GMhigm.ai
Sign inStart free trial

Legal

Privacy Policy

Last updated: April 11, 2026

This Privacy Policy describes how Digital Trend Inc. (“GM,” “we,” “our”), a corporation headquartered in Toronto, Ontario, Canada, handles information when you use the GM web application, mobile app, SMS workflows, and related services (collectively, the “Service”). By using the Service you acknowledge this Policy.

GM is a business-to-business tool for business owners and on-site managers (“Operators”) to schedule, communicate with, and manage their staff (“Employees”). Operators are our customers; Employees interact with the Service primarily through SMS. This Policy applies to both.

Our data-minimization commitment.GM is deliberately designed to operate on the smallest set of information needed to run schedules and SMS. We do not collect or store government identifiers, dates of birth, home addresses, banking details, driver’s licence numbers, or payroll withholdings on Employees. We do not profile Employees for advertising, credit, or background-check purposes. We do not sell any information we handle.

1. Information we handle

1.1 Information Operators provide directly

  • Account information: the Operator’s first name, business name, contact email, mobile phone number, and password credentials (stored only as a salted hash, never in plain text).
  • Business information: storefront city/region, operating hours, staffing templates, and billing-plan selection.
  • Billing information: subscription plan and invoice history. Payment cards are handled directly by our payment processor; GM never receives or stores full card numbers, CVV codes, or bank account details.

1.2 Information Operators provide about Employees

To run the Service, Operators give GM only what is needed to send a text message to the right person at the right time:

  • First name (or preferred display name).
  • Mobile phone number (required, to deliver SMS).
  • Role or job title, availability windows, and shift history on the Operator’s schedule.

GM does notask for, and Operators should not upload to GM, any of the following: government identifiers (e.g., SIN, SSN, ITIN, national ID), dates of birth, home addresses, banking or direct- deposit details, immigration documents, driver’s licence numbers, health information, or emergency-contact details. Payroll, tax withholding, and benefits-of-record remain entirely with the Operator’s existing payroll provider.

Operators warrant that they have the legal authority and appropriate consent to share the limited Employee information above with GM, and that they will inform their Employees of this sharing in accordance with applicable privacy laws.

1.3 Information Employees provide via SMS or check-in

  • SMS replies to onboarding, scheduling, and coverage prompts, including preferred language.
  • Optional coarse location (on-site / not-on-site) when an Employee opens a shift check-in link. GM does not retain raw GPS trails or track location outside an active check-in action; only a yes/no proximity result is stored against the shift.

1.4 Information from connected third-party services

  • When an Operator connects a point-of-sale (POS) system, GM ingests only the aggregated business data the Operator has authorized: sales and tender totals, product or service catalog, merchant tax- rate configuration, and merchant metadata. GM does not ingest cardholder data, customer names, customer contact details, loyalty identifiers, or other end-consumer personal information from any connected service. The integration is read-only; GM does not write to, modify, or delete data in the connected service.
  • GM stores only the access credentials required to make authenticated calls back to the integration. Those credentials are encrypted at rest and revoked immediately when the Operator disconnects the integration.

Currently supported integrations include Clover. GM accesses Clover merchant data on a read-only basis, only for the scopes the Operator has authorized, and the Operator can disconnect at any time from the Integrations area of the Service — which revokes GM’s Clover credentials and stops further syncs.

1.5 Information we collect automatically

  • Usage data: pages visited, feature interactions, and aggregate SMS message volume.
  • Network and browser data: IP address, browser type, operating system, and time-zone setting — used strictly for security, abuse prevention, and session management. IP addresses are retained only as long as needed for those purposes and are not used for advertising or cross-site tracking.
  • Cookies used to keep you signed in and remember preferences. GM does not use third-party advertising or marketing-attribution cookies on authenticated pages. You can control cookies in your browser settings; disabling them may degrade certain features.

2. How we use this information

  • To provide the Service. Building schedules, detecting late arrivals, finding shift coverage, sending SMS reminders, confirming on-site check-ins, surfacing labor-cost reporting, and producing operations dashboards and forecasts.
  • To communicate with Operators and Employees. Transactional notifications (schedule published, coverage accepted, password resets, security alerts) and occasional product updates.
  • To power AI-assisted recommendations. GM uses machine-learning inference to summarize operations, answer questions, classify incoming SMS intent, and suggest actions. Only the text strictly needed for the requested task is sent to inference providers, under zero-retention and no-training contractual terms (see Section 4). Inference providers do not receive Employee phone numbers or billing details.
  • To bill for the Service and to detect fraud or abuse.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell personal information. We do not use Employee SMS content for advertising or to train publicly released models. We do not use Operator business data for cross-customer analytics without explicit consent.

