Data and Security - Aifficiency

1. Introduction

Aifficiency Inc. ("Aifficiency", "we", "us", or "our") is committed to maintaining the confidentiality, integrity, and availability of our clients' data. This Data and Security Policy outlines the measures we take to protect the information processed through our AI automation services.

2. Data Handling and Storage

Aifficiency processes client data to provide our AI automation services, which may include, but are not limited to, lead capture, appointment scheduling, automated reminders, quote generation, invoicing, and document parsing. The nature of the data processed depends on the services utilized by the client and the information they provide.

AI Processing: Client data is processed using our proprietary AI algorithms and potentially third-party AI platforms like Google Cloud's Vertex AI for sophisticated tasks. All processing is conducted in secure environments.
Data Storage: Client data is stored on secure, encrypted cloud infrastructure. For services leveraging Google Cloud, data resides within Google's secure data centers.
Secure Self-Hosting Options: For clients with specific data residency or heightened security requirements, Aifficiency offers self-hosting capabilities. In a self-hosted model, the client assumes responsibility for the security of their infrastructure, while Aifficiency remains responsible for the security of our software. Specific responsibilities will be detailed in the client's service agreement.

3. Security Measures

We implement a variety of industry-standard security measures to protect client data:

Technical Safeguards:
- Encryption: Data is encrypted both in transit (e.g., using TLS/SSL) and at rest.
- Access Controls: Strict access controls are enforced to ensure that only authorized personnel can access client data, based on the principle of least privilege.
- Network Security: Firewalls, intrusion detection/prevention systems, and regular vulnerability scanning are employed to protect our network and systems.
- Secure Development: Our software development lifecycle includes security considerations and testing.
Organizational Safeguards:
- Employee Training: Employees are trained on data security and privacy best practices.
- Confidentiality Agreements: All employees and contractors are bound by confidentiality agreements.
- Data Minimization: We strive to collect and process only the data necessary to provide our services.

4. Client Responsibilities

Clients play a crucial role in data security:

Account Security: Clients are responsible for maintaining the security of their account credentials and access to Aifficiency services.
Data Accuracy: Clients are responsible for the accuracy and legality of the data they provide to Aifficiency for processing.
Self-Hosting Security: If utilizing self-hosting options, clients are responsible for securing their own infrastructure, network, and access controls as outlined in their service agreement.

5. Incident Management

In the event of a data security incident, Aifficiency will:

Promptly investigate the incident to determine its scope and impact.
Take necessary steps to contain and remediate the incident.
Notify affected clients in accordance with legal and contractual obligations.
Cooperate with relevant authorities as required.

6. Compliance

Aifficiency is headquartered in Ontario, Canada, and endeavors to comply with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Our data security practices are designed to meet these regulatory requirements.

7. Policy Updates

We may update this Data and Security Policy from time to time. We will notify clients of any material changes through our website or direct communication. We encourage you to review this policy periodically.

8. Contact Us

If you have any questions about our data and security practices, please contact us through the information provided on our "Get Started" page.