Privacy Policy
Effective Date: May 25, 2026
1. INTRODUCTION AND CORPORATE IDENTITY
Formic AI Ltd. ("Formic," "we," "us," or "our"), an Ontario corporation having its principal office at 475 Lauder Avenue, York, ON, M6E 3J3, Canada, is committed to protecting the privacy, security, and confidentiality of the data entrusted to us.
This Corporate Privacy Policy (the "Privacy Policy" or "Policy") outlines our rigorous data handling practices, security protocols, and commitment to privacy across our entire software suite, including:
The CanDoo and CanDooPDF research assistants (www.candoo.ai).
The Formic Engine database index and search interface (www.formic.ai).
The programmatic API endpoints.
Our underlying neuro-symbolic Boreal Architecture.
This Policy governs all cloud-hosted SaaS instances of our platform. For clients running our local, containerized Formic OnSite (air-gapped) implementations, all data processing occurs entirely within the client’s private infrastructure; in such instances, Formic does not ingest, transmit, or have access to any Customer Data whatsoever.
2. DESIGNATED PRIVACY OFFICER
We have appointed a designated Privacy Officer to oversee our data protection program, maintain compliance with federal and provincial legislation (including the Personal Information Protection and Electronic Documents Act (PIPEDA), the Digital Charter Implementation Act, and global standards such as GDPR), and address any user inquiries or audit requests.
For all questions, data deletion requests, or compliance inquiries, please contact:
Privacy Officer: Varun Ranganathan
Corporate Address: Formic AI Ltd., 475 Lauder Avenue, York, ON, M6E 3J3, Canada
Compliance Node: general@formic.ai
3. DATA COLLECTION CATEGORIES
Formic processes information in two distinct classifications: Personally Identifiable Information (PII) and Customer Data / Processing Inputs.
3.1 Personally Identifiable Information (PII)
We collect standard identity markers strictly necessary for account creation, platform access control, and subscription management. This is collected when users or administrators manually register an account:
Account Identity Markers: First and last names, corporate/institutional email addresses, phone numbers, and professional organization affiliations.
Administrative Credentials: Cryptographically hashed passwords, programmatic API tokens, and client connection keys.
3.2 Automatically Collected System Metadata
When interacting with our cloud-hosted interfaces or programmatic API, we automatically capture performance and analytical data to maintain system health, troubleshoot operational errors, and optimize query latency:
Connection Data: IP addresses, browser types, operating system versions, and system language parameters.
Usage Telemetry: API call frequencies, document parsing speeds, query compilation latencies, and platform navigation patterns.
Geographical Markers: Coarse location metrics (derived from standard IP routing tables) to ensure data routing complies with geographic hosting mandates.
3.3 Customer Data and Processing Inputs
Unlike standard consumer SaaS tools, Formic’s core architecture is built to process large, unstructured private files. We process:
Ingested Corpus Files: Structured or unstructured data uploaded by the customer to create private search indices.
Search Queries: Natural language research queries and structured graph matching inputs submitted by users.
Provenance Graphs: Graph metadata generated by our parser, establishing relationships between data nodes (such as page, paragraph, and sentence coordinates).
4. FINANCIAL DATA SEPARATION AND PCI COMPLIANCE
Formic does not store, process, or transmit raw payment card data, banking credentials, or credit card numbers.
All financial transactions, payment details, and billing cycles are handled securely and directly through our third-party merchant processors, QuickBooks and Stripe. This configuration is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), ensuring that any financial transaction data remains strictly isolated within QuickBooks’ and/or Stripe's certified secure hosting environment.
5. THE BOREAL DATA GUARANTEE: STRICT NON-TRAINING MANDATE
The primary vulnerability of standard generative AI is the risk of training leakage, where sensitive prompts or uploaded corporate files are absorbed into a model's weights and exposed to third parties.
THE FORMIC AI ZERO-LEAKAGE PROMISE
Formic AI Ltd. explicitly, legally, and unconditionally guarantees that none of the Customer Data, uploaded files, indexing metadata, search queries, or generated Model Outputs processed through our platforms, the Formic Engine, or the Boreal API will ever be used to train, fine-tune, test, or validate any foundation models, generative Large Language Models (LLMs), or public/commercial software systems operated by Formic or any third party.
