Privacy Policy

1. Introduction

DebriefSales ("we", "us", or "our") operates the web application at app.debriefsales.com and the marketing website at debriefsales.com (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our Service.

We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are located in the European Economic Area or United Kingdom, we also comply with applicable data protection laws including the GDPR where required.

By using the Service you consent to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information you provide directly

• Account information: First name, last name, business email address, company name, and password when you register.
• Profile information: Role, timezone, weekly call goals, and notification preferences set within the application.
• Call data: Call logs, scores, notes, context, outcomes, and any other content you enter when logging sales calls.
• Contact and company records: Names, email addresses, phone numbers, job titles, and company details for the contacts you manage within the Service.
• Billing information: Payment card details and billing address, collected and processed by our payment provider Stripe. We do not store full card numbers on our systems.
• Communications: Messages you send us via the contact form, email, or in-app support.

2.2 Information collected automatically

• Usage data: Pages visited, features used, actions taken within the application, and session duration.
• Device and browser information: Browser type, operating system, screen resolution, IP address, and device identifiers.
• Timezone: Detected automatically from your browser to localise scheduled notifications.
• Transcription data: When you use the call transcription feature, audio is sent to AssemblyAI for processing. The resulting transcript text is stored in the Service and automatically purged after 2 years.
• Cookies and similar technologies: Session cookies for authentication and analytics cookies (see Section 8).

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service;
• Create and manage your account and subscription;
• Process payments and send billing-related communications;
• Send transactional emails including email verification, password resets, weekly performance summaries, and coaching notifications;
• Send product updates, feature announcements, and tips (you may opt out at any time in Settings);
• Analyse usage patterns to improve the Service and develop new features;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations and enforce our Terms and Conditions.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

• Contract performance: Processing necessary to provide the Service you have subscribed to;
• Legitimate interests: Security, fraud prevention, and product improvement — where these interests are not overridden by your rights;
• Legal obligation: Where we are required to process data to comply with applicable law;
• Consent: For product analytics (PostHog) and optional marketing communications. You are prompted to consent to analytics on your first login and may withdraw consent at any time in Settings.

5. Information Sharing and Disclosure

We share personal information only in the following circumstances:

5.1 Within your organisation

Call records, scores, and coaching notes you create may be visible to other members of your DebriefSales workspace (your team) depending on the permissions configured by your account administrator.

5.2 Service providers

We share data with trusted third-party service providers who assist us in operating the Service, subject to confidentiality obligations:

Provider	Purpose	Data shared
Supabase	Database hosting and user authentication	All application data
Stripe	Payment processing and subscription management	Email, billing details
Resend	Transactional email delivery	Email address, name
PostHog	Product analytics and usage tracking (consent-based opt-in)	Anonymised usage events, user ID
AssemblyAI	Call transcription (speech-to-text)	Audio recordings submitted for transcription
Vercel	Application hosting and delivery	Request metadata

5.3 Legal requirements

We may disclose information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of DebriefSales, our users, or others.

5.4 Business transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our website before such a transfer occurs.

6. Data Storage and Security

Your data is stored on servers provided by Supabase, which are hosted in AWS data centres. Data may be processed in Australia or other jurisdictions where our service providers operate. We ensure that appropriate safeguards are in place for any international transfers of personal data.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit using TLS;
• Encryption of data at rest;
• Row-level security policies restricting data access by company workspace;
• Secure authentication with email verification;
• Regular access reviews and least-privilege access controls.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please notify us immediately at support@debriefsales.com if you believe your account has been compromised.

7. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service. Specifically:

• Active accounts: Data is retained for the duration of the subscription;
• After cancellation or termination: Your data is retained for 30 days during which you may export it. After this period it is deleted from our systems;
• Call transcripts and direct messages: Automatically purged after 2 years, regardless of account status;
• Audit logs: Retained for 7 years to meet SOC 2 and compliance requirements;
• Billing records: Retained for 7 years as required by Australian tax law;
• Anonymised analytics data: May be retained indefinitely in aggregate form that cannot identify individuals.

You may request earlier deletion of your data by contacting us at support@debriefsales.com, or by using the self-service account deletion option in Settings → Danger Zone.

8. Cookies and Analytics

We use cookies and similar tracking technologies for the following purposes:

• Essential cookies: Required for authentication and maintaining your session. These cannot be disabled without breaking the Service.
• Analytics (opt-in): We use PostHog to understand how users interact with the Service. PostHog data is processed on servers in the European Union. Analytics are configured to use "identified only" profile mode, meaning anonymous visitors are not persistently tracked. Analytics are off by default. On your first login you will be shown a brief prompt asking whether you consent. You can change this at any time in Settings → Preferences → Privacy. If you decline, no events are sent to PostHog and any previously collected data for your account is reset.

You can also control or disable non-essential cookies through your browser settings, though this may impact the functionality of certain features.

9. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you;
• Correction: Request correction of inaccurate or incomplete information;
• Deletion: Request deletion of your personal information, subject to legal retention requirements. You can delete your account immediately and permanently via Settings → Danger Zone within the application — no need to contact support;
• Portability: Request an export of your data in a machine-readable format. A JSON download of all your personal data is available via Settings → Preferences → Privacy → Download a copy of your data;
• Objection: Object to processing based on legitimate interests;
• Withdrawal of consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us at support@debriefsales.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are located in Australia and believe we have not handled your personal information in accordance with the Privacy Act, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Children's Privacy

The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

11. Links to Third-Party Sites

The Service may contain links to third-party websites. This Privacy Policy applies only to the DebriefSales Service. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email and by posting a notice within the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Email: support@debriefsales.com
Website: debriefsales.com/contact

We aim to respond to all enquiries within 2 business days.