Privacy Policy

Klozr, Inc. ("Klozr," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect through our AI-powered sales training platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. This policy should be read in conjunction with our Terms of Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, company name, job title, and organizational role. For team plans, account administrators may provide information about team members.

1.2 Business Profile Data

During onboarding and through settings, you may provide company context including your products, sales methodology, competitors, common objections, deal size, sales cycle, and buyer titles. This data is used to personalize your AI training experience.

1.3 Voice and Audio Data

When you use voice mode, we capture audio from your microphone during active roleplay sessions. This audio is streamed in real-time to our speech processing provider (Deepgram) for speech-to-text conversion. Audio is processed transiently and is not permanently stored by Deepgram. The resulting text transcripts are stored as part of your session data.

1.4 Session and Conversation Data

We collect and store the content of your roleplay sessions, including text transcripts, AI persona responses, conversation state data, AI-generated scores, coaching feedback, per-turn annotations, and performance analytics.

1.5 Usage Data

We automatically collect information about how you use the Service, including session duration, features used, practice hours consumed, pages visited, and interaction patterns. This data helps us improve the Service and provide analytics features.

1.6 Payment Information

Payment information (credit card numbers, billing addresses) is collected and processed directly by our payment processor, Stripe. We do not store your full payment card details on our servers. We receive and store limited billing information from Stripe, such as the last four digits of your card, card type, and billing history.

1.7 Device and Technical Data

We collect browser type, operating system, IP address, device identifiers, and other technical data through standard web technologies and error monitoring tools.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service, including AI roleplay, scoring, and coaching features
• Personalize your training experience using your business profile and session history
• Process your conversations through AI models to generate persona responses, scores, and coaching feedback
• Process payments and manage your subscription
• Provide analytics, progress tracking, and team performance dashboards
• Send you service-related communications, including billing notices, security alerts, and product updates
• Monitor and prevent abuse, fraud, and violations of our Terms of Service
• Diagnose technical problems and improve platform reliability
• Comply with legal obligations and respond to lawful requests

3. AI Processing Disclosure

Our Service uses artificial intelligence to power roleplay conversations, generate coaching feedback, and score performance. You should be aware of the following:

3.1 Conversation Processing

Your roleplay conversation text is sent to Anthropic's Claude API for processing. This includes your messages, the conversation context (persona details, scenario setup, business profile), and conversation state. Anthropic processes this data to generate AI persona responses in real-time.

3.2 Scoring and Coaching

After each session, your complete conversation transcript is sent to Anthropic's Claude API for analysis. The AI evaluates your performance across multiple categories and generates coaching feedback, scores, and per-turn annotations.

3.3 Voice Processing

When using voice mode, your spoken audio is streamed to Deepgram for real-time speech-to-text conversion. AI-generated text responses are converted to speech by Deepgram's text-to-speech service. Deepgram processes audio data transiently and does not retain it after processing.

3.4 AI Training

We do not use your conversation data to train or fine-tune AI models. Your data is used solely for providing the Service to you. Our AI providers (Anthropic, Deepgram) process your data under their respective data processing agreements and do not use API customer data for model training.

4. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data. We share data only with the following categories of service providers who process data on our behalf:

We may also share data when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

5. Data Retention

We retain different types of data for different periods:

• Account data: Retained while your account is active and for 30 days after deletion request
• Session transcripts and scores: Retained while your account is active to support analytics and learning progress
• Voice audio: Processed transiently in real-time; not permanently stored
• Usage analytics: Retained for up to 24 months in aggregated form
• Billing records: Retained for 7 years as required for tax and legal compliance
• Error logs: Retained for up to 90 days

6. Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest for all stored data
• PostgreSQL Row Level Security (RLS) ensuring strict multi-tenant data isolation per organization
• Role-based access control (RBAC) with granular permissions
• Secure authentication via Clerk with support for SSO/SCIM on enterprise plans
• Regular security assessments and vulnerability monitoring
• Payment data processed exclusively by PCI DSS-compliant Stripe

While we strive to protect your data, no method of transmission or storage is 100% secure. If you become aware of a security issue, please contact us immediately at security@klozr.co.

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will: (a) notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR; (b) notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms; and (c) document all breaches and remediation steps in our internal records.

Notification will include: the nature of the breach, the categories and approximate number of individuals affected, likely consequences, and the measures taken or proposed to address the breach.

8. Your Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances
• Right to Object: Object to our processing of your personal data for certain purposes
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), compliance with legal obligations, and consent (where applicable, such as voice recording).

8.2 Automated Decision-Making

Our Service uses AI to generate performance scores, coaching feedback, and per-turn annotations. These constitute automated processing with profile-building elements. You have the right under GDPR Article 22 not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We note that: (a) our AI scoring is designed as a training and development tool, not as the basis for employment, compensation, or disciplinary decisions; and (b) all scores include human-reviewable context and coaching notes. If your organization uses Klozr scores as input to employment decisions, your employer (as data controller) is responsible for ensuring appropriate human oversight. You may request human review of any AI-generated assessment by contacting us.

8.3 UK GDPR

If you are located in the United Kingdom, you have equivalent rights under the UK General Data Protection Regulation (UK GDPR). References to GDPR in this policy apply equally to the UK GDPR. For UK-specific data transfers, we rely on the UK International Data Transfer Agreement or the UK Addendum to EU Standard Contractual Clauses, as appropriate.

To exercise any of these rights, contact us at legal@klozr.co. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office).

9. Your Rights Under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Voice recordings may constitute sensitive personal information under CPRA. We use voice data only for the purposes disclosed in this policy (providing the Service). You may limit its use by switching to text-only mode.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at legal@klozr.co. We will verify your identity and respond within 45 days.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us at legal@klozr.co and we will promptly delete such information.

11. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional cookies: Remember your preferences, such as role selection and display settings.
• Analytics cookies: Help us understand how you use the Service so we can improve it. We use privacy-respecting analytics tools.

We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

Do Not Track: Our Service currently does not respond to "Do Not Track" (DNT) browser signals, as there is no industry-standard protocol for DNT. However, we do not engage in cross-site tracking regardless of your DNT setting.

12. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. If you are located outside the United States, your data will be transferred to and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate safeguards to ensure your data receives adequate protection. Our data processing agreements with third-party providers include appropriate transfer mechanisms.

13. Data Processing for Teams and Organizations

For team and enterprise plans, the organization that purchased the plan is the data controller for its members' usage data. Klozr acts as a data processor on behalf of the organization. The organization's administrator controls user access, permissions, and can request data exports or deletion for their organization.

If you are a member of an organization using Klozr, your organization's administrator may have access to your session data, scores, and performance analytics as part of the team management features.

14. Data Protection Officer and EU Representative

As a growing company, we have not yet appointed a formal Data Protection Officer (DPO). Privacy inquiries are handled by our legal team at legal@klozr.co. We will appoint a DPO and/or an EU representative under GDPR Article 27 if and when our data processing activities require it under applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or through the Service.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, please contact us: