Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains how Mohamed Khan, carrying on business as Inphira Automations (“Inphira,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information. We are an AI automation agency based in Surrey, BC, Canada.

We handle personal information in two different capacities, and this Policy is organized around that distinction (see “Our Two Roles” below). We are committed to handling personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and British Columbia’s Personal Information Protection Act (“BC PIPA”), as applicable. If you have questions, contact us at hello@inphira.ca.

1. Scope of this Policy

This Policy applies to:

personal information we collect from visitors to our website and from people who contact us, request information, or engage our services (“Website and Business Contacts”); and
personal information contained in data that our clients provide to us, or that we process on our clients’ behalf, when we design, build, and operate automations for them (“Client Data”).

This Policy does not replace any separate written agreement between us and a client. Where a signed services agreement, data processing addendum, or statement of work (“Client Agreement”) addresses the handling of Client Data, that agreement governs to the extent of any conflict with this Policy.

2. Our Two Roles

(a) We are the controller of Website and Business Contact information. When you visit our website, complete a contact form, or communicate with us about our services, we decide why and how your personal information is used. For that information, we are the organization accountable under PIPEDA and BC PIPA.

(b) We are a service provider (processor) for Client Data. When we build or operate automations for a client, we process personal information on that client’s behalf and under that client’s instructions. In that role, our client is the organization that is accountable to the individuals the data is about (for example, the client’s own customers, leads, or staff). We do not use Client Data for our own purposes except as permitted by the Client Agreement or as required by law. If you are an individual whose information is processed through one of our client’s automations, please direct privacy requests to that client (the organization you dealt with); we will support our client in responding.

3. Information We Collect

3.1 Website and Business Contacts (we are the controller).

Contact form and email informationyou choose to provide — such as your name, business name, email address, and the contents of your message.
Basic analytics and technical datacollected automatically when you visit our website — such as IP address, device and browser type, pages viewed, referring page, and approximate location derived from IP address. This may be collected using cookies or similar technologies and through third-party analytics tools.
Business communications— records of our correspondence, proposals, and engagement discussions.

We do not intentionally collect sensitive personal information through our website, and we ask that you not send sensitive information through our contact form.

3.2 Client Data (we are a service provider/processor). When we deliver services, a client may provide us with, or grant us access to, business data that can include personal information about the client’s own customers, leads, contacts, or staff — for example, names, contact details, service addresses, scheduling and booking details, quotes, and message content. The categories of personal information depend entirely on the client’s systems and the automation being built, and are defined and controlled by the client.

4. How We Use Personal Information

4.1 Website and Business Contacts. We use this information to:

respond to your inquiries and provide information you request;
discuss, scope, propose, and deliver our services;
operate, maintain, secure, and improve our website;
understand website usage through analytics; and
comply with legal obligations and protect our legal rights.

4.2 Client Data.We use Client Data only to provide, operate, maintain, support, and improve the services for that client, in accordance with the client’s instructions and the Client Agreement, and as required by law. We do not sell Client Data and do not use it to build or train our own general-purpose products except where expressly permitted by the Client Agreement.

5. Consent (PIPEDA / BC PIPA)

We collect, use, and disclose personal information with consent, except where collection, use, or disclosure without consent is permitted or required by law. For Website and Business Contacts, your consent may be express (for example, when you submit a contact form) or implied (for example, where the purpose is obvious and you voluntarily provide information). You may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice, by contacting us at hello@inphira.ca; withdrawing consent may limit our ability to provide services or respond to you.

For Client Data, the client is responsible for obtaining and managing any consents required from the individuals whose information is included in the data the client provides to us.

