Privacy Policy

Effective Date: April 2026

Last Updated: April 2026

Augure is a product of The Altercation Company (“we,” “us,” “our”), a company registered in Ontario, Canada. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI platform and related services (“Services”). We built Augure on a simple principle: your data belongs in Canada. Your account, your stored content, and your records reside on Canadian infrastructure. A small number of specialized operations (such as web search and AI inference) are processed by service providers outside Canada, but those requests are routed through Augure's own servers and contain only the query content itself — no IP addresses, account identifiers, or personal data are attached, and no provider can link a query to a specific user.

Our Commitment to Canadian Data Sovereignty

Your data is stored in Canada. All account information, user content, and conversation history are stored exclusively on Canadian infrastructure.

AI inference — the engine behind every chat, search, and document analysis — runs on Canadian infrastructure by default and is never routed to providers in the United States. When demand temporarily exceeds our Canadian capacity, AI inference requests may be routed to vetted partners in the European Union as a fallback.

A limited set of supporting operations — web search, payment authorization, and email delivery — are routed through specialized service providers outside Canada, but only as anonymized requests originating from Augure's own servers. No personal identifiers, IP addresses, or account information accompany those requests, and no provider can link them back to an individual user.

See “Information Sharing and Disclosure” below for our complete sub-processor list.

This approach is designed to help you meet Canadian privacy requirements including:

  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • Quebec Law 25 (Act to modernize legislative provisions as regards the protection of personal information)
  • CPCSC (Canadian Program for Cyber Security Certification) requirements for defense contractors

Information We Collect

Information You Provide

Account Information: When you create an account, we collect your name, email address, and payment information. For enterprise accounts, we may also collect your organization name, business address, and billing contact details.

User Content: We collect the content you submit to our Services, including prompts, documents you upload for analysis, and any other materials you provide for AI processing. This content is processed solely to deliver the Services you request.

Communications: When you contact us for support or provide feedback, we collect the content of those communications.

Information Collected Automatically

Usage Data: We collect information about how you interact with our Services, including features used, timestamps, and session duration. This helps us improve the Services and ensure system reliability.

Technical Information: We collect device type, browser type, IP address, and general location (city/region level) derived from your IP address. We do not use precise geolocation tracking.

Cookies and Similar Technologies: We use essential cookies required for the Services to function. We do not use third-party advertising or tracking cookies. See “Your Choices” below for cookie preferences.

How We Use Your Information

PurposeLegal Basis (PIPEDA)
Providing and maintaining the ServicesPerformance of contract; Consent
Processing payments and managing subscriptionsPerformance of contract
Responding to support requestsLegitimate business interest
Improving and developing the ServicesLegitimate business interest
Ensuring security and preventing fraudLegal obligation; Legitimate interest
Complying with legal obligationsLegal obligation
Sending service-related communicationsPerformance of contract

We do not:

  • Sell your personal information
  • Use your content to train AI models without explicit consent
  • Share your data with third-party advertisers
  • Share your IP address, account identity, or personal identifiers with service providers located outside of Canada

How We Protect Your Information

Technical Safeguards

  • Encryption in Transit: All data transmitted to and from our Services uses TLS 1.3 encryption
  • Encryption at Rest: User content and personal information are encrypted using AES-256 encryption
  • Access Controls: Role-based access controls limit employee access to personal information on a need-to-know basis
  • Infrastructure Security: Our Canadian data centers maintain SOC 2 Type II compliance and implement physical security controls

Organizational Safeguards

  • Regular security assessments and penetration testing
  • Employee privacy and security training
  • Incident response procedures
  • Vendor due diligence for any service providers

Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account termination:

  • Account information: Deleted within 30 days, except as required for legal compliance
  • User content: Deleted within 30 days of your request or account termination
  • Usage logs: Retained in anonymized form for up to 12 months for service improvement
  • Billing records: Retained for 7 years as required by Canadian tax law

