Privacy Policy

We collect information in two ways: information you provide directly, and information collected automatically when you use our website.

Information you provide directly includes: your name and email address when you submit a contact form or newsletter signup; your company name, company size, and description of your workflows when you request a service inquiry; scheduling information when you book a call through our scheduling tool; and any information you share in email correspondence with us.

Information collected automatically includes: standard web server logs (IP address, browser type, referring pages, pages visited, and timestamps); anonymized analytics data collected through privacy-respecting analytics tools that do not track individuals across sites; and cookies necessary for basic website functionality. We do not use advertising pixels, cross-site tracking cookies, or any third-party behavioral tracking tools.

We do not collect sensitive personal information such as government identification numbers, financial account details, or health information through our website.

We use the information we collect for the following purposes:

To respond to your inquiries and service requests. When you contact us, we use your information to understand your needs and respond appropriately. This is the primary purpose for which contact information is collected.

To provide and improve our services. If you engage Roshtay for a project, we use your business information to scope, deliver, and refine our services to meet your needs.

To send communications you have requested. We will send project updates, deliverable notifications, and follow-ups related to active engagements. We may also send occasional updates about Roshtay's services or insights if you have opted in. You can unsubscribe at any time.

To comply with legal obligations. We retain certain records as required by applicable law, including tax and accounting regulations.

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for marketing purposes. We do not use your information to build advertising profiles or share it with data brokers.

Contact and inquiry data is stored in our business tools (currently, email and a CRM), hosted on infrastructure with industry-standard security controls including encryption at rest and in transit, access controls, and regular security reviews.

All data is stored on servers located in Canada or the United States. We choose service providers that maintain appropriate data processing agreements and security standards.

We implement the following technical and organizational measures to protect your information: Transport Layer Security (TLS) encryption for all data transmitted to and from our website; restricted access controls so that only personnel who need access to information for legitimate business purposes can access it; regular review of our data processing practices and third-party service agreements.

No method of transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and applicable regulators as required by law.

Our website and operations use third-party services that may have access to some of your information as a necessary part of providing their service to us. We only share the minimum information necessary with each provider.

Scheduling. We use Calendly for appointment scheduling. When you book a call, you interact directly with Calendly's platform and are subject to Calendly's Privacy Policy. We receive your name, email, and booking details.

Email. We use standard email services for business correspondence. Email communications may be stored in those services' infrastructure.

Analytics. Our website uses privacy-respecting web analytics that do not identify individual users or share data with advertising networks.

All third-party service providers we use are contractually required to handle personal information only as necessary to provide services to us, to maintain appropriate security, and not to use personal information for their own purposes. We do not use any third-party services that are known to engage in surveillance advertising or data broker practices.

Roshtay builds AI automation systems for clients. This section describes how data is handled in the context of those systems.

Client operational data processed as part of a project engagement is governed by the data processing terms in your signed project agreement, not this Privacy Policy. By default, client systems are designed to run on the client's own infrastructure, so client data does not pass through Roshtay's systems.

In some engagements, Roshtay may use third-party AI APIs (such as OpenAI or Anthropic) to build automation systems. When third-party AI APIs are used in your engagement, this will be disclosed in your project agreement, along with the data processing terms of those providers. Clients have the option to request on-premises or self-hosted AI models if data residency requirements preclude the use of cloud AI APIs.

Roshtay does not use client data to train general-purpose AI models or share client data with other clients. Any AI models fine-tuned on client-specific data are owned by the client per the intellectual property terms of your project agreement.

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA): the right to know what personal information we hold about you; the right to access that information; the right to challenge the accuracy of the information and request corrections; and the right to challenge Roshtay's compliance with PIPEDA.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have: the right to know what personal information is collected about them; the right to delete personal information; the right to opt out of the sale of personal information (we do not sell personal information); the right to non-discrimination for exercising CCPA rights.

Under the General Data Protection Regulation (GDPR), individuals in the European Economic Area have: the right of access; the right to rectification; the right to erasure ("right to be forgotten"); the right to restriction of processing; the right to data portability; and the right to object to processing.

To exercise any of these rights, contact us at hello@roshtay.com with the subject line "Privacy Request." We will respond within 30 calendar days. We may need to verify your identity before processing your request.

Cookies are small text files stored on your device by your browser. Our website uses the following types of cookies:

Strictly necessary cookies: Required for the website to function. These include session cookies that maintain basic website functionality. These cannot be disabled.

Analytics cookies: We use privacy-respecting, cookieless analytics where possible. Where cookies are used for analytics, they collect anonymized data about how visitors use our site (pages visited, time spent, referral sources). This data is not tied to individual identities and is not shared with advertising networks.

We do not use marketing cookies, advertising cookies, social media tracking cookies, or any cookies that track you across other websites.

You can control cookie preferences through your browser settings. Note that disabling cookies may affect some website functionality. Most modern browsers allow you to refuse cookies, delete existing cookies, or be notified when websites set cookies.

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or our services. When we make material changes, we will update the "Last updated" date at the top of this page.

For significant changes that affect how we use personal information already collected, we will make reasonable efforts to notify affected individuals directly (for example, by email if we have a contact address for you).

We encourage you to review this Privacy Policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the revised policy.

Roshtay is the data controller for personal information collected through this website. We are based in British Columbia, Canada and are subject to PIPEDA and applicable provincial privacy legislation.

For privacy-related questions, requests to exercise your rights, or concerns about our data practices, contact our privacy officer at:

Email: hello@roshtay.com Subject line: "Privacy Request"

We will acknowledge your request within 5 business days and respond fully within 30 calendar days. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or, for California residents, the California Privacy Protection Agency.