Privacy

How we handle your data.

KindLoops is Canadian-built and Canadian-hosted by default. This page is the plain-English summary; the formal Data Handling Policy v1.0 is available on request via hello@kindloops.io.

Last updated: 2026-05-22

Who we are

KindLoops AI ("KindLoops", "we", "us") is a British Columbia sole proprietorship operated by Mo. Contact: hello@kindloops.io. Site: kindloops.io.

What this policy covers

This policy covers personal information collected through:

  • Visits to kindloops.io (analytics, cookies, server logs).
  • The readiness check (DRA) at /readiness.
  • The strategy session booking at /strategy-session.
  • Conversations with our voice agent ("Layla") embedded on this site.
  • Email correspondence at hello@kindloops.io.
  • Engagements with our paid services (separately governed by an MSA).

Layla — the voice agent on this site

When you click the "Talk to Layla" button, you'll see a consent modal disclosing the following before any microphone activation:

  • You're talking to AI, not a human.
  • The conversation is recorded and transcribed.
  • The audio is processed by ElevenLabs (voice) and an AI language model (conversation). Both run under no-training contracts.
  • Recordings are retained for 90 days.
  • Transcripts are retained for 12 months if the conversation results in a booked discovery call (as a record of the engagement); otherwise 90 days.
  • You can end the call at any time.

The consent is positive-action and not pre-ticked. It expires after 30 days; we re-prompt on the next visit.

What we collect

  • Site analytics: page views, country (not IP-level), referrer. We use a privacy-friendly analytics provider — no Google Analytics, no Meta pixel, no LinkedIn Insight tag.
  • Readiness check responses: the answers you give to the DRA, plus the email you provide to receive your diagnosis.
  • Strategy session bookings: name, email, time slot, and any notes you add. Stored in our scheduling tool and in our internal CRM.
  • Layla conversations: audio recording, text transcript, timestamps, and any structured data you provide (name, email, booked slot) — only after the consent modal.

What we do with it

  • Send you the readiness diagnosis you asked for.
  • Schedule and prepare for the strategy session you booked.
  • Tune the agent (Layla) based on how real conversations actually flow.
  • Improve the website based on aggregate analytics.

We do not sell your data. We do not share it for marketing purposes. We do not train AI models on it — our sub-processors run under no-training contracts.

Where your data lives

KindLoops is Canadian-hosted by default. Some sub-processors are US-hosted; the full list is at /subprocessors. We disclose every cross-border data transfer; if your engagement requires Canada-only hosting, tell us before signing and we'll either scope around it or route you to a partner who can meet that posture honestly.

Retention windows

Data typeDefault retention
Site analytics (aggregate)13 months
Readiness diagnosis responses12 months
Strategy session booking metadata24 months
Layla audio recordings90 days
Layla transcripts (no booking)90 days
Layla transcripts (with booking)12 months
Email correspondence7 years (Canadian tax-record requirement for business records)
Engagement / audit log7 years

Your rights

Under PIPEDA, BC PIPA, and where applicable GDPR, you have the right to:

  • Know what we have on you. Email us; we'll send a copy within 30 days.
  • Correct anything that's wrong.
  • Request deletion. We honor erasure requests within 30 days, except where retention is legally required (e.g., tax records).
  • Withdraw consent at any time. Reply STOP to any email; unsubscribe within 24 hours.
  • Complain to the regulator (Office of the Privacy Commissioner of Canada, or your provincial equivalent) if you're not satisfied with our response.

CASL — anti-spam

We send marketing emails only with positive-action consent. Unsubscribe links are on every marketing email and processed within 24 hours. We do not pre-tick consent boxes.

Cookies

Functional cookies (consent state for Layla, session preferences) are set without consent because they're necessary to provide the service. Analytics cookies (if any) are subject to consent and documented at /subprocessors.

Breach procedure

If we suffer a privacy breach that creates a real risk of significant harm, we notify affected individuals and the Office of the Privacy Commissioner of Canada within the timeline required under PIPEDA's Breach of Security Safeguards Regulations.

Changes to this policy

We update this page when our practices change. Material changes are flagged at the top with a "last updated" date and emailed to active engagement clients.

Contact

hello@kindloops.io — Mo, founder. British Columbia, Canada.