Privacy Policy

SalesTrainer, contact privacy@salestrainer.example, acts as the data controller for the personal data described below.

• Account data: email address and a hashed password (never stored in clear text). Optional name and profile language.
• Business profile: information you choose to enter about your company and product so the AI can simulate relevant calls.
• Practice content: scenario settings, custom prospects you create, transcripts of your practice calls and chats, and the AI-generated feedback for each session.
• Usage data: counts of calls, hints, feedbacks, TTS characters and chat messages, and per-event timestamps. Used for quota enforcement and product analytics.
• Technical data: IP address, browser user-agent and request metadata. Used for security and abuse prevention.

We do not persistently store the audio of your voice calls — Ultravox handles the live voice stream and we only store the resulting text transcript.

• Performance of contract (Art. 6(1)(b) GDPR): running the Service you signed up for — authenticating you, generating feedback, tracking your practice progress.
• Legitimate interests (Art. 6(1)(f) GDPR): preventing abuse, securing the platform, debugging errors, and improving the product via aggregate usage statistics.
• Legal obligations (Art. 6(1)(c) GDPR): responding to lawful requests, tax records.
• Consent (Art. 6(1)(a) GDPR): for any non-essential analytics or marketing emails. You can withdraw consent at any time.

We share the minimum necessary data with:

• Groq — generates coaching hints and post-call feedback. Receives the call transcript and your business profile.Privacy
• Ultravox (Fixie AI) — runs the live voice-call AI. Receives the persona system prompt and processes audio in real time.Privacy
• ElevenLabs — text-to-speech for fallback audio. Receives only the text being spoken.Privacy
• Hosting provider — runs the SalesTrainer web app and database. Stores your account data and transcripts at rest.

Where any of these providers are located outside the EEA, transfers are made under the European Commission's Standard Contractual Clauses (SCCs).

• Account data: while your account is active.
• Practice transcripts and feedback: retained so you can revisit them in “Past attempts”. You can delete a session at any time, or your entire account, from the account page.
• Usage events: retained for the calendar month they occur in plus 12 months for billing-dispute purposes.
• Server logs: 30 days, then deleted.

Under GDPR you have the right to:

• Accessa copy of your data — available on-demand at the “Export your data” button on your account page.
• Rectify inaccurate data — edit your profile from your account page.
• Eraseyour data (“right to be forgotten”) — use the “Delete account” action, which removes transcripts, feedback, custom prospects, business profile, and account record.
• Port your data to another service — the export is in JSON.
• Object to processing based on legitimate interests, and to restrict processing while we resolve a complaint.
• Lodge a complaint with your local data protection authority (in Spain: AEPD, aepd.es).

We hash passwords with scrypt + per-user salt, transmit data over TLS, run regular dependency security updates, rate-limit authentication attempts, and isolate user data per-account at the database query level. No system is perfectly secure; in the event of a personal-data breach affecting you, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33-34.

The Service is not directed at children under 16 and we do not knowingly collect their data.

We may update this Policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect.