Canero

Privacy Policy

Effective Date: 2026-05-07

Introduction

Canero ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our anonymous employee feedback platform.

Information We Collect

Information You Provide

  • Account Information: Email address used for authentication
  • Feedback Content: Anonymous feedback you submit through conversations
  • Organization Data: Company name and settings (for administrators)

Automatically Collected Information

  • Usage Data: How you interact with our platform
  • Device Information: Browser type, operating system
  • Log Data: IP addresses, access times, pages viewed

How We Protect Your Anonymity

  • Identity Separation: Your feedback is never linked to your identity
  • Fresh Conversations: Each session starts clean with no history
  • Privacy Thresholds: Reports only generate with sufficient participation
  • No Tracking: We don't use tracking cookies or analytics that could identify you

How We Use Your Information

  • Provide and maintain our service
  • Generate aggregated, anonymous reports for organizations
  • Improve our platform and user experience
  • Communicate service updates and changes

AI and Data Processing

We use artificial intelligence to assist in analyzing feedback and generating reports. Our AI integrations include the following protections:

  • No Training on Your Data: Your feedback data is never used to train third-party AI models. We have explicit agreements with our AI providers that prohibit the use of your data for model training or improvement.
  • Zero Data Retention: We enforce zero data retention (ZDR) agreements with our AI providers. Your data is immediately and permanently deleted from AI provider systems after each request is processed.
  • PII Protection: All messages are automatically scrubbed for personally identifiable information before being stored or sent to AI systems. Our scrubbing pipeline detects and redacts structured identifiers including email addresses, phone numbers, IP addresses, payment card numbers, names, locations, government identifiers (including US Social Security Numbers and passport numbers), international bank account numbers (IBAN), medical record numbers (MRN), medication and dosage patterns, ICD-10 diagnostic codes, and other structured identifiers. Users should avoid entering detailed clinical prose, as NLP-based scrubbing covers structured identifiers rather than free-form clinical descriptions.
  • Wellbeing Classification: Messages are evaluated by OpenAI's Moderation API to detect content that may indicate safety concerns. This classification uses zero-data-retention APIs; no message content is retained by OpenAI for this purpose.
  • Provider Compliance: Our AI providers (including OpenAI and Anthropic) maintain SOC 2 compliance and enterprise-grade security standards.

Data Sharing

We do not sell your personal information. We may share data:

  • With your organization (aggregated reports only)
  • With service providers who assist our operations (see Subprocessors section)
  • When required by law or to protect rights

Subprocessors

The following third parties process data on our behalf to operate the platform. Each subprocessor is bound by data processing agreements that prohibit use of your data for their own purposes.

SubprocessorPurposeData processed
VercelApplication hosting and edge functionsAll platform traffic
NeonPostgreSQL databaseAll stored data
InngestBackground job processingJob metadata (no message content in transit)
ClerkAuthentication and identityAccount credentials, session tokens
StripePayment processingBilling information (administrator accounts only)
ArcjetRate limiting and structured PII pre-redactionMessage text (processed in-process, not transmitted)
OpenAI (via Vercel AI Gateway)AI feedback analysis and report generationScrubbed message content; zero data retention
Anthropic (via Vercel AI Gateway)AI feedback analysis (fallback)Scrubbed message content; zero data retention
Vercel AI GatewayAI provider routingScrubbed message content; zero data retention
OpenAI Moderations APIWellbeing classificationMessage text; zero data retention; free endpoint
Microsoft Presidio (self-hosted on Fly.io)NLP-grade PII detection and anonymizationMessage text; processed in our infrastructure; not transmitted to third parties
SentryError tracking and performance monitoringError logs, stack traces (PII-redacted before transmission)
Fly.ioML sidecar infrastructure (Presidio + injection detection)Message text; processed in our infrastructure

This subprocessor list is updated when we add or remove data processors. Customers with enterprise DPA requirements may request notification of subprocessor changes.

Data Retention

  • Feedback Data: Retained for analysis period, then anonymized
  • Account Data: Retained while account is active
  • Aggregated Reports: Retained per organization settings

Your Rights

You have the right to:

  • Access your personal information
  • Request deletion of your data
  • Opt-out of certain data uses
  • Data portability

Security

We implement industry-standard security measures including encryption, access controls, and regular security audits.

Contact Us

For privacy concerns or questions:

Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or platform notification.