Information Sharing and Disclosure

Service Providers

We engage a limited number of service providers to help deliver our Services. All service providers are contractually bound to:

  • Process data only on our instructions
  • Maintain confidentiality
  • Implement appropriate security measures
  • Where possible, process data within Canada
ProviderPurposeData Location
Canadian providerInfrastructure hostingCanada
StripePayment processingCanada (with limited US processing for card networks)
Public search engines (via self-hosted SearXNG)Web search results for chat and research featuresQueries are proxied through our self-hosted SearXNG instance on OVHcloud (Quebec, Canada) to public search engines (e.g., Google, Bing, DuckDuckGo). Those engines receive only the anonymized query content — no user identifiers, IP addresses, or account information. No query logs are retained.
Mistral AILarge language model inference (EU fallback when Canadian capacity is exceeded; primary AI inference runs on Canadian infrastructure)European Union — receives anonymized prompt content only; no user identifiers, IP addresses, or account information shared

Legal Requirements

We may disclose personal information if required by law, including in response to:

  • Valid Canadian court orders or subpoenas
  • Requests from Canadian law enforcement agencies
  • Regulatory requirements from Canadian authorities
Because your account and stored content reside in Canada, your stored data is not subject to US law enforcement requests such as those under the US PATRIOT Act or CLOUD Act. Foreign government requests for stored data must proceed through Canadian legal channels (e.g., Mutual Legal Assistance Treaties), which require Canadian court approval. Where we route specific operations through sub-processors outside Canada (such as proxying anonymized web-search queries from our Canadian SearXNG instance to public search engines), the only data those providers receive is the anonymized query content itself — no user identifiers, IP addresses, or account information that would let a foreign authority link a query to an individual user.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice and, where required, obtain consent before any such transfer.

Your Privacy Rights

Rights Under PIPEDA

You have the right to:

  • Access your personal information held by us
  • Correct inaccurate or incomplete personal information
  • Withdraw consent for processing (subject to legal or contractual restrictions)
  • Know how your information has been used and disclosed
  • Complain to us or the Office of the Privacy Commissioner of Canada

Additional Rights Under Quebec Law 25

If you are a Quebec resident, you also have the right to:

  • Data portability: Receive your personal information in a structured, commonly used format
  • De-indexation: Request that we stop disseminating your personal information or de-index any hyperlink attached to your name
  • Know about automated decision-making: Be informed when decisions affecting you are made solely by automated processing

How to Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer:

Privacy Officer — The Altercation Company — Email: hello@augureai.ca

We will respond to all requests within 30 days. We may request verification of your identity before processing requests.

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

International Users

Augure is designed for Canadian organizations and individuals. If you access our Services from outside Canada, please be aware that your information will be transferred to, stored, and processed in Canada.

Canada has been recognized by the European Commission as providing adequate protection for personal data. If you are located in the European Economic Area, your data transfer to Canada is lawful under GDPR adequacy provisions.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notification for significant changes
  • Requiring acknowledgment for changes affecting your rights

Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

Contact Us

General Inquiries: hello@augureai.ca

Privacy-Specific: hello@augureai.ca

If you are not satisfied with our response to a privacy concern, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
1-800-282-1376
www.priv.gc.ca

For Quebec residents, you may also contact the Commission d'accès à l'information du Québec:

Commission d'accès à l'information du Québec
525, boul. René-Lévesque Est, bureau 2.36
Québec G1R 5S9
418 528-7741
www.cai.gouv.qc.ca

Summary

What We DoWhat We Don't Do
Store all account data and content in CanadaShare user IPs or identities with sub-processors
Anonymize queries before routing to external service providersSell your personal information
Encrypt data in transit and at restUse content to train AI without consent
Delete data upon requestShare data with advertisers
Comply with PIPEDA and Law 25Process foreign government requests for stored data without Canadian court approval

This Privacy Policy is provided in English and French. In the event of any discrepancy, the English version shall prevail.