Privacy Policy

Effective Date: March 2026 Last Updated: March 2026

1. Introduction

Revenant Systems LLC, doing business as SalesSavant ("SalesSavant," "we," "our," or "us"), operates an AI-powered sales coaching platform that integrates with communication platforms such as Zoom to help sales teams improve performance through automated call analysis and coaching. Revenant Systems LLC is the data controller responsible for the personal information described in this Privacy Policy.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use our services, including our website at https://www.salessavant.ai and our application (collectively, the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• First and last name
• Organization name
• Role within your organization

2.2 Communication Platform Data

When you connect a communication platform (such as Zoom), we access the following through the provider's API with your explicit authorization:

Meeting Metadata:

• Meeting ID, topic/title, and scheduled time
• Start time, end time, and duration
• Host information

Participant Data:

• Participant names and email addresses (when available)
• Join and leave timestamps
• Participant role (host vs. attendee)

Recording & Transcript Data:

• Cloud recording files (audio/video)
• Meeting transcripts
• Recording metadata (file type, size, duration)

We only request the minimum API scopes necessary to provide our Service. All integration scopes are read-only; we do not modify, create, or delete any data in your connected accounts.

2.3 Billing Information

We collect billing-related information through our payment processor, Stripe:

• Subscription plan and status
• Seat count and usage
• Payment method details are handled directly by Stripe and never stored on our servers

2.4 Usage Data

We automatically collect:

• Browser type and version
• Pages visited and features used
• Device information and screen resolution
• IP address (for security and rate limiting)

2.5 Technical Logs and Monitoring

To maintain service reliability, we use monitoring tools that may collect:

• Error context and stack traces (Sentry) — PII is redacted before storage
• Product usage events such as feature interactions and click paths (PostHog)
• Web performance metrics (page load times, connection quality)

These tools may capture IP addresses and device information as part of their standard operation.

2.6 Cookies

We use:

• Essential cookies for authentication and session management (via Clerk). These are required for the Service to function and cannot be disabled.
• Product analytics cookies for feature usage and improvement (PostHog)

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core Service functionality. For more details, see our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including analyzing call recordings and generating coaching insights
• Process payments and manage subscriptions
• Send transactional communications such as account updates and coaching reports
• Monitor and improve Service performance, reliability, and security
• Detect and prevent security threats, fraud, and abuse
• Comply with legal obligations

We do not use your information to:

• Sell personal data to third parties
• Share data with advertisers or data brokers
• Profile you for purposes unrelated to the Service

4. AI Data Processing

This section describes how we use artificial intelligence to provide our Service. We understand that organizations are sensitive about how their data interacts with AI systems.

4.1 How AI Is Used

Call transcripts are sent to third-party AI providers (currently OpenAI) via their API for analysis. This processing generates:

• Call summaries and key discussion points
• Sales methodology alignment scores
• Coaching recommendations and action items
• Performance metrics and trend analysis

4.2 No Training on Your Data

Your content is never used to train or improve AI models. Specifically:

• Call recordings, transcripts, and analysis results are not used to train, fine-tune, or improve any base language models — ours or any third party's
• Our AI providers are contractually prohibited from using API-submitted data for model training (per OpenAI's business API data usage policy)

4.3 What Is Sent vs. What Is Stored

• Sent to AI providers: Text transcripts only. We do not send audio or video files to AI providers.
• Stored by AI providers: AI providers do not retain data submitted via their API beyond the immediate request processing window. No customer data is stored by AI providers on an ongoing basis.
• Stored by SalesSavant: AI-generated analysis results (summaries, scores, coaching insights) are stored in our database and subject to our retention policy (Section 7).

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with service providers that help us operate the Service. Each maintains SOC 2 Type II certification or equivalent:

5.2 Data We Never Share

• Call recordings and transcripts are never shared beyond what is described in this policy
• Personal data is never sold to any party
• Data is never shared with advertisers or data brokers

5.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email or prominent notice within the Service before your data becomes subject to a different privacy policy.

5.5 Human Access to Data

Authorized SalesSavant personnel may access customer data, including call transcripts, in limited circumstances:

• To provide customer support at your request
• To investigate and resolve technical issues or bugs
• To ensure Service quality and integrity

Access is logged, limited to the minimum data necessary, and subject to confidentiality obligations.

6. Data Storage and Security

6.1 Where We Store Data

All application data is hosted in the United States via our infrastructure providers (Supabase, Vercel). See Section 10 for information about international data transfers.

6.2 Encryption

• At rest: All data encrypted using AES-256. Integration credentials receive additional application-level encryption with dedicated key management.
• In transit: TLS 1.2 or higher for all communications. HSTS enforced. All HTTP requests automatically upgraded to HTTPS.

6.3 Access Controls

• Role-based access control (RBAC) restricts data access to authorized users
• Users can only access data for their assigned teams
• Multi-factor authentication available for all accounts
• Administrative actions logged to audit trail
• Customer data logically separated by organization with no cross-tenant access

6.4 Compliance Standards

We align our security practices with industry standards including SOC 2 controls and OWASP guidelines. All critical third-party providers maintain SOC 2 Type II certification or equivalent (see Section 5.1).

7. Data Retention and Deletion

7.1 Active Accounts

7.2 After Account Closure

7.3 Automatic Cleanup

• Expired integration tokens: Deleted immediately upon expiration
• Failed webhook payloads: Deleted after 7 days
• Temporary processing files: Deleted within 24 hours

8. Your Rights and Choices

8.1 General Rights

All users can:

• Access all stored recordings and analysis within the application
• Export data in standard formats (JSON, CSV) or request a copy of all personal data we hold
• Delete individual recordings (permanently removes recording, transcript, and associated analysis)
• Delete your account — all personal data deleted within 30 days
• Disconnect integrations at any time (tokens revoked immediately, data retained per retention policy unless deletion requested)
• Opt out of non-essential communications via unsubscribe links
• Manage cookie and notification preferences

Organization administrators can delete the entire organization and all associated data.

8.2 European Economic Area (GDPR)

If you are located in the EEA, you have the following additional rights under the General Data Protection Regulation:

• Right to rectification — request correction of inaccurate personal data
• Right to object — object to processing based on legitimate interests
• Right to restrict processing — request limited processing in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@salessavant.ai.

8.3 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of sale — we do not sell personal information, so this right is satisfied by default
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@salessavant.ai.

9. Data Processing Roles (B2B Customers)

9.1 Controller and Processor

When SalesSavant provides its Service to business customers:

• Your organization (the customer) is the Data Controller — you determine the purposes and means of processing your team's data
• SalesSavant is the Data Processor — we process data on your behalf to provide the Service

9.2 Data Processing Agreement

Business customers may request a Data Processing Agreement (DPA) that governs our processing of personal data on your behalf. To request a DPA, contact us at privacy@salessavant.ai.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) where required under GDPR
• Reliance on service providers with adequate data protection certifications
• Encryption of all data in transit and at rest

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

• Email notification to account administrators
• In-app notification
• Updated "Last Updated" date on this page

We encourage you to review this policy regularly.

13. Contact Us

For privacy inquiries, data requests, or concerns:

• Data Controller: Revenant Systems LLC (d/b/a SalesSavant)
• Email: privacy@salessavant.ai
• Website: https://www.salessavant.ai/contact

We will respond to all privacy-related requests within 30 days.

Document Version: 3.0 Last Updated: March 2026