CoroAmbra Get Free Consultation
‹ Back to home LEGAL

Privacy Policy

Last updated: June 16, 2026

This Privacy Policy explains how CoroAmbra collects, uses, shares, and protects personal information when you visit our website, contact us, or work with us. We have written it in plain language so you know exactly what happens to your information and the choices you have.

01 Who we are

CoroAmbra ("CoroAmbra", "we", "us", or "our") is a sole proprietorship operated by Ghulam Mustafa, based in Toronto, Ontario, Canada. We design and deliver done-for-you AI systems, including AI voice agents, AI message and lead-response systems, lead generation, and custom automation, for service businesses.

We are responsible for the personal information in our custody and control, including information handled on our behalf by the service providers described in this policy. If you have any questions about this policy or your information, you can reach us at malik@coroambra.com.

02 Information we collect

We collect only the information we need to run our business and serve you. This falls into a few categories.

Information you give us directly

When you email us, book or request a consultation, or otherwise contact us, we collect the details you choose to share, such as your name, business name, email address, phone number, and anything you include in your message. If you become a client, we also collect the information needed to deliver and bill for our services.

Information collected automatically when you visit our website

Our website is intentionally light. When you load a page, our hosting provider records standard technical information in server logs, such as your IP address, browser type, referring page, and the date and time of your request. This is used for security, to keep the site running, and to diagnose problems. We do not run advertising trackers or analytics profiling on the site.

Our pages load the Geist typeface from Google Fonts. When a font file is requested, your IP address is shared with Google as part of that request. We do not control Google's use of that information; see Google's privacy policy for details.

Information we process on behalf of our clients

When we build and operate AI systems for a client (for example, an AI voice agent that answers a client's calls), those systems may process the personal information of the client's own customers, such as names, phone numbers, call recordings or transcripts, and appointment details. In that situation we act as a service provider to the client, and that data is handled under our agreement with that client. The client is responsible for the lawful basis and consent for contacting their customers. If you are an end customer of one of our clients and have a request, please contact that business directly, or contact us and we will route your request appropriately.

03 How we use your information

We use personal information for the following purposes:

  • To respond to your inquiries and provide the information or consultation you ask for.
  • To provide, operate, maintain, and improve our services.
  • To schedule calls and meetings, and to manage our relationship with you.
  • To send invoices and process payments where you are a client.
  • To send you service updates and, where you have consented, marketing emails you can unsubscribe from at any time.
  • To keep our website and systems secure and to prevent misuse.
  • To meet our legal, tax, and regulatory obligations.

We only use your information for the purposes described here or for a purpose you would reasonably expect. If we ever need to use it for something materially different, we will ask for your consent first.

04 Cookies and tracking technologies

Our website does not set advertising cookies and does not run analytics profiling. We do not sell your personal information, and we do not use tracking technologies to build a profile of you across other websites.

The only third-party request our pages make is to Google Fonts, described above, which delivers the site's typeface and receives your IP address as a normal part of that request. If we add analytics or other tracking technologies in the future, we will update this policy and, where required, ask for your consent before activating them.

05 How we share information

We do not sell or rent your personal information. We share it only with trusted service providers who help us run our business, and only to the extent they need it to perform their function. These providers are bound to protect the information and to use it only for the services they provide to us. The categories of providers we rely on include:

  • Website hosting and content delivery (Vercel, Cloudflare), to serve and protect this website and route our email.
  • Scheduling (Cal.com), if you book a consultation through a scheduling link.
  • Payments (Stripe), to process payments from clients. We do not store full card numbers ourselves.
  • Customer relationship and email tools (such as HubSpot and our email providers), to manage inquiries and communications.
  • AI and telephony platforms used to deliver our services (such as Vapi, OpenAI, Anthropic, ElevenLabs, and Twilio), where we build voice or messaging systems.

We may also disclose personal information if required by law, to comply with a valid legal request, to enforce our agreements, or to protect the rights, safety, and property of CoroAmbra, our clients, or others. If our business is ever involved in a reorganization or transfer, information may be shared as part of that transaction, subject to this policy.

06 International data transfers

Several of the service providers listed above store and process information on servers located in the United States. This means that your personal information may be transferred to, stored in, and processed in the United States and may be subject to the laws of that country, including lawful access requests by US authorities.

We remain accountable for personal information that is transferred to our service providers for processing, and we use providers that offer a comparable level of protection through their contractual and security commitments. Where we transfer the personal information of individuals in Quebec outside the province, we assess the privacy implications of that transfer as required by Quebec law. If you would like more detail about where your specific information is stored, contact us at malik@coroambra.com.

07 Data security

We use safeguards that are appropriate to the sensitivity of the information we hold. These include encryption in transit (HTTPS/TLS) across our website, strict security response headers, access controls and least-privilege access to systems, and the use of reputable providers that maintain their own security programs.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we ever become aware of a breach that poses a real risk of significant harm, we will notify affected individuals and the relevant authorities as required by law.

08 How long we keep your information

We keep personal information only for as long as we need it for the purposes described in this policy, or for as long as the law requires us to. For example, we keep inquiry and consultation information while we are in contact with you and for a reasonable period after, and we keep client and billing records for as long as our tax and accounting obligations require. When information is no longer needed, we delete it or de-identify it. You can ask us to delete information we hold about you, as described in your privacy rights below.

09 Your privacy rights

Under Canadian privacy law, including PIPEDA, you have the right to:

  • Access the personal information we hold about you and learn how it has been used and disclosed.
  • Correct information that is inaccurate or incomplete.
  • Withdraw consent to our use of your information at any time, subject to legal or contractual limits, after we explain the consequences.
  • Ask us to delete information that we no longer have a valid reason to keep.
  • Complain to us, and to the Office of the Privacy Commissioner of Canada, if you are not satisfied with how we have handled your information.

To exercise any of these rights, email us at malik@coroambra.com. We will respond within the time frame required by law and may need to confirm your identity first. You can also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

10 Quebec residents (Law 25)

If you are located in Quebec, the province's privacy law (often called Law 25) gives you additional rights and gives us additional responsibilities.

  • The person responsible for the protection of personal information at CoroAmbra is Ghulam Mustafa, who can be reached at malik@coroambra.com.
  • You have the right to access and correct your information, to request that it be de-indexed or no longer disseminated in certain circumstances, and to receive a copy of the computerized information you provided to us in a structured, commonly used format (data portability).
  • We assess the privacy implications before transferring the personal information of individuals in Quebec outside the province, as described in the international data transfers section above.
  • We do not use your information to make decisions based solely on automated processing in a way that affects you. If that ever changes, we will tell you and explain your options.
  • We do not collect biometric information through this website. If we ever introduce a product or service that uses biometric data, we will provide the required notices and disclosures beforehand.

11 Email communications

We send commercial electronic messages only in line with Canada's Anti-Spam Legislation (CASL). That means we contact you where we have your consent or another lawful basis, every commercial message identifies us and includes our contact information and a valid mailing address, and every message includes a working unsubscribe option. If you unsubscribe, we will stop sending you marketing messages promptly. You can also opt out at any time by emailing malik@coroambra.com.

12 Children's privacy

Our website and services are intended for businesses and adults. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

13 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. When we do, we will revise the "Last updated" date at the top of this page. If we make a significant change, we will take reasonable steps to let you know. We encourage you to review this page periodically.

14 Contact us

If you have any questions, concerns, or requests about this policy or your personal information, contact us:

CoroAmbra
Attn: Ghulam Mustafa, Privacy Officer
Toronto, Ontario, Canada
Email: malik@coroambra.com