Skip to content
VeraDial
Canadian Privacy

Our PIPEDA commitments

VeraDial is built in Toronto and used by Canadian small businesses, so Canada's federal privacy law applies to how we handle your information. This page explains our consent model, your access and correction rights, how deletion works, and — plainly — where your data is hosted.

By Graham Thomson · Updated July 11, 2026

Short Answer

VeraDial follows PIPEDA's fair-information principles: we collect only what a business phone service needs, use it only for purposes a reasonable person would consider appropriate, honor access, correction, and consent-withdrawal requests, and let you delete your account yourself in the app. Your data is hosted in the United States — PIPEDA doesn't require Canadian residency; it requires accountability and comparable protection wherever data is processed, and that's the standard our provider agreements enforce.

The commitments

How PIPEDA's principles map to VeraDial

PIPEDA is built on ten fair-information principles. Here is how the ones that matter day-to-day work in the product — each is a plain-language restatement of our Privacy Policy, which governs.

Accountability

VeraDial is operated by VeraDial Inc., a Toronto-based company, and we are responsible for personal information under our control — including information our service providers process on our behalf. We require providers that process personal data for VeraDial to protect it under privacy and security obligations equal to our own policy.

Consent

You provide information by creating an account and choosing which features to use — call recording, voice cloning, Contact Memory, and location on the Call Map are each opt-in and controlled by you. Business SMS consent is consumer-initiated (people who contact your number first), with STOP honored automatically on every VeraDial number.

Limited collection and use

We collect what running a business phone line requires — account data, numbers, call records, messages, voicemail — and use it only for purposes a reasonable person would consider appropriate: providing calling, messaging, and AI answering, preventing abuse, and supporting your account. We don't sell your phone number, message content, or consent records.

Accuracy, access, and correction

You can access the personal information VeraDial holds about you, challenge its accuracy, and have it corrected. Most of your data — profile, numbers, call history, messages — is directly visible and editable in the app; for anything else, email support@veradial.com and we'll handle the request.

Deletion you can run yourself

Account deletion is self-serve inside the app — no email thread, no retention dark patterns. The delete-account page documents exactly what is removed and what limited records (like SMS opt-outs required for telecom compliance) are retained.

Safeguards

Data is protected with encryption in transit (TLS/HTTPS), authenticated API access, and secure credential storage. Notifications never show message content on your lock screen, and analytics events strip sensitive fields like transcripts, message content, and contact details before anything is sent.

Where your data lives

Hosted in the US — and we say so plainly

VeraDial's database and storage run in the United States (Supabase, US-West-2 region in Oregon), and service providers like Twilio process calls and messages in their own data centers. It would be easy to let "built in Toronto" imply Canadian servers — we'd rather be exact.

PIPEDA does not require data residency in Canada. It requires accountability: we remain responsible for your personal information wherever it is processed, our providers must protect it to a standard comparable to our own policy, and we must be transparent that data is processed in the United States — which our Privacy Policy discloses. If your organization has a hard Canadian-residency requirement (some provincial public-sector and health-data rules impose one), VeraDial isn't the right fit today, and we'd rather you know that before you sign up.

Deletion is self-serve

Delete your account from inside the app — Profile → Delete Account — and your data is removed per the retention terms in the Privacy Policy. No support ticket required. The delete-account page documents the flow and the narrow records we must keep (like SMS opt-out records required by telecom rules).

How account deletion works

Subprocessors, documented

Every third party that touches your data — and exactly what each one processes — is listed in the "Third-Party Services" section of the Privacy Policy, with links to each provider's own policy. The short version:

  • Twilio (voice, SMS, numbers)
  • Supabase (auth, database, storage)
  • RevenueCat (subscriptions)
  • Deepgram (transcription)
  • ElevenLabs, Cartesia, OpenAI, Google, xAI (AI voice features)
  • Sentry and PostHog (errors and anonymized analytics)
Full list in the Privacy Policy

Your rights

Exercising your PIPEDA rights

You can access the personal information we hold about you, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. Most data is directly visible and manageable in the app; for everything else, one email does it.

Official references

Read the law, not just our summary

PIPEDA in brief — Office of the Privacy Commissioner of Canada

The federal regulator's plain-language overview of Canada's private-sector privacy law.

PIPEDA fair information principles — OPC

The ten principles (accountability, consent, limiting collection, safeguards, and more) that PIPEDA compliance is built on.

FAQ

PIPEDA and VeraDial, answered

Does VeraDial comply with PIPEDA?

VeraDial is built to meet PIPEDA's requirements for a private-sector service handling Canadian customers' personal information: we collect only what the service needs, use it for purposes a reasonable person would consider appropriate, honor access, correction, and consent-withdrawal requests, and provide self-serve account deletion in the app. The governing document is our Privacy Policy at veradial.com/privacy — this page is the plain-language summary of how those practices map to PIPEDA.

Is my data stored in Canada?

No — and we'd rather tell you that plainly than bury it. VeraDial's data is stored and processed in the United States (Supabase, US-West-2 region in Oregon), and service providers like Twilio process calls and messages in their own data centers. PIPEDA does not require personal information to stay in Canada; it requires that we remain accountable for it wherever it's processed and that providers protect it to a comparable standard, which our provider agreements require.

Does PIPEDA require Canadian data residency?

No. PIPEDA is built on accountability, not residency: an organization can use service providers outside Canada as long as it remains responsible for the personal information, ensures comparable protection through contractual or other means, and is transparent that data may be processed in another jurisdiction. That's the model VeraDial follows and discloses in our Privacy Policy. (Some provincial public-sector and health-data rules do impose residency requirements — those apply to specific sectors, not to a small business using a phone service.)

How do I delete my VeraDial data?

Delete your account from inside the app (Profile → Delete Account) — it's fully self-serve. The delete-account page at veradial.com/delete-account documents the flow, what's removed, and the narrow records we must retain (for example, SMS opt-out records that telecom rules require us to keep). You can also email support@veradial.com if you've lost access to the app.

Who are VeraDial's subprocessors?

The full, current list — with what each provider processes and links to their privacy policies — is the "Third-Party Services" section of our Privacy Policy. The main ones: Twilio for voice, SMS, and numbers; Supabase for auth, database, and storage; RevenueCat for subscriptions; Deepgram for transcription; ElevenLabs, Cartesia, OpenAI, Google, and xAI for AI voice features; Sentry and PostHog for errors and anonymized analytics.

Is VeraDial PHIPA or HIPAA compliant?

We don't claim PHIPA or HIPAA compliance, and we'd rather say that clearly than market vague "healthcare-grade" language. If you're an Ontario health information custodian or a US covered entity handling patient health information over the phone, evaluate VeraDial with your compliance advisor before routing that traffic through it. For general small-business calling — trades, services, retail, offices — PIPEDA is the applicable framework, and this page describes how we handle it.

Audio demo

Hear Vera in action.

Play a short sample call, follow the transcript, and move into a personalized live demo when you're ready.

Play the sampleNo download · no form · start the live demo anytime

Plain-language summary of VeraDial's practices under PIPEDA — not legal advice, and not a substitute for the Privacy Policy, which governs. Current as of July 2026.