FUSIVE INC.

PRIVACY POLICY

Effective Date: April 1, 2025

This Privacy Policy describes how Fusive Inc. ("Fusive", "we", "us", or "our"), a corporation incorporated under the laws of Canada, collects, uses, discloses, and protects personal information in connection with the Fusive platform and services ("Services") and our website at fusive.ai ("Website").

This Privacy Policy applies to personal information collected from clients, their authorized users, and visitors to our Website. It covers both our platform at app.fusive.ai and our public website at fusive.ai.

The current version of this Privacy Policy is always available at https://fusive.ai/legal/privacy. We will notify you of material changes in accordance with Section 11.

By using the Services or Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Services or Website.

1. WHO WE ARE AND HOW TO CONTACT US

Fusive Inc. is the organization responsible for personal information collected through the Services and Website. We are federally incorporated in Canada.

For privacy-related questions, requests, or concerns, please contact us at:

Privacy Officer, Fusive Inc.

Email: privacy@fusive.ai

Website: https://fusive.ai/legal/privacy

2. PERSONAL INFORMATION WE COLLECT

2.1 Information You Provide at Signup

When you create an account or subscribe to the Services, we collect:

Contact name of the account administrator;
Business email address;
Phone number;
Company name;
Billing and payment information, including credit card details processed on our behalf by Stripe (Fusive does not store your full card number or payment credentials directly);
Selected subscription plan and region.

We do not collect or store passwords. Authentication and password management are handled by our identity provider, WorkOS. Fusive never has access to your password.

2.2 Information Collected During Use

When you and your authorized users use the Services, we may collect:

Account activity logs, including login events and feature usage;
Support ticket contents and communications with Fusive;
Technical data such as IP addresses, browser type, and device information for security and service integrity purposes;
Subscription and billing history.

2.3 AI Interaction Data and Memory Stores

The Services maintain two types of AI memory stores associated with your account:

Company Memory: information your account provides to the platform about your organization, which is used to inform AI Agent responses within your account;
Agent Memory: information stored on a per-AI-Agent basis, reflecting interactions, preferences, and context provided by your users over time.

These memory stores exist for your benefit and are used solely to provide the Services to you. Fusive does not use the contents of your memory stores for Fusive's own commercial purposes, does not share them with third parties for marketing or any other purpose, and does not use them to train AI models without your consent.

Fusive personnel may access the contents of memory stores on a strictly limited basis for the purpose of diagnosing technical issues, resolving support requests, or maintaining the security and integrity of the Services. Such access is logged and subject to Fusive's internal confidentiality obligations.

2.4 AI Conversation Data

When your users interact with AI Agents through the Services, the content of those interactions is processed by third-party AI model providers in order to generate responses. Please see Section 5 for details on how this data is handled by those providers.

Fusive retains conversation logs associated with your account for the purpose of providing the Services, including AI Agent memory and context continuity, technical support, and service improvement. Conversation logs are associated with your tenant account and are not shared with other clients.

2.5 Website Visitors

When you visit fusive.ai, we may collect standard web analytics data such as pages visited, referral sources, and time on page. This data is collected in aggregate and is not used to identify individual visitors unless you submit a contact form or sign up for an account.

3. HOW WE USE PERSONAL INFORMATION

We use personal information for the following purposes:

To create and manage your account and provide the Services;
To process payments and manage your subscription;
To authenticate your identity and maintain account security;
To provide customer support and respond to your inquiries;
To send transactional communications, including subscription confirmations, invoices, and service notices;
To notify you of updates to this Privacy Policy or our Terms of Service;
To monitor and improve the security, performance, and reliability of the Services;
To comply with applicable legal obligations;
To enforce our Terms of Service and other agreements.

We do not use your personal information or the contents of your memory stores or conversation logs for targeted advertising, marketing to third parties, or any purpose unrelated to providing the Services to you.

4. FUTURE USE FOR AI MODEL IMPROVEMENT

Fusive does not currently use client data, memory store contents, or conversation logs to train or improve AI models.

If Fusive introduces AI model training or improvement programs in the future that involve client data, we will:

Update this Privacy Policy and notify you in advance in accordance with Section 11;
Provide a clear and easy mechanism for you to opt out of such use before it begins;
Not use your data for AI training purposes without first providing you the opportunity to opt out.

Any future AI training use will be subject to your consent or opt-out right, as described above.

5. THIRD-PARTY SERVICE PROVIDERS

Fusive works with third-party service providers who process personal information on our behalf in order to deliver the Services. We require these providers to handle personal information in accordance with applicable privacy laws and our instructions.

5.1 Payment Processing — Stripe

Payment processing is handled by Stripe. When you provide payment information, it is transmitted directly to and stored by Stripe in accordance with Stripe's privacy policy and PCI-DSS compliance standards. Fusive does not store full payment card details. Stripe may be located in the United States or other jurisdictions outside Canada.

