Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and authentication)
• Full name (optional, for personalization)
• Organization name and details
• Billing information (processed securely through our payment processor, LemonSqueezy)

1.2 Call Recordings and Transcripts

When you upload call recordings, we collect and process:

• Audio recordings of sales calls
• Transcribed text from call recordings
• Call metadata (duration, file size, upload timestamp)
• Prospect names and contact information (if provided)

1.3 AI Analysis Data

Our AI analysis generates and stores:

• Call performance metrics (talk-to-listen ratio, objection handling scores, qualification depth)
• Win probability scores
• Coaching recommendations and insights
• Key moments and highlights from calls
• MEDDPICC, BANT, Challenger Sale, and Value-Based Selling methodology scores

1.4 CRM Integration Data

If you connect your CRM (Salesforce or HubSpot), we collect:

• OAuth access tokens and refresh tokens (encrypted using AES-256-GCM encryption)
• CRM instance URLs and portal IDs
• Sync status and error logs

Note: We do not store your CRM credentials. All OAuth tokens are encrypted at rest and only used to sync call insights to your CRM as authorized by you.

1.5 Usage Data

We automatically collect:

• IP addresses and browser information
• Device information and operating system
• Usage patterns and feature interactions
• Error logs and performance metrics

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Provide, maintain, and improve our AI-powered call analysis service
• Process and analyze call recordings to generate insights
• Sync call insights to your connected CRM systems
• Send you service-related communications and updates
• Process payments and manage subscriptions

2.2 Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contractual necessity: To fulfill our service agreement with you
• Legitimate interests: To improve our services, prevent fraud, and ensure security
• Consent: For optional features like CRM integrations and marketing communications
• Legal obligation: To comply with applicable laws and regulations

3. Data Storage and Security

3.1 Data Storage

Your data is stored securely using:

• Supabase (PostgreSQL): Database hosting for account information, call metadata, and analysis results
• Supabase Storage: Secure cloud storage for call recordings in private buckets
• Data Location: Data is stored in secure data centers. Contact us for specific data residency information.

3.2 Security Measures

We implement comprehensive security measures:

• Encryption at rest: All sensitive data, including OAuth tokens, is encrypted using AES-256-GCM encryption
• Encryption in transit: All data transmission uses TLS/SSL encryption
• Row-Level Security (RLS): Database access is restricted using Supabase RLS policies, ensuring users can only access their own data
• Authentication: Secure authentication via Supabase Auth with password hashing and session management
• Access controls: Role-based access control (rep, manager, admin) limits data access to authorized personnel
• Regular security audits: We conduct regular security assessments and updates

3.3 Data Retention

We retain your data for as long as necessary to provide our services:

• Active accounts: Data is retained while your account is active
• Deleted accounts: Upon account deletion, data is permanently deleted within 30 days, except where retention is required by law
• Call recordings: Retained until you delete them or your account is closed
• Backup data: Backups may be retained for up to 90 days for disaster recovery purposes

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating our service:

• Supabase: Database and storage hosting (data processing agreement in place)
• LemonSqueezy: Payment processing (PCI-DSS compliant)
• Deepgram: Speech-to-text transcription services
• Anthropic (Claude): AI analysis and insights generation
• Resend: Email delivery services
• Vercel: Application hosting and CDN services

All service providers are contractually obligated to protect your data and use it only for the purposes specified.

4.2 CRM Integrations

When you connect your CRM (Salesforce or HubSpot), we sync call insights to your CRM as authorized. This data sharing is controlled by you through the integration settings. We do not share your data with third parties except as explicitly authorized by you through CRM integrations.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to valid legal requests

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

5. Your Rights (GDPR & CCPA)

5.1 Right to Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings.

5.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. To delete your account and all associated data, contact us at privacy@repedge.ai or use the account deletion feature in settings.

5.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

5.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format. Contact us to export your data.

5.6 Right to Object

You can object to processing of your personal data for direct marketing purposes or based on legitimate interests.

5.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

5.8 Exercising Your Rights

To exercise any of these rights, contact us at privacy@repedge.ai. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for data transfers outside the EEA
• Data Processing Agreements with all service providers
• Compliance with applicable data protection laws

7. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze service usage and improve performance

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending email notifications for significant changes

Continued use of our service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For users in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.