Your data remains strictly your own. The models use your uploaded documents solely in active memory to extract data and map it to our proprietary data structures for retrieval in your private session.
6. MULTI-TENANCY AND CRITICAL DATA ISOLATION
Formic maintains a highly secure, modern multi-tenant cloud architecture that guarantees logical network traffic and data separation between enterprise clients:
Isolation at the Database Layer: All enterprise indices, user files, and parsed graph coordinates are logically separated using strict user/group/organization-level access control filters at the database level. Cross-tenant queries are structurally impossible within our data models.
VPC and Firewall Segmentation: Our application environments are protected by Virtual Private Cloud (VPC) connectors and robust network firewalls. Network access is isolated, meaning that user search queries are confined to a private, secure container that cannot leak data packets into neighbouring client workspaces.
Regional Environments: To support sovereign deployments, we operate distinct, isolated environments. All cloud-hosted clients are served by cloud servers within their respective legal jurisdictions and are subject only to their domestic regulatory and legislative regimes.
7. EXTREME DATA ENCRYPTION PROTOCOLS
We utilize state-of-the-art cryptographic mechanisms to protect all classifications of data from unauthorized physical or digital extraction:
Data-at-Rest: All database records, user indices, physical files, and compiled data stored within storage blocks are encrypted using Advanced Encryption Standard protocols with a 256-bit key structure (AES-256). Cryptographic keys are managed securely and rotated automatically.
Data-in-Transit: Any connection between the user's browser, the API programmatic endpoints, or backend database servers is encrypted utilizing Secure Sockets Layer (SSL) and Transport Layer Security (TLS 1.2 or higher) protocols. Any database-to-application traffic is forced through localized, encrypted VPN connections.
8. RETENTION, DESTRUCTION, AND EXIT STRATEGY
We believe that organizations must retain absolute control over the lifecycle of their data.
8.1 The 30-Day Hard Safety Buffer
Upon the voluntary termination or cancellation of an enterprise subscription or pilot program:
Formic immediately suspends platform logins and API keys;
All index databases, document files, and relational metadata caches are maintained in an offline, read-only state for a hard buffer of thirty (30) days to protect against accidental data loss and allow the client to request a standard export of its raw uploaded files;
Upon the expiration of the 30-day buffer, Formic initiates automated, cryptographically secure shredding and overwriting protocols, permanently destroying the data across all production databases, file caches, and server storage disks.
8.2 Certificate of Deletion
Following the permanent deletion of customer environments, corporate officers of enterprise tenants may request a formal, legally binding Certificate of Deletion. This document is signed and executed by our CTO and Privacy Officer, validating under penalty of perjury that all files, parsed indices, and associated metadata backups have been permanently and irretrievably purged from our entire cloud infrastructure.
9. PRIVACY RIGHTS AND DATA SUBJECTS
In alignment with global privacy standards, Formic guarantees the following fundamental rights to all registered users:
Right of Access and Portability: You may request a complete, machine-readable summary of the PII we hold about you, as well as an export of your originally uploaded documents.
Right to Rectification: You have the right to request the immediate correction of any inaccurate or incomplete personal contact details.
Right to Erasure (The "Right to be Forgotten"): You may demand the permanent deletion of your personal account records. Upon request, we will purge your administrative PII, provided that such deletion does not interfere with active contractual compliance.
10. COOKIES AND WEB TRACKING SYSTEMS
We use a minimal footprint of browser cookies to ensure platform stability and a seamless user experience:
Functional Cookies (Mandatory): Necessary to recognize your login session, maintain active administrative states, and secure your encrypted connection parameters. Disabling these cookies in your browser settings will prevent the platform from functioning.
Analytical Cookies (Optional): We utilize anonymized analytical tools (such as localized tracking cookies) to gather telemetry on platform navigation, page latency, and feature usage. These cookies collect no personal data or query text, and can be disabled via your browser settings without degrading your core research experience.
11. POLICY AMENDMENTS AND REVISIONS
Formic AI Ltd. reserves the right to amend this Privacy Policy from time to time to adapt to evolving legal landscapes, security frameworks, and system architectures. When changes are made, we will update the "Effective Date" at the top of this Policy. For material modifications that affect data residency, encryption standards, or model training guarantees, we will provide all corporate administrators and registered users with at least thirty (30) days' notice via email before the changes take effect.