Privacy Policy

1. Introduction

Zursum ("we," "our," or "us") is an AI-powered platform for practicing difficult conversations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using Zursum, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, and profile picture when you create an account (via Google, GitHub, or email)
Payment Information: Billing details processed securely through Stripe. We do not store your full credit card number.
Conversation Data: The context you provide for roleplay scenarios (e.g., situation description, relationship details)
Voice Recordings: Audio from your practice conversations with our AI
Feedback Submissions: Text you submit to our Feedback Improver tool

2.2 Information Collected Automatically

Device and browser information (type, version, operating system)
IP address and approximate geographic location
Usage data (pages visited, features used, time spent)
Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process your voice conversations and generate AI feedback
Analyze your communication patterns to provide personalized insights
Process transactions and manage your subscription
Send you technical notices, updates, and support messages
Respond to your comments, questions, and support requests
Monitor and analyze trends, usage, and activities
Detect, investigate, and prevent fraudulent transactions and abuse

4. AI & Voice Data Processing

This is important. We understand that the conversations you practice may be sensitive. Here's exactly how your data is processed:

4.1 Voice Conversations (Retell AI)

Your voice conversations are processed by Retell AI, our voice AI provider:

Certifications: Retell AI is SOC 2 Type II certified, HIPAA compliant, and GDPR compliant. See Retell AI Compliance
Audio Storage: By default, audio recordings are deleted after processing. You can choose to save recordings for your own review.
Transcripts: Conversation transcripts are generated and stored for your feedback reports
PII Redaction: Retell AI offers automatic PII (Personally Identifiable Information) redaction

4.2 AI Analysis (Anthropic Claude)

Your conversation transcripts and text submissions are analyzed using Anthropic's Claude AI:

No Training on Your Data: Anthropic does NOT use API data to train their AI models. This is their default policy - we did not need to opt out. See Anthropic Commercial Terms
30-Day Retention: Anthropic retains API data for 30 days for trust and safety purposes, then permanently deletes it. Zero data retention agreements are available for enterprise. See Anthropic Data Retention Policy
Purpose: Your data is used only to generate feedback on your communication skills

4.3 What We Do NOT Do

We do NOT sell your conversation data to third parties
We do NOT use your data to train AI models
We do NOT share individual conversation content with managers or administrators
We do NOT use your personal stories or scenarios for marketing without explicit consent

5. Data Sharing

We share your information only in the following circumstances:

5.1 Service Providers (Subprocessors)

We work with third-party service providers who process data on our behalf. See our Trust Center for a complete list. Key providers include:

Anthropic: AI analysis and feedback generation (SOC 2, ISO 27001)
Retell AI: Voice conversation processing (SOC 2 Type II, HIPAA, GDPR)
Stripe: Payment processing (PCI DSS Level 1)
Vercel: Application hosting (SOC 2)
Neon: Database hosting (SOC 2)

5.2 Business/Team Accounts

For business accounts, organization administrators may have access to aggregated usage metrics (e.g., number of sessions completed, skills practiced), but never to individual conversation content, transcripts, or personal scenarios.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Zursum, our users, or others.

5.4 Business Transfers

If Zursum is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in Transit: All data transmitted using TLS 1.3
Encryption at Rest: Database encryption via our cloud providers
Access Controls: Role-based access control and OAuth 2.0 authentication
Audit Logging: Security-relevant events are logged for compliance
Rate Limiting: Protection against abuse on all API endpoints
Regular Security Reviews: Ongoing assessment and monitoring

7. Data Retention

Account Data: Retained while your account is active, deleted within 30 days of account deletion
Conversation Transcripts: Retained according to your organization's retention policy (default: 90 days for detailed data, summaries retained longer)
Audio Recordings: Deleted immediately after processing unless you choose to save them
Billing Records: Retained as required by tax and legal obligations

Enterprise customers can configure custom data retention policies to meet their compliance requirements.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Portability: Export your data in a machine-readable format (JSON)
Objection: Object to certain types of processing
Restriction: Request restriction of processing in certain circumstances
Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, visit Settings → Data & Privacy in your dashboard, or contact us at privacy@zursum.com.

9. GDPR (European Economic Area)

If you are in the EEA, we process your personal data under the following legal bases:

Contract: Processing necessary to provide the Service
Legitimate Interest: Analytics, security, fraud prevention
Consent: Marketing communications, cookies for analytics/marketing
Legal Obligation: Compliance with applicable laws

For data transfers outside the EEA, we rely on Standard Contractual Clauses and adequacy decisions where applicable.

10. CCPA (California)

If you are a California resident, you have additional rights under the CCPA:

Right to know what personal information we collect and how we use it
Right to delete your personal information
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your privacy rights

11. Cookies and Tracking

We use cookies and similar technologies to provide and improve the Service. See our cookie consent banner for options to manage your preferences. Categories include:

Necessary: Required for the site to function (always on)
Analytics: Help us understand how you use the site
Marketing: Used for advertising across platforms

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately.

13. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses for EEA data subjects.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email. The "Last updated" date at the top indicates when the policy was last revised.

15. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: privacy@zursum.com
Security Issues: security@zursum.com
General Inquiries: contacto@zursum.com