SpokesCoach
Sign In
# Privacy Policy

**Effective Date:** [INSERT DATE]
**Last Updated:** [INSERT DATE]

---

## 1. Introduction

SpokesCoach ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use the SpokesCoach AI media training platform (the "Service").

This Policy applies to all users of the Service, including:
- **Customer organizations** (PR agencies, corporate communications teams, government agencies)
- **Account Owners and Administrators**
- **Trainers** (media coaches conducting training sessions)
- **Spokespeople** (individuals being trained)

By using the Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.

---

## 2. Who We Are

SpokesCoach is the data controller for personal data collected directly from Customer organizations and their administrators. For personal data processed on behalf of Customer organizations (e.g., training data of Spokespeople), SpokesCoach acts as a **data processor**, and the Customer organization is the **data controller**.

A separate **Data Processing Agreement (DPA)** governs our role as a processor for Customer Content. See: [DPA](/dpa)

**Contact for Privacy Inquiries:**
- Email: privacy@spokescoach.com
- Postal: [INSERT BUSINESS ADDRESS]

---

## 3. Information We Collect

### 3.1 Information You Provide Directly

**Account Information:**
- Name, email address, job title
- Organization name, industry, website
- Billing address, payment method (processed by Stripe; we do not store card numbers)
- Tax identification numbers (for B2B invoicing)

**Profile Information:**
- Profile photo (optional)
- Communication preferences

**Training Content:**
- Video and audio recordings of training sessions
- Speech transcripts
- Written notes and tags added by Trainers
- Performance scores and feedback (generated by AI and Trainers)

**Communications:**
- Emails to support, sales, or feedback channels
- Meeting recordings (if you participate in calls with our team)

### 3.2 Information Collected Automatically

**Usage Data:**
- Pages visited, features used, time spent
- Login times and IP addresses
- Device information (browser type, operating system)

**Cookies and Similar Technologies:**
We use essential cookies for authentication and session management. We do not use advertising cookies. You may control cookies through your browser settings.

### 3.3 Information from Third Parties

We may receive information from:
- **Identity providers** (if you use SSO or social login in the future)
- **Stripe** (payment status, billing details)
- **Analytics tools** (aggregated usage statistics)

### 3.4 Sensitive Personal Data

The Service processes information that may be considered sensitive in some jurisdictions, including:
- **Voice recordings** (biometric identifier)
- **Video recordings** (facial features captured incidentally)
- **Performance evaluations** (could reveal personal characteristics)

**Customer organizations are responsible for obtaining all necessary consents from Spokespeople before recording or uploading their data.**

---

## 4. How We Use Your Information

We use personal data to:

### 4.1 Provide the Service
- Authenticate users and maintain Accounts
- Process video recordings and generate transcripts
- Run AI-powered analysis (persona simulation, scoring, feedback)
- Generate training reports and analytics
- Enable team management and role-based access

### 4.2 Billing and Account Management
- Process subscription payments and renewals
- Send invoices and payment receipts
- Handle refunds and disputes

### 4.3 Communications
- Send service-related notifications (e.g., training session completion, report ready)
- Respond to support inquiries
- Provide product updates and security announcements
- Send marketing communications (with consent; you may opt out anytime)

### 4.4 Improvement and Research
- Analyze aggregated, anonymized usage patterns to improve features
- Train and refine our AI models using anonymized data (no individually identifiable information)
- Develop new features and personas

### 4.5 Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations (tax, audit, court orders)
- Enforce our Terms of Service

### 4.6 Legal Bases (GDPR/EU Users)

We process personal data on the following legal bases:
- **Contract performance:** Processing necessary to deliver the Service to you
- **Legitimate interests:** Improving the Service, security, and business operations (balanced against your rights)
- **Consent:** Where you have given specific consent (e.g., marketing emails)
- **Legal obligation:** Compliance with applicable laws

---

## 5. AI and Automated Processing

The Service uses artificial intelligence to:
- Simulate journalist personas during training interviews
- Transcribe speech in real time
- Analyze content quality, delivery, and performance
- Generate scores and personalized feedback

**Important Notes:**
- AI outputs are intended as training guidance, not professional advice
- Automated decisions do not produce legal or similarly significant effects on individuals
- You may request human review of any AI-generated feedback by contacting support@spokescoach.com

---

## 6. How We Share Information

We do NOT sell personal data. We share information only as described below:

### 6.1 Service Providers
We share data with vendors that help operate the Service:

| Provider | Purpose | Data Shared |
|----------|---------|-------------|
| **Anthropic** | AI language models (interview simulation, feedback) | Transcripts, scenario context |
| **ElevenLabs** | Speech-to-text and text-to-speech | Audio recordings |
| **Stripe** | Payment processing | Billing details, payment method |
| **Supabase** | Database and authentication hosting | All Account and Customer Content |
| **Cloudflare** | Video storage and content delivery | Video files, transcripts |
| **Resend** | Transactional email delivery | Names, email addresses |
| **Sentry** | Error tracking and performance monitoring | Diagnostic data, IP addresses |

All service providers are contractually obligated to protect your data and use it only as instructed.

