Privacy Policy

1. Introduction

RepArena Limited ("RepArena", "we", "us", "our") is committed to protecting the personal data of our users and their team members. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have in relation to it.

This policy applies to all users of the RepArena platform and website at b2b.reparena.ai. It should be read alongside our Terms of Service.

RepArena is a business-to-business service. If you are using RepArena on behalf of an organisation, your organisation is the primary customer, and we process personal data on their behalf as necessary to deliver the Service.

2. Data Controller

The data controller for the purposes of this policy is:

Rep Arena Limited (company number 16663384) Email: team[at]reparena.ai Website: b2b.reparena.ai

If you have any questions about how we handle your data, or wish to exercise any of your rights, please contact us at team[at]reparena.ai.

3. What Data We Collect

We collect and process the following categories of personal data:

Account and contact information

• Name, email address, and job title provided during registration.
• Billing contact details (handled by our payment processor, Stripe).
• Workspace and organisation details.

Call and transcript data

• Audio transcripts of sales calls ingested via connected third-party integrations (such as Zoom, Fathom, and Fireflies).
• Participant names, email addresses, and identifying information included within transcripts or recording metadata.
• Meeting metadata including date, duration, and participants.

Usage and activity data

• Feature usage, session activity, and interaction logs within the platform.
• Device and browser information collected automatically when you access the Service.
• IP addresses.

Communication data

• Emails and messages you send to our support team.
• Responses to surveys or feedback requests.

Analytics data

• Aggregated and pseudonymous product usage data collected via PostHog to help us improve the Service.

4. How We Collect Your Data

We collect data in the following ways:

Directly from you

When you register, configure your account, connect integrations, or contact us.

Via third-party integrations

When you connect platforms such as Zoom, Fathom, Fireflies, Slack, Google, Calendly, or Airtable, we receive data from those platforms in accordance with the permissions you grant and their respective privacy policies.

Automatically

When you use our platform, we automatically collect usage data, analytics, and technical information through cookies and similar technologies (see Section 9).

From third parties

We may receive limited information from email verification services (NeverBounce) and bot protection services (Google reCAPTCHA) to protect the integrity of our platform.

5. How We Use Your Data

We use your personal data for the following purposes:

Service delivery

To provide, operate, and maintain the RepArena platform, including processing call transcripts, generating coaching insights, and displaying performance analytics.

AI processing

Call transcript content is processed by AI/LLM providers (OpenAI and xAI) to generate coaching insights and performance analysis. This processing is carried out under strict data processing agreements. Your data is not used to train shared AI models without your explicit consent.

Account management

To manage your account, process payments via Stripe, and communicate with you about your subscription.

Product improvement

To analyse aggregated usage patterns and improve the features and performance of the Service.

Communications

To send transactional emails (such as account notifications and receipts) and, where you have opted in, product updates and marketing communications via Loops.

Security and compliance

To detect and prevent fraud, abuse, and unauthorised access, and to comply with our legal obligations.

6. Legal Basis for Processing

We process your personal data on the following legal bases:

Contractual necessity

Processing required to perform our contract with you, including providing the Service, managing your account, and processing payments.

Legitimate interests

Processing carried out for our legitimate business interests, including product analytics, security monitoring, and service improvement, where these interests are not overridden by your rights.

Legal obligation

Processing required to comply with applicable laws, such as financial record-keeping obligations.

Consent

Where we send optional marketing communications, we rely on your consent, which you may withdraw at any time.

7. Third-Party Subprocessors

We share your data with the following third-party service providers who process data on our behalf:

Infrastructure and hosting

• Vercel — application hosting
• Amazon Web Services (AWS) — database hosting (RDS, US region), file storage (S3), and content delivery (CloudFront)

Payments

• Stripe — payment processing and subscription management

AI and machine learning

• OpenAI — AI/LLM processing for coaching insights
• xAI — AI/LLM processing for coaching insights

Communications

• Loops — marketing email platform
• Amazon SES — account notifications and transactional emails

Analytics and security

• PostHog — product analytics
• NeverBounce — email address verification
• Google reCAPTCHA — bot protection

User-connected integrations

The following platforms are connected at your direction, and data is shared with them only as necessary to operate the integrations you enable:

• Zoom, Fathom, Fireflies, Slack, Google, Calendly, Airtable

All subprocessors are contractually required to handle your data securely and only for the purposes we specify.

8. Data Retention

We retain your personal data for the lifetime of your account. When your account is closed:

• Your data will be deleted within 30 days of closure.
• We may retain certain records for longer periods where required by law (for example, financial transaction records).
• Anonymised or aggregated data that cannot be linked to you may be retained indefinitely for analytical purposes.

