Legal
Privacy Policy
1. Who We Are
MPG Solutions ("MPG", "we", "us", "our") is a Canadian business providing AI-powered virtual receptionist and lead intake automation services to service businesses. Our registered office is in Edmonton, Alberta, Canada.
You can reach us at:
- Email: privacy@mpgsolutions.ca
- Postal: MPG Solutions, Edmonton, Alberta, Canada
- Privacy Officer: Zephan Amponsah (z.amponsah@mpgsolutions.ca)
2. Scope
This Privacy Policy describes how we collect, use, disclose, and protect personal information when:
- You visit mpgsolutions.ca ("the Website")
- You use our virtual receptionist and automation services ("the Services")
- You contact us through any channel (email, phone, SMS, web forms, social media)
3. Personal Information We Collect
From visitors to our Website
- Contact form submissions: name, email address, business name, phone number, message content
- Analytics data: IP address, browser type, pages visited, referring site, visit timestamps
- Cookies and similar technologies: see Section 9
From customers using our Services
- Account information: business name, owner name, billing contact, email, phone, business address, GST/HST number (where applicable)
- Billing information: processed through Stripe; we do not store full payment card numbers
- Service configuration: business hours, service types, pricing, FAQ data, routing rules
From end-callers and leads (on behalf of our customers)
When a consumer calls, texts, or otherwise contacts a business using our Services, we may process on behalf of that business:
- Call audio and transcripts — for transcription, triage, and record-keeping
- Caller identifiers — phone number, name provided, address provided, email if shared
- Service details — the problem described, scheduled appointment time, location for service
- Outcomes — whether a booking was made, call duration, follow-up required
We process this information as a data processor / service provider on behalf of our customer (the business). The business is the data controller / custodian and determines how the information is used.
4. How We Use Personal Information
- Deliver the Services to our customers — contract performance
- Triage calls, book appointments, send confirmations on behalf of our customers — contract performance (on behalf of customer)
- Respond to contact form inquiries — consent / legitimate interest
- Invoice and collect payment — contract performance / legal obligation
- Improve the Services (aggregated, de-identified) — legitimate interest
- Comply with legal and regulatory obligations — legal obligation
- Send service-related communications — contract performance
- Send marketing communications to existing customers — legitimate interest (opt-out available)
5. Legal Basis (PIPEDA + Alberta PIPA)
We collect, use, and disclose personal information in accordance with:
- The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
- The Personal Information Protection Act (PIPA) (Alberta)
Consent is obtained explicitly for marketing uses and implicitly for operational uses reasonably expected in the context of the interaction.
6. Sharing and Disclosure
We share personal information with:
- Subprocessors — third-party service providers who help us deliver the Services. Current subprocessors:
- Amazon Web Services (hosting) — Canada / United States
- Stripe (payments) — United States
- Twilio (telephony, SMS) — United States
- OpenAI (language processing) — United States
- Google Cloud (calendar integration, email infrastructure) — United States / Canada
- Supabase (database) — United States
- n8n Cloud (workflow automation) — European Union
- Our customers — we share call records, transcripts, and lead details with the specific customer the interaction was intended for
- Legal / regulatory authorities — when required by law, subpoena, or to enforce our rights
- In a business transfer — if MPG is acquired, merged, or sold, personal information may transfer to the acquirer, subject to this Policy
We do not sell personal information.
7. Cross-Border Transfers
Some of our subprocessors are located outside Canada, primarily in the United States and the European Union. When we transfer personal information across borders, we use contractual protections (standard contractual clauses where applicable) and require providers to maintain security standards comparable to Canadian privacy law.
8. Retention
- Website contact form submissions — 24 months, then deleted
- Analytics data — 26 months (Google Analytics default)
- Customer account records — duration of contract + 7 years (tax / legal obligation)
- Call audio — 90 days by default (customer may configure)
- Call transcripts and lead records — duration of contract + 6 months
- Billing records — 7 years (CRA requirement)
- Backup copies — rolling 30-day window
9. Cookies and Tracking
We use cookies and similar technologies for:
- Essential cookies — required for the Website to function (session, security)
- Analytics cookies — Google Analytics or similar, to understand Website usage
- No advertising/retargeting cookies at this time
You can disable cookies in your browser; essential cookies cannot be disabled without impacting site functionality. We will display a cookie banner before setting non-essential cookies.
10. Your Rights
Under PIPEDA and Alberta PIPA, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Withdraw consent where we rely on consent (may affect ability to provide Services)
- Challenge our compliance with this Policy
To exercise these rights, email privacy@mpgsolutions.ca. We will respond within 30 days.
If you are unsatisfied with our response, you may file a complaint with:
- Office of the Privacy Commissioner of Canada — priv.gc.ca
- Office of the Information and Privacy Commissioner of Alberta — oipc.ab.ca
11. Security
We protect personal information with:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (database-level)
- Access controls and role-based permissions
- Logging and monitoring
- Annual review of subprocessors
No system is 100% secure. In the event of a material privacy breach that creates a real risk of significant harm, we will notify affected individuals and the Privacy Commissioner as required by law.
12. Children's Privacy
Our Services are intended for businesses. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will delete it.
13. Changes to This Policy
We may update this Policy from time to time. The "Last Updated" date above reflects the most recent change. Material changes will be communicated by email to customers and posted on the Website.
14. Contact
Privacy questions:
Zephan Amponsah, Privacy Officer
MPG Solutions
privacy@mpgsolutions.ca
mpgsolutions.ca