Skip to content
Contact Us

Privacy Policy

Last Updated: January 30, 2026

Introduction

DaoAI Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website daoai.com, use our products (including the "No‑Code Vision AI" platform and "DaoAI World SkyVision"), or otherwise engage with our services.

DaoAI Inc. is a company incorporated in [jurisdiction of incorporation] with its registered address at 555 W Hastings St #1200, Vancouver, BC, V6B 4N6, Canada. For individuals in the European Union (EU) and European Economic Area (EEA), DaoAI Inc. is the data controller for the processing activities described in this Privacy Policy.

We comply with major global privacy regulations, including:

Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec Law 25.

United States: California Consumer Privacy Act (CCPA), as amended by the CPRA, and other applicable state laws.

European Union: General Data Protection Regulation (GDPR).

This Policy applies to:

Visitors to our websites and online properties.

Users of our products and services.

Individuals or company representatives who interact with us for trials, events, support, marketing, or other business purposes.

Information We Collect

A. Information You Provide Directly

We collect information you choose to provide to us, for example when you:

Request a demo or contact sales.

Subscribe to our newsletters, white papers, or other content.

Register for an account or customer portal.

Participate in surveys, webinars, events, or other programs.

Types of data may include:

Contact Information: name, email address, phone number, company name, job title.

Account Credentials: username and passwords (used to provide and secure your account).

Business Relationship Information: billing information, contract and order information, and support communications.

Inquiry & Demo Data: information you provide about your use cases, systems, environment, and preferences in forms or during meetings.

B. Information Collected Automatically

When you visit our website or use our services, we may automatically collect certain information via cookies and similar tracking technologies (including tools provided by HubSpot, Google Analytics, and other providers). This may include:

Device Data: IP address, browser type, operating system, device identifiers.

Usage Data: pages viewed, features used, time spent on site, clickstream data, referring URLs.

Location Data: approximate location derived from your IP address.

C. DaoAI World SkyVision and Other Edge Products

DaoAI World SkyVision uses an edge‑computing architecture designed to keep your video data local by default.

Video Feeds: video streams from your cameras are processed locally on your on‑premise server or edge device. We do not continuously stream your raw video surveillance footage to our cloud infrastructure.

Metadata and Snapshots: depending on your configuration, only anonymized metadata, system logs, or specific alert snapshots may be transmitted to our cloud for system health monitoring, analytics, or model improvement, and only where permitted by applicable law and with your explicit permission.

Roles and Responsibilities: in typical deployments, your organization is the controller of the video surveillance system and associated personal data. DaoAI acts as a processor/service provider, processing data on your behalf under a written data processing agreement.

Data Sovereignty: you retain full ownership and control of your visual data. Processing locations and storage regions are defined in your subscription agreement and/or data processing agreement.

D. Sources of Personal Information

We may collect personal information from:

You directly, when you submit forms, create an account, or communicate with us.

Your organization, if you use DaoAI as part of your employment or engagement with a customer or partner.

Our service providers (for example, CRM, analytics, and marketing tools) that help us maintain, enrich, or verify our records, as permitted by law.

Publicly available sources (for example, professional networking sites and public registries) where permitted by law.

E. Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to:

Operate and secure our website.

Remember your preferences.

Analyze usage patterns and improve our products and services.

Where applicable, improve and measure our marketing efforts.

Some cookies are strictly necessary for the functioning of the website. Other cookies (such as analytics or advertising cookies) are non‑essential and are used only with your consent where required by applicable law (including the GDPR and Quebec Law 25).

You can manage your cookie preferences through our cookie banner (where available) or via your browser settings. For more details, please refer to our Cookie Policy.

How We Use Your Information

We use your information for the following purposes and legal bases (including GDPR Article 6):

Service Delivery and Account Management

To provide, operate, and maintain our products and services, including demos, proofs of concept, implementations, and account management.

Legal basis: contractual necessity (to perform a contract with you or your organization) and, where applicable, our legitimate interests in delivering and improving our services.

Customer Support and Communications

To respond to your inquiries, process requests, troubleshoot issues, and provide technical and customer support.

Legal basis: contractual necessity and our legitimate interests in assisting users and customers.

Marketing and Communications

To send newsletters, product updates, event invitations, and promotional content that may be relevant to you. You can opt out at any time by using the unsubscribe link or contacting us.

Legal basis: your consent where required (for example, certain electronic marketing) or our legitimate interests in promoting and developing our business, in each case balanced against your privacy rights.

Analytics and Service Improvement

To analyze usage, measure performance, and develop new features, products, and services.

Legal basis: our legitimate interests in understanding how our offerings are used and in improving them.

Security and Fraud Prevention

To monitor and protect the security and integrity of our websites, services, users, and systems (for example, detecting and preventing fraud, abuse, or malicious activity).

Legal basis: our legitimate interests in maintaining a secure environment and, where applicable, compliance with legal obligations.

Compliance and Legal Obligations

To comply with applicable laws, regulations, legal processes, and lawful requests from public authorities, or to establish, exercise, or defend legal claims.

Legal basis: compliance with legal obligations and our legitimate interests in protecting our rights.

Where we rely on consent, you may withdraw your consent at any time by following the instructions provided when you gave consent or by contacting us. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

We do not use automated decision‑making, including profiling, that produces legal or similarly significant effects concerning you.

Sharing of Information

We do not sell your personal information and we do not share your personal information for cross‑context behavioral advertising, as those terms are defined under the CCPA/CPRA. If this changes in the future, we will update this Privacy Policy and provide you with appropriate notice and choices.

We may share your information with trusted third parties in the following categories, strictly for the purposes described in this Policy:

Service Providers and Processors

CRM and Marketing Platforms: such as HubSpot, to manage client relationships, communications, and marketing operations.

Analytics Providers: such as Google Analytics, to understand website usage and improve our products and content.

Cloud Infrastructure Providers: such as AWS, Google Cloud, or Microsoft Azure, to host our public websites, APIs, and related cloud services (not your local on‑premise video storage).

Support and Professional Services Providers: including consultants, auditors, and other vendors who help us deliver and improve our services.

These service providers are contractually obligated to protect your information, use it only for the services we request, and act on our documented instructions.

We may also disclose information:

To comply with applicable law, legal process, or lawful governmental requests.

To enforce our agreements, protect our rights, privacy, safety, or property, and/or those of our users or the public.

In connection with a corporate transaction, such as a merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections.

International Data Transfers

DaoAI is headquartered in Canada, and we may process your information in Canada, the United States, and other countries where we or our service providers operate.

Canada–EU/EEA: The European Commission has recognized Canada as providing an adequate level of protection for certain types of personal data, which supports transfers between the EU/EEA and Canada.

Other Transfers: Where personal information is transferred from the EU/EEA or UK to countries that do not provide an adequate level of protection, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses or equivalent mechanisms, and additional measures as needed.

Quebec and Other Regions: When personal information originating in Quebec or other jurisdictions with specific transfer requirements is transferred outside those jurisdictions, we conduct assessments and implement safeguards as required by applicable law.

You may contact us for more information about the specific transfer mechanisms and safeguards that apply to your data.

Your Rights

Your rights may vary depending on where you live, but we will honor all rights granted by applicable data protection laws.

A. Canada (PIPEDA and Quebec Law 25)

You may have the right to:

Access: request access to the personal information we hold about you.

Correction: request correction or updating of inaccurate or incomplete information.

Withdraw Consent: withdraw consent to certain processing (such as marketing) at any time.

Portability and De‑indexation (Quebec Law 25): exercise additional rights to data portability and, in certain circumstances, de‑indexation or cessation of dissemination of personal information, as provided by law.

B. United States (CCPA/CPRA – California Residents)

If you are a California resident, you may have the right to:

Right to Know: request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share information.

Right to Delete: request deletion of personal information we hold about you, subject to certain exceptions.

Right to Correct: request correction of inaccurate personal information.

Right to Non‑Discrimination: not receive discriminatory treatment for exercising any CCPA rights.

As noted above, we do not sell or share personal information as defined by the CCPA/CPRA.

C. European Union / EEA (GDPR)

If you are located in the EU/EEA, you may have the right to:

Access: obtain confirmation as to whether we process your personal data and access to that data.

Rectification: request correction of inaccurate or incomplete personal data.

Erasure: request deletion of your personal data in certain circumstances.

Restriction: request restriction of processing of your personal data in certain circumstances.

Data Portability: receive certain personal data in a structured, commonly used, machine‑readable format and transmit it to another controller where technically feasible.

Objection: object to processing based on our legitimate interests, and to direct marketing at any time.

You also have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data infringes applicable law.

D. How to Exercise Your Rights (All Regions)

To exercise any of your rights, or to ask a question about your privacy rights, please contact us at privacy@daoai.com or write to us at the address listed in the "Contact Us" section below.

Please include your name, contact details, your relationship with DaoAI (for example, customer, website visitor, partner), and a description of your request. We may need to verify your identity before processing your request. We will respond within the time periods required by applicable laws (for example, typically 30 days under GDPR and PIPEDA, and 45 days under the CCPA, subject to permitted extensions).

If you are not satisfied with our response, you may have the right to contact your local privacy or data protection authority, such as the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, or your EU/EEA data protection authority.

You can opt out of marketing emails at any time by using the "unsubscribe" link in our emails or by contacting us.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements.

For example (subject to applicable law and internal policies):

Account and Contract Data: typically retained for the duration of your relationship with us and for approximately 7 years after the end of the relationship, to comply with legal, tax, and contractual obligations.

Marketing Data: retained until you unsubscribe or object to marketing, or for approximately 3 years after your last interaction with us (such as opening an email or attending an event), after which it may be deleted or anonymized.

Logs and Analytics Data: generally retained for up to 2 years, after which it may be aggregated or anonymized.

When we no longer need specific personal information, we take steps to delete it or anonymize it in a secure manner.

Security

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, among others:

Encryption of data in transit (for example, SSL/TLS) and, where appropriate, at rest.

Access controls and role‑based access management.

Secure development and deployment practices.

Regular security monitoring, vulnerability assessments, and audits.

Employee training on privacy and security.

No security measures are perfect or impenetrable, and we cannot guarantee absolute security. However, we continuously work to enhance and improve our safeguards. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

Contact Us

DaoAI has appointed a Privacy Officer (also the "person in charge of the protection of personal information" under Quebec Law 25) who is responsible for overseeing our privacy program and compliance efforts.

If you have questions or concerns about this Privacy Policy, our privacy practices, or wish to exercise your data rights, please contact:

DaoAI Privacy Officer
Email: privacy@daoai.com
Address: 555 W Hastings St #1200, Vancouver, BC, V6B 4N6, Canada

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this Policy.

Where required by law, we will notify you of material changes (for example, by email or by posting a prominent notice on our website) and, where required, obtain your consent.