Privacy Policy

Last updated: July 9, 2026

Interlay Inc. (“Interlay”, “we”, “us”) is a Canadian corporation that provides an AI-native operations platform for enterprise teams. This policy explains what personal information we collect, how we use and protect it, and the choices and rights you have. It applies to our websites, our marketing activities, and the accounts of people who use the Interlay platform.

The short version

  • We never sell your personal information.
  • Data our customers process through the Interlay platform belongs to them. We process it only on their instructions.
  • Your information is encrypted in transit and at rest, and we collect only what we need.
  • You can contact us at privacy@withinterlay.com about your information at any time.

Information we process for our customers

Organizations use Interlay to run their own workflows, forms, approvals, and conversations. If you interact with one of these, for example by completing a form, uploading documents, or responding to an approval request sent by an organization that uses Interlay, that organization is responsible for your information. They decide what is collected and why. We process it on their behalf, under contract, and only according to their instructions. Where the information includes health information, we do so as a Business Associate under HIPAA pursuant to executed Business Associate Agreements.

For questions or requests about information handled through a customer’s workflows (including access, correction, or deletion), please contact that organization directly. Their privacy notice governs that information. We support our customers in responding to these requests, and if you contact us about customer data we will refer your request to the responsible organization without undue delay.

Information we collect

Information you give us. When you request a demo, join a waitlist, contact us, or subscribe to updates, we collect information such as your name, work email address, company, and the contents of your message. When your organization gives you access to the Interlay platform, we collect account information such as your name, work email address, role, and authentication details managed through our sign-in provider.

Information collected automatically. When you visit our websites or use the platform, we collect usage and device information such as pages viewed, browser type, and approximate region, along with logs needed to keep the service secure (for example, sign-in events). We use a small number of cookies and similar technologies for the site and platform to function and to understand aggregate usage. We do not use third-party advertising cookies.

How we use information

  • To provide, operate, secure, and support our services
  • To respond to inquiries and provide requested information
  • To send service communications, and marketing communications you can opt out of at any time
  • To monitor, improve, and develop our services
  • To detect, investigate, and prevent security incidents, fraud, and abuse
  • To comply with legal obligations

How we share information

We do not sell personal information, and we do not share it for third-party advertising. We share personal information only with:

  • Service providers that help us run our business, such as cloud hosting, storage, communications, and analytics providers, bound by contracts that require them to protect it
  • Professional advisors, such as lawyers and accountants
  • Authorities, where required by law, legal process, or to protect rights and safety
  • A successor organization in connection with a merger, acquisition, or sale of assets, subject to this policy

Artificial intelligence

Interlay includes AI features that operate within workflows our customers design and control, including where human review and approval occur. AI-driven outcomes on the platform produce audit records that make them reviewable. We do not use your personal information, or our customers’ data, to train AI models, and zero-data-retention configurations are available for regulated workloads.

Security

We maintain a security program designed for regulated, enterprise workloads. Personal information is encrypted in transit and at rest, access is limited to those who need it and protected by multi-factor authentication, and activity on production systems is logged and monitored. Customer organizations are isolated from one another at the database layer. No method of transmission or storage is completely secure, but we work to protect your information against unauthorized access, loss, and misuse, and we notify affected parties of incidents as required by law.

Data retention

We keep personal information for as long as needed for the purposes described above: while your account or your organization’s agreement is active, as needed to provide the services, and as required by law. Content processed through customer workflows is retained according to each customer’s configured retention settings and is deleted on automated schedules when those periods end.

Where your information is processed

We are a Canadian company and use service providers located primarily in Canada and the United States. Wherever your information is processed, we remain responsible for it and require comparable protection from our providers through contractual safeguards.

Your rights and choices

Subject to applicable law, including the Personal Information Protection and Electronic Documents Act (PIPEDA), you may request access to the personal information we hold about you, ask us to correct it, withdraw consent, or ask us to delete it. To make a request, email privacy@withinterlay.com. We will verify your identity and respond within 30 days. You may opt out of marketing communications at any time using the unsubscribe link in any message. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

Remember that requests about information processed through a customer’s workflows should go to that organization, as described above.

Children

Our websites and services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page with a revised date, and where changes are material we will provide additional notice.

Contact us

Interlay Inc.
Ontario, Canada
privacy@withinterlay.com