6. Disclosure and Service Providers (Subprocessors)

We do not sell personal information. We disclose personal information only as described in this Policy, including to the following categories of third-party service providers (“subprocessors”) that help us operate our business and deliver our services:

AI and machine-learning providers (for example, Anthropic and OpenAI) used to generate, classify, or process text and other content within automations;
Automation and workflow platforms (for example, n8n) used to build and run automations;
CRM, email, messaging, scheduling, and spreadsheet tools that a client uses or asks us to connect to;
Cloud hosting, storage, and infrastructure providers that host our website, tools, and the automations we operate; and
Analytics providers used to understand website usage.

We engage subprocessors that are bound by contractual or other obligations to protect personal information and to process it only for the purposes for which it is disclosed. A current list or further detail about subprocessors used for a specific engagement is available to clients on request.

We may also disclose personal information: (a) to comply with applicable law, legal process, or a lawful request by a public authority; (b) to enforce our agreements or protect our rights, property, or safety, or those of others; and (c) in connection with a sale, merger, financing, or reorganization of our business, subject to appropriate confidentiality protections.

7. Cross-Border Data Transfers

Some of our subprocessors — including AI providers and cloud infrastructure — store or process data on servers located outside of Canada, including in the United States and potentially other countries. As a result, personal information (including Client Data) may be processed outside of Canada and may be subject to the laws of those jurisdictions, including lawful access by courts, law enforcement, and national security authorities in those countries.

When personal information is transferred to a service provider for processing — whether inside or outside of Canada — we use contractual and other means to require a comparable level of protection while the information is being processed on our behalf. By using our website or engaging our services, you acknowledge that personal information may be processed outside of Canada as described in this Policy. Clients are responsible for determining whether such cross-border processing is appropriate for their own compliance obligations and for informing their own customers as required.

8. Retention

We retain personal information only as long as reasonably necessary to fulfil the purposes for which it was collected, to provide our services, and to meet legal, accounting, or reporting requirements. For Client Data, retention and deletion are governed by the Client Agreement and the client’s instructions; on termination of an engagement, we will return or delete Client Data in accordance with that agreement, subject to any retention required by law or for legitimate backup cycles. When personal information is no longer required, we take reasonable steps to securely destroy, erase, or anonymize it.

9. Safeguards and Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss or theft, and against unauthorized access, disclosure, copying, use, or modification, appropriate to the sensitivity of the information. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

10. Your Privacy Rights

Subject to applicable law and limited exceptions, you have the right to:

Access the personal information we hold about you and receive information about how it has been used and to whom it has been disclosed;
Correct personal information that is inaccurate or incomplete;
Withdraw consent to our continued collection, use, or disclosure of your personal information, subject to legal or contractual restrictions and reasonable notice; and
Make a complaint about our handling of your personal information.

To exercise these rights for information for which we are the controller, contact us at hello@inphira.ca. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law (generally within 30 days under PIPEDA and BC PIPA, with extensions where permitted). If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.

For information that we process as a service provider on a client’s behalf (Client Data), please direct your request to the client (the organization you dealt with). We will assist that client in responding to your request as required by the Client Agreement and applicable law.

11. Cookies and Analytics

Our website may use cookies and similar technologies to operate the site and to understand usage through analytics. Most browsers allow you to refuse or delete cookies; doing so may affect how the website functions. Where required by law, we will seek consent for non-essential cookies.

12. Children’s Information

Our website and services are directed to businesses and are not intended for children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

13. Breach Notification

If we experience a security breach involving personal information for which we are the controller, and the breach creates a real risk of significant harm to affected individuals, we will report and notify as required by PIPEDA and any other applicable law, and will keep records of breaches as required. Where a breach affects Client Data, we will notify the affected client without undue delay in accordance with the Client Agreement so that the client can meet its own notification obligations.

14. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top indicates when it was last revised. Material changes will be posted on this page and, where appropriate, communicated to you. Your continued use of our website or services after a change takes effect constitutes acceptance of the updated Policy.

15. Contact Us

For questions, requests, or complaints about this Policy or our handling of personal information, contact Mohamed Khan, carrying on business as Inphira Automations, Surrey, BC, Canada, by email at hello@inphira.ca.