3. Legal bases (where applicable)

Where laws such as the EU General Data Protection Regulation (GDPR) apply, we rely on the following lawful bases: performance of the contract between the Operator and GM; our legitimate interests in running and improving the Service; compliance with legal obligations; and your consent, where required.

4. Sub-processors and service providers

GM engages reputable third-party service providers to deliver the Service. Current categories include:

  • Cloud infrastructure and database hosting.
  • SMS delivery (for carrier-grade message routing to your Employees).
  • Transactional email delivery.
  • Payment processing for Operator subscriptions.
  • Connected point-of-sale providers, only when an Operator has explicitly authorized a POS connection from within the Service.
  • Machine-learning inference providers used to generate and interpret text in GM’s conversational interface. Data sent for inference is subject to the provider’s zero-retention and no-training terms; a current list of sub-processors is available upon written request to privacy@higm.ai.

Each sub-processor is contractually required to process information only on our documented instructions and to apply appropriate safeguards.

5. Sharing and disclosure

We share personal information only in these circumstances:

  • With the Operator that manages an Employee’s account. GM is the data processor; the Operator is the data controller for their staff records.
  • With sub-processors listed in Section 4, under binding data-processing agreements.
  • When compelled by valid legal process, to protect our legal rights, or to prevent fraud or imminent harm.
  • In connection with a corporate transaction (merger, acquisition, or asset sale), subject to confidentiality obligations.

6. International data transfers

GM is based in Canada and primary processing and storage occur on servers located in Canada. Certain sub-processors (for example, SMS delivery and machine-learning inference) may process requests on infrastructure located in the United States or elsewhere; for those flows we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards, and we require zero-retention terms where inference is involved.

7. Data retention

  • Active accounts: we retain data for the life of the Operator’s subscription, plus a 90-day grace period after cancellation during which the account can be reactivated.
  • Former Employees: when an Operator removes a staff member from their roster, we retain the shift history needed for that Operator’s labor reporting, but the Employee’s mobile phone number is promptly deactivated for messaging and pruned from active records on request.
  • After the account grace period, remaining information is deleted or irreversibly anonymized unless longer retention is required by law, necessary to resolve disputes, or needed to enforce our agreements.
  • Audit logs and billing records are retained for the period required by applicable tax and corporate-records law (typically seven years in Canada).

8. Security

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including:

  • Encryption at rest for sensitive fields (password credentials, POS access credentials, and other integration secrets).
  • Encryption in transit via TLS for all traffic to and from the Service.
  • Passcode or single-sign-on authentication on Operator logins, with least-privilege permissions for internal staff.
  • Tenant isolation at the database layer so that one Operator’s data is never returned to another Operator.
  • Continuous vulnerability scanning and periodic third-party security assessments.

No system is perfectly secure. If we become aware of a breach that affects information you have entrusted to us, we will notify affected parties in accordance with applicable law.

9. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or receive a portable copy of the information GM holds about you, and to object to certain processing. You may also withdraw a previously given consent.

Employees: GM typically holds only your first name, mobile number, and shift activity (role, availability, and shifts you worked) on your Operator’s schedule. You can text STOP to any GM message to opt out of further SMS at any time. For broader requests, please contact the Operator who employs you; if you are unable to reach them, contact us at privacy@higm.ai and we will help route the request.

Canadian residents may exercise rights under the federal Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to file a complaint with the Office of the Privacy Commissioner of Canada. Residents of the European Economic Area may lodge a complaint with their local supervisory authority.

10. Children

GM is intended for use by businesses and their staff. We do not knowingly collect information from individuals under the age of 16. If you believe a minor has interacted with the Service, please contact us and we will remove what we hold.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced to the Operator’s registered email address and posted here with an updated “Last updated” date at the top of the page. Continued use of the Service after a change constitutes acceptance.

12. Contact

Digital Trend Inc.
Toronto, Ontario, Canada
Email: privacy@higm.ai
General: ask@higm.ai