Privacy Policy

Last Updated: April 22, 2026  ·  Invocursor Inc.

1. Who We Are

Invocursor Inc. ("Invocursor", "we", "us") operates the AI copilot platform available at invocursor.com and invocursor.up.railway.app. Invocursor provides a JavaScript widget and API that businesses ("Customers") embed into their own web applications to offer AI-powered assistant functionality to their users ("End Users").

We are incorporated in Ontario, Canada and process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy law.

2. Our Role — Processor vs. Controller

Invocursor operates as a data processor. Our Customers (the businesses that integrate our widget into their products) are the data controllers — they determine what personal data their End Users enter and why.

Invocursor processes personal data only on behalf of and under the instructions of our Customers. Customers who handle sensitive personal data (such as information about children, health details, or financial records) should execute a Data Processing Agreement (DPA) with us. Contact privacy@invocursor.com to request one.

3. What Data the Widget Collects

When an End User interacts with the Invocursor widget embedded in a Customer's application, the following information may be processed:

  • Chat messages: The text content of messages submitted by the End User in the widget chat interface.
  • Page context: The current page URL path, visible page headings, form field states, and table data visible on the current page — used to give the AI assistant accurate context about what the user is looking at.
  • User role: A role identifier (e.g., "admin" or "provider") provided by the Customer's application to control assistant permissions.
  • API key: The Customer's Invocursor API key, used to authenticate the request and load the correct assistant configuration.
  • Session history: A short window of recent conversation turns (up to the last 6 messages) held temporarily in browser memory for multi-turn coherence. This is never stored server-side.
  • Call booking details (optional): If an End User chooses to book a support call from inside the chat, we collect the name, email address, and optional note they submit, plus the page they were on — solely to schedule and hold that call.

Invocursor does not use tracking cookies, fingerprinting, or persistent cross-session identifiers. No End User account or profile is created by Invocursor.

4. How We Use This Data

Data collected through the widget is used only to:

  • Generate AI assistant responses on behalf of the Customer
  • Select the correct assistant configuration and permissions for the current user
  • Log request metadata (token usage, response timing, error codes) for service reliability and billing
  • Detect and prevent abuse or unauthorized API access

We do not use End User chat data for advertising, analytics profiling, or any purpose outside of delivering the requested assistant response.

5. AI Processing — OpenAI Sub-Processor

Chat messages and page context are transmitted to OpenAI to generate assistant responses. OpenAI is our primary AI sub-processor. The following data protection measures are in place:

  • No model training: OpenAI does not use API inputs or outputs to train its models by default. We have not opted in to any such use. This is contractually confirmed under our signed OpenAI Services Agreement and Data Processing Addendum.
  • Response storage disabled: Every API request we send to OpenAI includes store: false, which disables OpenAI's default response log storage for our requests.
  • All sharing disabled: We have disabled all optional data-sharing settings in our OpenAI organization, including model feedback sharing, evaluation and fine-tuning data sharing, and inputs/outputs sharing.
  • Signed DPA: We have executed OpenAI's Data Processing Addendum, establishing PIPEDA- and GDPR-compatible contractual protections for personal data we transmit.
  • Data residency: OpenAI processes data on infrastructure in the United States. Chat message content may be transferred to and processed in the US under the protections of OpenAI's DPA and applicable cross-border transfer safeguards.
Note for Customers handling sensitive data: Invocursor is not designed to process protected health information (PHI), government identification numbers, or payment card data via chat. Your implementation should prevent End Users from entering such data in the chat interface. Direct End Users to use your application's dedicated data entry fields for sensitive information.

6. Data Retention

Invocursor retains minimal data. Specifically:

  • Chat messages: Not stored by Invocursor after the response is returned. Conversation history is held only in the End User's browser session memory. Where a Customer has configured a webhook, the conversation is routed to the Customer's own endpoint in real time — it lives in the Customer's systems, not ours.
  • Request logs: Metadata logs (timestamp, Customer API key hash, token counts, response type, success/failure outcome, response timing) are retained for up to 90 days for billing, abuse prevention, and debugging. These logs do not contain chat message content.
  • Call booking details: Name, email, optional note, and booked time are retained so the Customer's team can hold the call, and deleted on request to privacy@invocursor.com.
  • Customer account data: API keys, configuration files, and account information are retained while the Customer account is active and deleted within 30 days of account closure.

7. Sharing and Disclosure

We do not sell or rent personal data. We share data only as follows:

  • OpenAI: As described in Section 5, under a signed DPA.
  • Infrastructure providers: Our hosting provider (Railway) for server operation, and our database provider (Supabase) for operational metrics and call booking records. Data is not shared beyond what is required to run the service.
  • Legal compliance: When required by applicable law, court order, or to protect the rights and safety of users.
  • Business transfer: In connection with a merger or acquisition, with appropriate notice to Customers.

8. Security

All data transmission between End Users, Customer applications, and Invocursor servers uses HTTPS/TLS encryption. Customer API keys are validated server-side on every request. We apply rate limiting and request validation to prevent unauthorized access. Internal access to production systems is restricted to authorized personnel.

9. Customer Responsibilities

Customers who embed the Invocursor widget are responsible for:

  • Informing their End Users that an AI assistant powered by a third-party service is in use
  • Obtaining any necessary consents from End Users under applicable law
  • Ensuring their own privacy policies accurately describe the use of the Invocursor widget
  • Executing a DPA with Invocursor if their application handles sensitive personal data categories (children's data, health data, financial data)

10. Your Rights

Individuals whose data is processed by Invocursor on behalf of a Customer should direct data access, correction, or deletion requests to the Customer (the data controller) in the first instance. If you believe Invocursor has processed your data improperly, contact us at privacy@invocursor.com. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

11. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated to active Customers by email at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision.

12. Contact

Privacy inquiries: privacy@invocursor.com
DPA requests: privacy@invocursor.com
Invocursor Inc. · Ontario, Canada

Invocursor Inc. · Waterloo, Ontario, Canada · Terms of Service