Overview.
This policy explains how VYRA Data Inc. ("VYRA", "we", "us", "our") builds, uses, and discloses artificial intelligence. It covers the AI in our SaaS products, the VYN AI teammate, the AI-assisted work we deliver as a service, and the AI tools we use inside our own business.
We wrote this so you know what to expect. When AI is involved, we tell you. We keep a human accountable for the work we hand you. We do not train models on your content without your say-so. And we build our AI to comply with the rules that apply to it, including Canada's federal privacy law (PIPEDA), Quebec's Law 25, the GDPR and UK GDPR, and the EU AI Act.
This policy sits alongside our Terms of Service, our Privacy Policy, and our Acceptable Use Policy. Where those documents and this one both apply, read them together. The date this policy last changed is shown at the top of this page.
VYRA is based in Halifax, Nova Scotia, Canada.
Where we use AI.
AI shows up in four places across VYRA.
- In our SaaS products. Vyra Insights, Vyra Life, and Vyra Code use AI features to help you work with your own data and content.
- In VYN, our AI teammate. VYN is a conversational assistant built into our products. When you are talking to VYN, you are talking to an AI, not a person.
- In public VYN. VYN can explain approved public website information and prepare an inquiry draft. The browser sends that draft only after you explicitly confirm it.
- In our own internal tooling. We use AI to draft, research, summarise, and speed up routine work inside VYRA. This is subject to the same oversight and data commitments described here.
Our AI implementation service is different from the rest. There, we build or connect AI systems for you, in your product or your environment, on your instructions. In that work you usually operate the system and we help you set it up and run it. We say more about how responsibility is shared in the sections below.
Human oversight.
AI helps us move faster. It does not get the final word on what we hand to a client.
For public VYN inquiries, a human reads every submitted inquiry before VYRA replies. VYN does not claim that an external action happened until the interface has a verified result for that action.
This human-review step applies to the deliverables we hand you. It does not apply to real-time output you generate yourself in a self-serve AI feature, such as a live answer from VYN. You review that output before you rely on it, the same way you would check any draft.
The accountability chain runs like this. The person who reviews a deliverable is accountable for it. Our AI Steward is accountable for how our AI is governed overall. Our Privacy Officer is accountable for personal information, reachable at privacy@vyradata.com. Our security lead is accountable for the security of our systems, reachable at security@vyradata.com. No AI system inside VYRA operates without a human who owns the outcome.
AI is the engine. The human is the brake.
Training data.
We protect your content. Three commitments matter most.
- Third-party model providers do not train on your content. Under the business and enterprise terms of the foundation-model providers we use, they do not train their models on your content. We rely on those terms and pass that protection through to you.
- We do not train our own models on your content without your written opt-in. If we ever want to use your content to train or fine-tune a VYRA model, we ask first, in writing, and you can say no.
- We may use aggregated, de-identified data to improve the services. This is data that cannot reasonably be linked back to you or any individual. We use it to measure, secure, and improve how our products work.
These commitments apply to the content you submit to our products and to the content you give us for a services engagement. For AI implementation work that runs in your own environment, your data handling also follows the terms of that specific engagement.
Transparency and disclosure.
You should always know when AI is in the loop. We follow the disclosure duties set out in the EU AI Act for the features they cover, and we apply the same standards more broadly as a matter of practice.
- We tell you when you are interacting with an AI. When you use VYN or another AI feature that talks with you, we make clear you are dealing with an AI system, not a person.
- We mark synthetic outputs where required. Where the law requires it, content that AI generates, such as synthetic audio, images, video, or text, is marked as artificially generated so it is not mistaken for something a person made or captured.
- We label AI-assisted deliverables. When we hand you a client-facing deliverable that AI helped produce, we mark or disclose the AI-generated parts so they are never passed off as unassisted human work.
The EU AI Act phases in over time, with core transparency and high-risk obligations applying through 2026 and 2027. We track those dates and update our features to meet them for the systems they cover.
Prohibited uses.
The rules in our Acceptable Use Policy apply in full to every AI feature we offer. In short, you agree not to use our AI, or any output from it, to:
- Break any law, or help anyone else break the law.
- Create or spread deepfakes or other synthetic media in a deceptive, harmful, or unlawful way.
- Generate content that infringes someone's rights, defames, harasses, threatens, or discriminates against a person or group.
- Reverse engineer our systems, or extract or reconstruct any model weights.
- Use our services or their outputs to build or train a competing product or model.
- Submit personal information about other people without a lawful basis to do so.
- Use AI for high-stakes purposes, such as life-safety, medical, or other critical systems, without our written authorisation and appropriate human oversight.