You may request deletion of your data at any time by contacting team[at]reparena.ai.

9. Cookies and Analytics

We use cookies and similar technologies on our platform. We use:

Analytics cookies

PostHog is used to collect anonymised product usage data to help us understand how the platform is used and improve our features. This data is pseudonymous and does not identify individual users to third parties.

Essential cookies

We use cookies that are strictly necessary for the operation of the platform, such as session management and security tokens.

We do not use advertising or third-party tracking cookies. We do not sell your data to any third party. We do not share your data with advertising networks.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the platform.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure:

• Our database is hosted on AWS RDS (US region) with AES-256 encryption at rest.
• All data in transit is encrypted using TLS.
• Application access controls restrict data access to authorised personnel.
• Access tokens for third-party integrations are stored securely and not exposed in application responses by default.
• Our application is hosted on Vercel, which maintains its own security certifications and controls.

No method of transmission or storage is completely secure. If you become aware of a security incident relating to your account, please notify us immediately at team[at]reparena.ai.

11. Your Rights

You have the following rights in relation to your personal data:

Access

You may request a copy of the personal data we hold about you.

Correction

You may request that we correct inaccurate or incomplete data.

Deletion

You may request that we delete your personal data, subject to any legal retention obligations.

Restriction

You may request that we restrict the processing of your data in certain circumstances.

Objection

You may object to processing carried out on the basis of our legitimate interests.

Withdrawal of consent

Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at team[at]reparena.ai. We will respond within 30 days.

12. International Data Transfers

Our database and file storage are hosted on AWS infrastructure in the United States. By using the Service, you acknowledge that your data may be transferred to and processed in the United States. We ensure that such transfers are subject to appropriate contractual safeguards.

13. Links to Third-Party Sites

Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you connect to RepArena.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you by email or by a prominent notice within the platform at least 14 days before the changes take effect. The date at the top of this policy reflects when it was last updated.

Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

15. Platform-Specific Data Disclosures

Google

When you connect your Google account to RepArena, we request the following OAuth scopes: openid, email, and https://www.googleapis.com/auth/spreadsheets. We access your Google profile information (name, email address, and user ID) via OpenID Connect to identify the connected account. We access Google Sheets metadata (sheet names and column headers) solely to let you configure which spreadsheet and sheet to export data to. Google Sheets is used as a write-only destination for user-configured automations — we do not read, analyse, or store the contents of your spreadsheets.

• Google user data is used only to provide and improve RepArena's core functionality.
• We do not sell Google user data to any third party.
• We do not use Google user data for advertising, ad targeting, or ad personalisation.
• We do not use Google user data for credit assessment, lending, or any purpose unrelated to RepArena.
• We do not transfer Google user data to any third party except as necessary to provide RepArena's core functionality (i.e., writing to Google Sheets on your behalf) or as required by law.
• Google user data is not sent to AI/LLM providers. The transcripts processed by OpenAI and xAI originate from Fathom, Fireflies, and Zoom — not from Google services.

RepArena's use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Zoom

When you connect your Zoom account to RepArena via OAuth, we access the following data from the Zoom API: your user profile (email address) to identify the connected account; cloud recordings (meeting topic, start time, duration, and recording files); audio transcripts (speaker-attributed text segments with timestamps); meeting participants (name, email address, join/leave times, and duration); and, when connected at team scope, team members (name, email address, and status). We also receive Zoom webhook notifications when new transcripts are available and when the app is deauthorized.

Zoom transcripts are the primary input to RepArena's coaching analysis. They are processed by AI providers — OpenAI for vector embeddings and semantic search, and xAI for coaching evaluation against playbook criteria — to generate performance insights, phase evaluations, objection analysis, and prospect intelligence. Meeting metadata is stored to associate transcripts with the correct sessions and participants.

• Zoom user data is used only to provide and improve RepArena's core functionality.
• We do not sell Zoom user data to any third party.
• We do not use Zoom user data for advertising, ad targeting, or ad personalisation.
• Transfers to AI subprocessors (OpenAI, xAI) are governed by data processing agreements and are solely for providing the service — not for training general-purpose AI models.
• When a user deauthorizes RepArena from their Zoom account, we remove the integration and associated credentials.

Zoom-sourced session data (transcripts, metadata, and participant information) is retained for the lifetime of the account and deleted within 30 days of account closure, consistent with Section 8 of this policy.

16. Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at:

Rep Arena Limited (company number 16663384) Email: team[at]reparena.ai Website: b2b.reparena.ai