← Back to home

Privacy Policy

Last updated: April 22, 2026

Plain English summary: We collect what we need to run the product (your login, the scenarios you practice, transcripts, ratings). We don't sell your data. We don't train AI models on your data. Your team's practice transcripts are only visible to your team.

1. Who we are

RepGym ("we", "our", "us") is a sales training platform operated by Copayee Inc. We can be reached at [email protected].

2. Information we collect

Account information

  • Email address, name, and password hash
  • Company name and billing information (for paid plans)
  • Your company's branding (logo, colors) if you provide it

Usage data

  • Practice session transcripts (your role-play conversations)
  • Session ratings and AI-generated feedback
  • Badges earned, progress metrics, streaks
  • Log data (IP address, browser type, timestamps)

Voice data

When you use voice role-play, your speech is processed in real-time to generate transcripts. We store the text transcript of your sessions but do not store raw audio recordings.

3. How we use your information

  • To provide the service (run role-play sessions, generate feedback, track progress)
  • To let your manager/coach review your practice and coach you
  • To bill you and process payments (paid plans)
  • To send you transactional emails (password resets, account notifications)
  • To improve the product (aggregate, anonymized usage patterns)
  • To comply with legal obligations

4. What we DON'T do

  • We do not sell your personal information to anyone, ever.
  • We do not use your session transcripts to train AI models.
  • We do not share your data with other RepGym customers.
  • We do not read your transcripts unless you explicitly ask for support.

5. Third-party services we use

We use these third-party services to deliver the product. Each has their own privacy policy:

  • Anthropic — AI conversation generation and feedback. Your transcripts are sent to Anthropic for processing but are not retained for training per their privacy policy.
  • ElevenLabs — Voice synthesis for the AI persona.
  • Resend — Transactional email delivery.
  • Google reCAPTCHA — Bot protection on login forms.
  • Cloudflare — DNS, CDN, and file storage (R2).
  • Railway — Application hosting.
  • Stripe (planned) — Payment processing.

6. Data retention

  • Active accounts: We keep your data as long as your account is active.
  • Cancelled accounts: Data is retained for 30 days, then permanently deleted (except where legally required to retain longer).
  • Transcripts: You can request deletion of specific sessions at any time.
  • Backups: Backups are retained for 30 days on a rolling basis.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time

To exercise any of these rights, email [email protected]. We'll respond within 30 days.

8. Security

We protect your data with industry-standard security:

  • HTTPS everywhere (TLS 1.2+)
  • Passwords hashed with bcrypt
  • Database encryption at rest
  • Per-company data isolation (multi-tenant)
  • Rate limiting and bot protection

No system is perfectly secure. If a breach affects your data, we'll notify you within 72 hours.

9. Children's privacy

RepGym is a B2B product for sales teams. We do not knowingly collect data from anyone under 18.

10. International users

Our servers are based in the United States. If you access RepGym from outside the US, your data will be transferred to and processed in the US. By using RepGym, you consent to this transfer.

11. Changes to this policy

We'll update this page when our practices change. Material changes will be announced via email to account owners at least 30 days before they take effect.

12. Contact

Questions about this policy? Email [email protected].

This privacy policy is provided as a good-faith template based on common SaaS practices. It is not legal advice. Customers with specific regulatory obligations (GDPR, CCPA, HIPAA, etc.) should consult their own counsel.