- Turn off or evade safety features, filters, or usage controls.
The Acceptable Use Policy is the full and controlling list. Serious abuse can result in suspension or termination, and where required, a report to the authorities. You can report abuse or an AI-safety concern to safety@vyradata.com.
Accuracy and error handling.
AI output can be wrong, incomplete, or out of date. AI can produce output that sounds confident but is invented. Treat it as a draft, not a decision.
AI output is not legal, medical, financial, or other professional advice, and you should not rely on it as a substitute for a qualified professional. You are responsible for reviewing AI output for your own situation before you act on it.
If you find an error, a harmful output, or unexpected behaviour in one of our AI features, tell us at safety@vyradata.com. We investigate reports, fix what we can, and use what we learn to make the systems safer and more accurate. The more detail you give us, the faster we can act.
Copyright and intellectual property.
Our IP posture for AI follows the norms set by the leading model providers, and it chains through to what those providers give us.
- We use vendor safety features. Where a model provider offers content filters, safety guardrails, or copyright protections, we use them. Some of those protections apply only when the built-in guardrails are left on, so we keep them on.
- You represent that you have the rights to your inputs. When you submit content to our AI, you confirm you have the lawful rights and permissions to use it, including any data, images, copy, and other materials.
- Our IP protection to you mirrors, and is limited to, what our upstream AI providers give us. As set out in our Terms of Service, VYRA will defend you against certain third-party intellectual-property claims about the services as we provide them, subject to a cap and to conditions. Where AI is involved, we cannot promise you more than our providers promise us, so their conditions and carve-outs pass through to you. Those conditions typically require you to use the system as directed, keep safety features on, and not fine-tune on infringing data.
See the intellectual property and indemnification sections of our Terms of Service for the full terms, including the liability cap.
Safety.
We design and run our AI to be safe and privacy-protective across its lifecycle, in line with the Office of the Privacy Commissioner of Canada's principles for responsible generative AI and the safety standards our model providers require.
In practice this means:
- We rely on a valid legal basis and, where required, consent when personal information is used in an AI system.
- We collect only what the feature needs, and we are open about how our AI works.
- We test and evaluate our AI features before and after release, including reviewing them for harmful, biased, or unsafe behaviour.
- We keep a human able to review and override AI output, and we do not use AI to make decisions with a significant effect on you based solely on automated processing without a route to human review.
- We honour the acceptable-use limits above and act on the reports you send to safety@vyradata.com.
Governance.
We are building our AI practices toward the international management-system standard for AI, ISO/IEC 42001, which sets out how an organisation should govern, assess risk, and continually improve its use of AI. We use it as a framework to guide our work. We do not currently claim certification to it, and we will only say we are certified once we actually hold that certification.
We also align our approach with Canada's Voluntary Code of Conduct on the responsible development and management of advanced generative AI systems. It is a voluntary framework, not a law, and we treat it as a benchmark for accountability, transparency, human oversight, and safety.
Inside VYRA, a few roles carry responsibility for AI:
- Our AI Steward owns how AI is governed across the company and keeps this policy current.
- A named reviewer approves each client-facing deliverable and is accountable for it.
- Our Privacy Officer, reachable at privacy@vyradata.com, owns how personal information is handled.
- Our security lead, reachable at security@vyradata.com, owns the security of our systems.
We review this policy and our AI practices on a regular cadence and after any significant change to the systems we run. AI-safety and privacy incidents feed into the incident-response process described in our Privacy Policy and our Security page.
How the EU AI Act applies to us.
The EU AI Act treats different actors in the AI supply chain differently. A "provider" develops an AI system and places it on the market under its own name. A "deployer" uses an AI system under its own authority in a professional setting. Which role applies depends on what a given VYRA offering does.
- For VYN and the AI features we build into our own SaaS products, VYRA acts as a provider, and, where we operate them for you, also as a deployer.
- For our AI implementation service, roles depend on the engagement. When we build or connect a system that you then operate under your own name, you are usually the deployer, and VYRA supports you. When a system is branded and placed on the market by VYRA, we may be treated as a provider.
We set out the specific roles and responsibilities for a given engagement in the agreement and statement of work for that work. Where a classification is genuinely unclear, we work it out with you and document it before the system goes live.
Feedback and contact.
We want to hear when our AI helps, and especially when it does not.
- To report an AI-safety concern, a harmful output, an error, or abuse: safety@vyradata.com.
- For privacy questions and to exercise your data rights: privacy@vyradata.com.
- For security issues and vulnerability reports: security@vyradata.com.
- For general and legal questions: contact@vyradata.com.
You can reach us at VYRA Data Inc., Halifax, Nova Scotia, Canada.