Legal

02
Back to Legal

Privacy Policy

Your privacy matters. This policy explains how we collect, use, and protect your information.

Last updated: January 1, 2025

1. Introduction

Canary ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our messaging API platform, website, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information such as:

  • Name and email address
  • Company name and business information
  • Billing address and payment information
  • Phone number for account verification
  • API keys and authentication credentials

2.2 Message Data

When you use our messaging APIs, we process:

  • Message content (SMS, email, and other channel content)
  • Sender and recipient information (phone numbers, email addresses)
  • Message metadata (timestamps, delivery status, message IDs)
  • Template data and personalization variables

2.3 Usage Information

We automatically collect certain information when you use our Services:

  • API usage patterns and request logs
  • IP addresses and device information
  • Browser type and operating system
  • Pages visited and features used
  • Error logs and diagnostic data

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process and deliver messages through our APIs
  • Process transactions and send billing information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations and enforce our terms

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you Services. Specifically:

  • Account data: Retained until account deletion, plus any legally required retention period
  • Message content: Retained for 30 days by default, configurable per account (7-90 days)
  • Message metadata: Retained for 12 months for analytics and compliance purposes
  • API logs: Retained for 90 days for debugging and security purposes
  • Billing records: Retained for 7 years as required by financial regulations

5. Data Sharing and Disclosure

We may share your information in the following situations:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including:

  • Telecommunications carriers for message delivery
  • Cloud infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe)
  • Analytics providers
  • Customer support tools

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee security training and background checks
  • Incident response procedures

For more details about our security practices, please visit our Security page.

7. Your Privacy Rights

7.1 General Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information
  • Export your data in a portable format
  • Opt out of certain data processing activities
  • Withdraw consent where processing is based on consent

7.2 GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data processing
  • Right to restriction of processing
  • Right to object to processing
  • Rights related to automated decision-making
  • Right to lodge a complaint with a supervisory authority

Our legal bases for processing include: performance of a contract, legitimate interests, compliance with legal obligations, and consent.

7.3 CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt out of the sale of personal information
  • Right to non-discrimination for exercising your rights

We do not sell your personal information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Data processing agreements with service providers

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through our Services.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

  • Email: privacy@canarymsg.dev
  • Mail: Canary, Inc., San Francisco, CA

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@canarymsg.dev.