Privacy Policy

Linea ("Linea," "we," "us," or "our") is an AI implementation partner that designs, builds, and operates custom AI agents and workflows for mid-market businesses. We are based in Ontario, Canada.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you:

• visit bylinea.com or interact with our marketing materials;
• contact us, request a strategy session, or correspond with our team; or
• engage Linea for services or access our hosted platform, Linea Agent Management™ (LAM) / Conduit (the "Platform").

Roles. For our website and our own marketing and business operations, Linea acts as the party that determines how personal information is handled (a "controller" or "business"). When we process data on behalf of a client through the Platform or a Statement of Work, we act as that client's service provider / processor, and we handle that data under the client's instructions and our agreement with them. This Policy primarily describes the information for which Linea is responsible; client-directed processing is governed by Section 7 and the applicable services agreement.

This Policy should be read together with our Terms and Conditions, which it forms part of where referenced.

2.1 Information you provide to us

When you submit our contact or strategy-session form, or otherwise communicate with us, we collect the information you choose to give us, which may include:

• your first and last name;
• business email address;
• company name, your role, and company size;
• the contents of your message and any details you share about your workflows, processes, or objectives; and
• any further information you provide during calls, emails, proposals, or onboarding.

2.2 Information collected automatically

When you visit our website, we and our analytics providers automatically collect certain technical information, including your IP address, browser type and settings, device information, referring pages, pages viewed, and dates and times of access. We collect this information using cookies and similar technologies (see Section 5).

2.3 Information processed through the Platform

In the course of delivering services, our clients and their authorized users may input, upload, or generate data within the Platform ("Client Data"), which can include personal information about the client's own customers, employees, or contacts. We process Client Data only as described in Section 7 and under our services agreement with the client.

2.4 Information from third parties

We may receive limited information about you from third-party sources such as our analytics providers, our customer-relationship and email platforms, and publicly available business sources (for example, a company website or professional profile) used to qualify and respond to inquiries.

We use the personal information we collect to:

• respond to your inquiries and schedule and conduct strategy sessions;
• provide, operate, maintain, and improve our services and the Platform;
• prepare proposals and Statements of Work, and manage our engagements with clients;
• send administrative communications, such as service updates, security notices, and billing information;
• send marketing communications about our services where permitted, from which you can opt out at any time;
• understand how our website is used, measure performance, and improve content and user experience;
• protect the security and integrity of our website, Platform, and business; and
• comply with legal, regulatory, and contractual obligations, and to establish, exercise, or defend legal claims.

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial law, we collect, use, and disclose personal information with your consent, which may be express or implied depending on the sensitivity of the information and the circumstances.

For example, when you submit a form requesting that we contact you, you provide consent for us to use your information to respond. We also rely on consent, our legitimate business interests, the performance of a contract with you, and compliance with legal obligations as appropriate bases for processing.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us using the details in Section 15. Withdrawing consent may limit our ability to provide certain services to you.

We use cookies and similar technologies to operate our website, remember preferences, and understand site usage. We use Google Analytics to collect aggregated statistics about how visitors interact with our site. Google Analytics may set cookies and process technical data such as your IP address and browsing activity on our behalf.

You can control or disable cookies through your browser settings. You can opt out of Google Analytics across websites by installing the Google Analytics Opt-out Browser Add-on. Disabling cookies may affect the functionality of some parts of our website.

We do not use cookies to sell your personal information. Where required by law, we will request your consent before setting non-essential cookies.

We do not sell your personal information. We share personal information only in the following circumstances:

• Service providers and sub-processors. We share information with trusted vendors that help us run our business, such as website and infrastructure hosting, analytics, email and customer-relationship management, scheduling, payment processing, and the AI model and cloud providers that power the Platform. These providers are permitted to use the information only to perform services for us and under appropriate confidentiality and data-protection obligations.
• Professional advisors. We may share information with our accountants, auditors, lawyers, and insurers where reasonably necessary.
• Business transfers. If Linea is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy.
• Legal and safety. We may disclose information where required to comply with applicable law, regulation, legal process, or a governmental request, or to protect the rights, property, or safety of Linea, our clients, or others.

Our services involve the use of artificial intelligence models and automated workflows. The following principles apply to how data is handled in connection with the Platform and our engagements:

• Client ownership. Clients retain all rights to Client Data input into or generated by the Platform, as set out in our Terms and Conditions.
• Purpose limitation. We access and process Client Data only to provide, support, secure, and maintain the services, to improve the Platform, or as required by law or the applicable services agreement.
• Model training. We do not use Client Data to train publicly available or third-party foundation models, and we do not authorize our AI sub-processors to train their models on Client Data, except where a client has expressly instructed or agreed otherwise in writing.
• Human oversight. AI outputs can contain errors. We design workflows with appropriate governance, and clients remain responsible for reviewing outputs before relying on them for decisions affecting individuals.

Where Linea processes personal information on behalf of a client, the client is responsible for ensuring it has a lawful basis and any required notices or consents for that processing, and our handling of that data is governed by our agreement with the client.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide our services, maintain business records, and comply with legal, tax, and accounting obligations.

Inquiry and marketing contact information is retained while we have an active relationship or ongoing interest, and thereafter for a reasonable period unless you ask us to delete it. Client Data is retained for the term of the engagement and, following termination, is deleted in accordance with our Terms and Conditions (generally within sixty (60) days unless otherwise requested or legally required).

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and loss. These measures include access controls, encryption in transit, vendor due diligence, and the principle of least privilege.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach of security affecting your personal information, we will notify you and the appropriate authorities where required by law.

Linea operates in Canada and uses service providers that may store or process personal information in Canada and the United States. As a result, your information may be transferred to, stored in, or accessed from jurisdictions outside your own, and may be subject to the laws of those jurisdictions, including lawful access by courts, law enforcement, and government authorities.

Where we transfer personal information to a service provider in another jurisdiction, we use contractual and other measures designed to provide a comparable level of protection.

Subject to applicable law, you have the right to:

• access the personal information we hold about you and request information about how it is used and disclosed;
• request correction of inaccurate or incomplete information;
• withdraw your consent to our use of your information, subject to legal and contractual limits;
• unsubscribe from marketing communications at any time; and
• request deletion of your information where we are not required to retain it.

To exercise these rights, contact us using the details in Section 15. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on a request.

If you are in Canada and are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (OPC) or your applicable provincial privacy regulator.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), provides you with the following rights regarding personal information that we collect:

• Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes for collecting it, and the categories of third parties with whom we share it;
• Right to delete personal information we have collected, subject to legal exceptions;
• Right to correct inaccurate personal information;
• Right to opt out of the "sale" or "sharing" of personal information; and
• Right to non-discrimination for exercising your privacy rights.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We do not knowingly sell or share the personal information of consumers under 16 years of age.

You may exercise these rights by contacting us using the details in Section 15. You may use an authorized agent to submit a request on your behalf, in which case we may require proof of authorization and verification of your identity.

Our website and services are intended for businesses and are not directed to children. We do not knowingly collect personal information from individuals under the age of 16. If you believe we have inadvertently collected such information, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. We encourage you to review this Policy periodically.

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy concern or complaint, please contact us at:

Linea
Ontario, Canada
Email: privacy@bylinea.com

We will acknowledge your request and respond within the timeframe required by applicable law.