At GrowTeam Intelligence, we understand that data security, privacy, and compliance are critical issues for your organization. While we operate as an agile startup, our systems and partners are built on the same global standards used by IT teams at large enterprises.

Canadian legal framework and provincial compliance

GrowTeam Intelligence complies with Canadian and Quebec laws relating to the protection of personal information:

  • LPRPDE / PIPEDA : Federal law governing the collection, use and retention of personal information by private companies.

  • Law 25 (Quebec) : Application of the principles of transparency, explicit consent, data governance and mandatory notification in the event of a confidentiality incident.

Our internal practices are aligned with these laws, and specific contractual commitments can be offered via our DPA (Data Processing Agreement) upon request.

Data Confidentiality & Ownership

  • All data collected, processed or accessed via our solutions (including HRAssist) remains the exclusive property of the customer.

  • We do not resell, share, or monetize any customer data.

  • The customer retains full control over their content, documentation and AI usage settings.

Compliance Standards We Rely On

The platforms and infrastructures we use comply with the following international standards:

  • SOC 2 – Security, availability and confidentiality of services criteria
  • ISO/IEC 27001:2022 – Information security management
  • ISO/IEC 27018 – Protection of personal data in the cloud
  • ISO/IEC 27701 – Privacy Information Management
  • GDPR – General Data Protection Regulation (EU)
  • CCPA – California Consumer Privacy Act
  • HIPAA – Health Insurance Portability and Accountability Act
  • HDS – Health Data Hosting (France)

Security Incident Procedure

In the event of an incident or security breach, we undertake to:

  • Notify the customer within 48 hours of confirmation

  • Provide a comprehensive report on the event, its impacts and corrective measures

  • Collaborate fully with your legal and IT teams

Data Residency & Retention

Upon request, we can guarantee that all data is stored and processed in a specific geographic region (e.g., Canada, EU). In case of termination of the service, we ensure complete deletion of data within 30 business days. An official deletion certificate can be provided upon request.

Voice AI Agent (Voicebot) Compliance

GrowTeam Intelligence offers intelligent voice agent solutions designed to meet regulatory requirements for speech recognition, automated call handling, and audio data management.

Our commitments:

  • Explicit consent required before any voice recording or transcription.

  • No audio recording without written permission from the client.

  • Sovereign accommodation available in Canada or Europe upon request.

  • No biometric analysis without formal agreement (compliance with PIPEDA, Law 25 and GDPR).

  • Sensitive calls can be automatically redirected to a human agent according to your internal rules.

These features ensure compliance while maintaining a high level of operational performance.

Hosting & Document Sharing

GrowTeam Intelligence adapts to your internal documentation methods. Resources (HR policies, onboarding guides, etc.) can be shared via:

  • Google Drive – Data encryption at rest and in transit, with enterprise access control
  • Proton Drive – End-to-end encryption, hosted in Switzerland under strict privacy laws

We adapt to your compliance posture and preferences.

Transparency of Subcontractors

We provide our clients, upon request, with a complete and updated list of technology subcontractors used (hosts, APIs, AI models, etc.).

Questions ?