Privacy Policy

1. Who this applies to

EveryRep AI is typically provided to organizations (our customers). If your employer or another organization invited you to use the service, that organization is often the primary controller of business-related data, and we process data on their instructions. This policy explains our practices as operator of the EveryRep AI product and infrastructure.

2. Information we collect

• Account and authentication. When you sign in with Google (or another identity provider we support), we receive identifiers and profile details that the provider shares with our app according to your consent and the provider’s settings—commonly including your email address, name, and profile image URL. We use Google Firebase Authentication to perform sign-in.
• Application and session data. We may create a session or audit record associated with your account to operate the service securely.
• Service usage content. Depending on how your organization configured EveryRep AI, the service may process call-related materials such as recordings, transcripts, metadata, and generated coaching or analytics outputs. The categories depend on enabled integrations (for example HubSpot, meeting platforms, or recording partners) and your organization’s settings.
• Technical data. Standard logs and security telemetry (for example IP address, device/browser type, timestamps) may be collected automatically when you use the hosted application.

3. How we use information

• To authenticate you and authorize access to the correct workspace.
• To provide, maintain, secure, and improve the EveryRep AI service.
• To generate product features your organization has enabled (such as call classification or coaching insights).
• To comply with law, enforce our terms, and protect rights, safety, and security.

We do not use Google user data obtained through Google OAuth scopes to serve ads, and we do not sell that data. Access is limited to what is needed to provide the service.

4. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on appropriate bases such as: performance of a contract, legitimate interests (for example securing and improving the service, balanced against your rights), consent where required, and legal obligation where applicable.

5. Sharing and subprocessors

We use trusted infrastructure and AI providers to host and process data. A non-exhaustive list of subprocessors and their roles is published on our Subprocessors page. We may also share information if required by law or with professional advisers bound by confidentiality.

6. International transfers

Your information may be processed in the European Economic Area and in other countries where our subprocessors operate. Where personal data is transferred from the EEA/UK to countries not deemed adequate, we use appropriate safeguards such as the EU Standard Contractual Clauses where required.

7. Retention

We retain information for as long as needed to provide the service, comply with law, resolve disputes, and enforce agreements. Retention of call-related content may be governed by your organization’s configuration (for example anonymization or deletion settings).

8. Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure.

9. Your rights

Depending on your location, you may have rights to access, rectify, delete, restrict, or object to certain processing, and to data portability. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact your organization’s administrator or reach us using the contact details below. We will respond in line with applicable law.

10. Changes

We may update this policy from time to time. We will post the updated version on this page and revise the “Last updated” date.

11. Contact

Questions about this policy or our privacy practices: privacy@everyrep.ai.