest in administering platform user accounts on behalf of our enterprise customers, protecting the platform from fraud and abuse, maintaining audit logs for accountability, understanding how the platform is used to improve it, and communicating with business contacts about our products. We balance these interests against your rights and freedoms and limit our processing accordingly. You may object to processing based on legitimate interests by contacting us at [email protected].
- Performance of a contract: We rely on contractual necessity to process information of individuals who have a direct contractual relationship with us.
- Consent: We rely on consent where we ask for it specifically, including for certain marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Compliance with legal obligations: We rely on this basis when we respond to lawful requests from authorities, exercise or defend legal rights, or otherwise comply with applicable law.
If you believe we are processing your information unlawfully, you have the right to lodge a complaint with your local data protection authority (find yours at edpb.europa.eu), the UK Information Commissioner's Office (ico.org.uk), or the Swiss Federal Data Protection and Information Commissioner (edoeb.admin.ch).
14. Supplemental Disclosures for Residents of Canada
These supplemental disclosures contain additional information relevant to residents of Canada. They should be read together with the rest of this Privacy Policy. To the extent of any conflict between this section and another section of this Privacy Policy, this section prevails for residents of Canada.
Consent. We rely on your consent (express or implied as appropriate to the circumstances and the sensitivity of the information involved) to process your personal information, except where applicable law permits or requires processing without consent. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Complaints. If you have unresolved concerns about our handling of your personal information, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca), or with the privacy commissioner in your province where applicable (including the Commission d'accès à l'information du Québec, the Office of the Information and Privacy Commissioner of Alberta, or the Office of the Information and Privacy Commissioner for British Columbia).
15. Changes to This Notice
We may update this notice from time to time. When we make changes, we will update the "Last Updated" date at the top of the notice. If we make material changes, we will provide additional notice, such as by posting a prominent notice on our website or, where appropriate, by sending notice to you directly. We encourage you to review this notice periodically.
16. How to Contact Us
Our privacy officer can be reached at [email protected].
If you prefer to contact us by mail:
Silmo Inc.
Attn: Privacy
119 Spadina Avenue, Unit 304
Toronto, Ontario M5V 2L1, Canada