### 6.2 Customer Organizations
Within a Customer organization:
- **Account Owners and Trainer Admins** can access all training data for their organization
- **Trainers** can access only their assigned Spokespeople's training data
- **Viewers** have read-only access to permitted reports

### 6.3 Legal Requirements
We may disclose information when required by law, court order, or to:
- Comply with legal processes (subpoenas, warrants)
- Enforce our Terms of Service
- Protect the rights, safety, or property of SpokesCoach, our users, or the public
- Investigate fraud or security incidents

### 6.4 Business Transfers
If SpokesCoach is acquired, merged, or sells assets, personal data may be transferred to the acquiring entity. You will be notified of any change in data control.

### 6.5 With Your Consent
We may share personal data for purposes not described above with your explicit consent.

---

## 7. International Data Transfers

SpokesCoach is based in [INSERT COUNTRY]. If you access the Service from outside this country, your data will be transferred to and processed in [INSERT COUNTRY] and other countries where our service providers operate.

For transfers from the EU/EEA to countries without an adequacy decision:
- We use **EU Standard Contractual Clauses (SCCs)** to ensure adequate protection
- We conduct transfer impact assessments where required
- Specific safeguards are detailed in our **Data Processing Agreement (DPA)**

---

## 8. Data Retention

We retain personal data only as long as necessary to provide the Service or comply with legal obligations:

| Data Type | Retention Period |
|-----------|------------------|
| **Account information** | Duration of subscription + 30 days after cancellation |
| **Training video recordings** | 90 days (default), or as configured by Customer |
| **Speech transcripts** | Indefinitely (used for analytics, compliance, audit) |
| **Performance scores and reports** | Indefinitely (for progress tracking and benchmarking) |
| **Billing records** | 7 years (tax/financial compliance) |
| **Audit logs** | 2 years |
| **Communications and support tickets** | 3 years |

Customers may manually delete videos at any time via the dashboard. After expiration or manual deletion, video files are removed from our storage; transcripts and reports are retained.

You may request earlier deletion of your data by contacting privacy@spokescoach.com (subject to legal retention requirements).

---

## 9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

### 9.1 Access
Request a copy of personal data we hold about you.

### 9.2 Correction
Update or correct inaccurate personal data.

### 9.3 Deletion (Right to be Forgotten)
Request deletion of your personal data, subject to legal retention requirements.

### 9.4 Restriction
Limit how we process your data in certain circumstances.

### 9.5 Portability
Receive your personal data in a structured, machine-readable format.

### 9.6 Objection
Object to processing based on legitimate interests, including for direct marketing.

### 9.7 Withdraw Consent
Withdraw consent where processing is based on consent (does not affect prior lawful processing).

### 9.8 Automated Decision-Making
Request human review of significant decisions made solely by automated processing (currently, AI-generated feedback can be reviewed by a SpokesCoach team member upon request).

### 9.9 Complaint
Lodge a complaint with your local data protection authority. EU users may contact:
- Their national supervisory authority
- Lead authority where SpokesCoach has its main establishment

### How to Exercise Your Rights

Email: privacy@spokescoach.com
Subject: "Data Subject Request — [Your Right]"

We will respond within 30 days (or as required by law). We may need to verify your identity before fulfilling requests.

**For Spokespeople:** If you are a Spokesperson trained through a Customer organization, you may need to contact that Customer first, as they control your training data. We will support reasonable requests.

---

## 10. Security

We implement industry-standard security measures to protect personal data:

- **Encryption in transit** (TLS 1.2+) and **at rest** (AES-256)
- **Access controls** with role-based permissions
- **Regular security audits** and penetration testing
- **Vendor due diligence** on all service providers
- **Incident response plan** for data breaches
- **Employee training** on data protection
- **Backups** with encryption

Despite our efforts, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and applicable authorities within 72 hours as required by law.

---

## 11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected information from a child, contact us immediately at privacy@spokescoach.com.

---

## 12. Region-Specific Disclosures

### 12.1 European Economic Area (EEA), UK, and Switzerland (GDPR)

EU/UK/Swiss residents have the rights described in Section 9. Our legal bases for processing are described in Section 4.6.

**Data Protection Officer:** [INSERT NAME OR "Not required—small enterprise"]
**EU Representative:** [INSERT IF APPLICABLE]

### 12.2 California (CCPA/CPRA)

California residents have the rights to:
- Know what personal information is collected
- Delete personal information
- Opt out of "sale" or "sharing" of personal information (we do not sell or share)
- Limit use of sensitive personal information
- Non-discrimination for exercising rights

**Categories of Personal Information Collected (last 12 months):**
- Identifiers (name, email, IP)
- Professional information (job title, organization)
- Internet activity (usage data)
- Audio/visual data (training recordings)
- Inferences (performance assessments)

We do not sell personal information for monetary or other valuable consideration.

### 12.3 Other Jurisdictions

Residents of Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act), and other regions may have similar rights. Contact privacy@spokescoach.com to exercise these rights.

---

## 13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Review their privacy policies separately.

---

## 14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email to the address associated with your Account
- Prominent notice in the Service
- Update to the "Last Updated" date at the top

Continued use after changes take effect constitutes acceptance of the revised Policy.

---

## 15. Contact Us

For privacy-related questions, requests, or complaints:

**SpokesCoach Privacy Team**
Email: privacy@spokescoach.com
Postal: [INSERT BUSINESS ADDRESS]
Phone: [INSERT IF APPLICABLE]

For general support: support@spokescoach.com

---

**Thank you for trusting SpokesCoach with your data. We are committed to handling it responsibly and transparently.**