Privacy Policy

Valra ("Valra," "we," "us," or "our") is committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable Canadian privacy laws, and internationally recognized privacy principles. Valra is a corporation incorporated under the laws of Nova Scotia, Canada.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you may have regarding your personal information when using Valra's AI executive assistant services.

By accessing or using Valra, you acknowledge that you have read and understood this Privacy Policy.

1. Accountability

Valra is responsible for personal information under our control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws.

You may contact our Privacy Officer using the information provided in Section 15.

2. Identifying Purposes

We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances.

We collect and use personal information to:

• Create and manage your Valra account;
• Provide AI executive assistant services, including email categorization, summarization, drafting responses, scheduling assistance, reminders, and productivity insights;
• Integrate with third-party services you authorize, such as email, calendar, and messaging platforms;
• Communicate with you regarding your account, updates, support requests, and service-related notifications;
• Improve, personalize, maintain, and secure the service;
• Monitor system performance, reliability, and abuse prevention;
• Comply with legal, regulatory, and contractual obligations; and
• Develop and improve features within your individual account environment.

We will not use your personal information for materially different purposes without providing notice and obtaining consent where required by law.

3. Consent and Legal Basis for Processing

Your knowledge and consent are required for the collection, use, and disclosure of your personal information, except where otherwise permitted or required by law.

Depending on your jurisdiction, our legal basis for processing personal information may include:

• Your consent;
• The necessity of processing to provide the services you request;
• Compliance with legal obligations; and
• Legitimate business interests in operating, securing, and improving Valra.

We obtain express consent when you:

• Create an account;
• Connect third-party integrations;
• Enable messaging features;
• Submit information through the platform; or
• Authorize access to sensitive data.

Implied consent may be relied upon where collection or use is reasonably necessary to provide requested services.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. You can do so by updating your account settings, disconnecting integrations, or contacting us directly. Withdrawing consent may limit or prevent us from providing certain services.

4. Information We Collect

We limit the collection of personal information to what is reasonably necessary for the identified purposes.

The categories of personal information we may collect include:

• Account Information: Name, Email address, Login credentials, Authentication information
• Connected Services Data: Information accessed through integrations you explicitly authorize, including: Emails and email metadata, Calendar events, Contacts, Tasks and reminders, Messaging data
• Communication Data: Messages exchanged through Valra or connected communication channels such as WhatsApp, Timestamps, Delivery and interaction metadata
• Technical and Usage Information: Device information, Browser type, IP address, Log data, Diagnostic information, Usage analytics

We collect information: Directly from you; From services you choose to connect to Valra; and Automatically through your use of the platform.

5. AI Processing and Automation

Valra uses artificial intelligence and automation technologies to assist with productivity and organizational tasks, including:

• Email prioritization;
• Message summarization;
• Draft generation;
• Scheduling recommendations;
• Task organization; and
• Workflow assistance.

Unless explicitly authorized by you, Valra does not make legally significant decisions on your behalf without human involvement.

We do not use your personal information to train publicly available or foundational AI models. Any personalization or contextual learning is limited to your individual account experience.

6. Human Access to Information

Valra personnel do not routinely access the content of your emails, calendar events, messages, or connected data.

Limited access may occur only where reasonably necessary for:

• Customer support;
• Security investigations;
• Technical troubleshooting;
• Legal compliance; or
• Situations where you explicitly authorize assistance.

All authorized personnel are subject to confidentiality and security obligations.

7. Limiting Use, Disclosure, and Retention

We use and disclose personal information only for the purposes identified in this Privacy Policy, unless otherwise permitted or required by law.

We do not sell personal information.

We retain personal information only for as long as reasonably necessary to: Provide services; Meet legal, accounting, compliance, or operational requirements; Resolve disputes; and Enforce agreements.

Active account information is retained while your account remains active. Backup copies, logs, and residual system records may persist temporarily as part of routine security, disaster recovery, and operational continuity processes.

When personal information is no longer required, we securely delete, anonymize, or destroy it.

If you revoke access to a connected service or close your account, we will delete or anonymize associated personal information in accordance with our retention practices.

8. Third-Party Service Providers

We may share personal information with trusted third-party service providers that help us operate Valra, including:

• Cloud hosting and infrastructure providers;
• AI infrastructure, model, and processing providers;
• Communication platform providers;
• Analytics and monitoring providers; and
• Customer support and operational tools.

These providers are contractually required to: Protect personal information; Use it only for authorized purposes; and Maintain appropriate safeguards.

Your use of third-party integrations is also subject to the privacy policies and terms of those third parties. Valra is not responsible for the privacy or security practices of external services you choose to connect.

9. Cross-Border Data Transfers

Some of our service providers may process or store personal information outside Canada, including in the United States and other jurisdictions.

As a result, your information may become subject to foreign laws and lawful access requests from courts, regulators, law enforcement agencies, or national security authorities in those jurisdictions.

Valra uses contractual, organizational, and technical safeguards designed to provide a level of protection comparable to that required under applicable Canadian privacy laws.

We remain responsible for personal information transferred to third-party service providers acting on our behalf.

10. Security Safeguards

We protect personal information using safeguards appropriate to its sensitivity, including:

• Encryption in transit using TLS;
• Encryption at rest;
• Access controls and authentication requirements;
• Principle-of-least-privilege access management;
• Logging and monitoring systems;
• Security testing and reviews;
• Confidentiality obligations for personnel and providers; and
• Incident response and breach management procedures.

While we strive to use commercially reasonable safeguards, no method of electronic transmission or storage is completely secure.

11. Data Processing Role

In many cases, Valra acts as a service provider or processor on behalf of users who connect third-party communication and productivity services.

Users remain responsible for ensuring they have the necessary rights, permissions, and legal authority to process information through Valra.

12. Children's Privacy

Valra is not intended for individuals under the age of 16, or the minimum age required to consent to digital services in their jurisdiction.

We do not knowingly collect personal information from children.

If we become aware that personal information has been collected from a child without appropriate authorization, we will take reasonable steps to delete it.

13. Your Rights

Subject to applicable laws, you may have the right to:

• Access personal information we hold about you;
• Request corrections to inaccurate or incomplete information;
• Request deletion of personal information;
• Withdraw consent for certain processing activities;
• Request information regarding how your information has been used or disclosed; and
• File a complaint regarding our privacy practices.

We may require verification of identity before responding to requests.

We will respond within the timeframe required by applicable law.

14. Business Transfers

In the event of a merger, acquisition, financing, restructuring, sale of assets, or other corporate transaction, personal information may be transferred as part of that transaction, subject to applicable confidentiality protections and legal requirements.

15. Contact Information and Complaints

If you have questions, concerns, or complaints regarding this Privacy Policy or our handling of personal information, please contact:

• Privacy Officer – Valra
• Email: privacy@valraai.com
• Nova Scotia, Canada

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

• Office of the Privacy Commissioner of Canada
• 30 Victoria Street
• Gatineau, Quebec K1A 1H3
• Toll-free: 1-800-282-1376
• Website: Office of the Privacy Commissioner of Canada

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal obligations, or business practices.

The "Last updated" date at the top of this Privacy Policy indicates when the latest revisions were made.

Where required by law, we will provide notice of material changes before they become effective.