5.2 Identity and Authentication — WorkOS

Account authentication is managed by WorkOS. WorkOS collects and retains your email address and manages your authentication credentials, including your password. Fusive does not store or have access to your password. WorkOS may be located in the United States or other jurisdictions outside Canada. Please review WorkOS's privacy policy for details on their data practices.

5.3 AI Model Providers

The AI capabilities within the Services are powered by third-party AI model providers. When your users interact with AI Agents, the content of those interactions is transmitted to the applicable AI model provider for processing in order to generate a response. These providers process interaction data as necessary to deliver their services.

Fusive selects AI model providers that maintain commercially reasonable data protection practices. Fusive does not authorize AI model providers to use your interaction data to train their general models, to the extent such controls are available. However, Fusive cannot guarantee the data practices of third-party AI model providers and recommends that you review the privacy policies of such providers. AI model providers may be located outside Canada.

5.4 Cloud Infrastructure

The Services are hosted on cloud infrastructure provided by third-party hosting providers. Your data may be stored on servers located in Canada or the United States, depending on the region you selected at signup. Fusive takes reasonable steps to ensure that data is stored in the region you selected, but cannot guarantee that all data processing occurs exclusively within that region.

5.5 Other Providers

Fusive may engage additional third-party service providers from time to time for purposes such as email delivery, error monitoring, and analytics. We will update this Privacy Policy when we engage new providers that materially affect how your personal information is handled.

6. CROSS-BORDER DATA TRANSFERS

Fusive is a Canadian company. Some of our third-party service providers, including Stripe, WorkOS, and AI model providers, are located in the United States or other countries outside Canada. When personal information is transferred outside Canada, it may be subject to the laws of the destination country, which may differ from Canadian privacy laws.

By using the Services, you acknowledge and consent to the transfer of your personal information to third-party service providers located outside Canada as described in this Privacy Policy.

Fusive's Services are intended for use by clients and users located in Canada and the United States. However, Fusive cannot prevent clients from inviting users who are located in other countries, including countries subject to the General Data Protection Regulation (GDPR) or other privacy regimes. If your organization includes users located outside North America, you are responsible for ensuring that your use of the Services complies with the applicable privacy laws of those jurisdictions. If you believe GDPR or other international privacy regulations apply to your use of the Services, please contact us at privacy@fusive.ai to discuss your requirements.

7. DATA RETENTION

We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Account information is retained for the duration of your subscription and for a reasonable period thereafter to handle any post-termination inquiries, disputes, or legal obligations;
Payment records are retained as required by applicable tax and financial record-keeping laws;
AI memory store contents and conversation logs are retained for the duration of your subscription. Upon termination of your account, you may request deletion of your memory store contents and conversation logs, subject to any legal retention obligations;
Authentication records held by WorkOS are subject to WorkOS's retention policies;
Web analytics data is retained in aggregate form for service improvement purposes.

8. SECURITY

Fusive implements commercially reasonable technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include access controls, encryption of data in transit, and security monitoring.

No method of electronic transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the applicable privacy authority as required by law.

You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your account. Please notify us immediately at privacy@fusive.ai if you suspect unauthorized access to your account.

9. YOUR PRIVACY RIGHTS

Subject to applicable law, you have the following rights with respect to your personal information:

Access: you may request access to the personal information we hold about you;
Correction: you may request that we correct inaccurate or incomplete personal information;
Deletion: you may request deletion of your personal information, subject to our legal retention obligations;
Withdrawal of consent: where processing is based on consent, you may withdraw consent at any time, though this will not affect processing that occurred prior to withdrawal;
Opt-out of future AI training: if Fusive introduces AI training programs involving client data in the future, you will have the right to opt out as described in Section 4.

To exercise any of these rights, please contact us at privacy@fusive.ai. We will respond to requests within the timeframes required by applicable law. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the applicable provincial privacy authority.

10. CHILDREN'S PRIVACY

The Services are intended for use by businesses and their employees. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected personal information from a minor, please contact us at privacy@fusive.ai and we will take steps to delete it.

11. CHANGES TO THIS PRIVACY POLICY

Fusive may update this Privacy Policy from time to time. The current version is always available at https://fusive.ai/legal/privacy. We will notify you of material changes by email to the address associated with your account, or by posting a notice within the Services, at least thirty (30) days before the changes take effect.

Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the Services before the effective date of the changes.

12. APPLICABLE LAW

This Privacy Policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Fusive is committed to handling personal information in accordance with these laws and the ten fair information principles they embody: accountability, identifying purposes, consent, limiting collection, limiting use and disclosure, accuracy, safeguards, openness, individual access, and challenging compliance.

13. CONTACT US

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Privacy Officer, Fusive Inc.

Federal Corporation, Canada

Email: privacy@fusive.ai

We are committed to resolving privacy concerns promptly and fairly.