Skip to main content
repfactor
Back to home

Privacy Policy

Last updated: March 2026

1. Introduction

Intellibricks Inc. ("Company," "we," "us") operates repfactor, an AI-powered conversation intelligence platform for sales teams. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

For account and usage data, we act as data controller. For Customer Data you upload or sync (recordings, transcripts, CRM records, files), we act as data processor on your behalf. Enterprise customers requiring a Data Processing Agreement (DPA) may request one at support@repfactor.ai.

The Service is designed for business use. By using it, you agree to our Terms of Service and this Privacy Policy.

2. Information We Collect

  • Account Information: Name, work email, company name, and password when you register or invite teammates.
  • Usage and Technical Data: IP address, browser type, device information, session identifiers, feature interaction logs, and error reports collected automatically.
  • Customer Data: Call recordings, audio files, transcripts, CRM records (deals, contacts, notes), meeting notes, and documents synced from connected cloud storage or file services.
  • Integration Credentials: OAuth tokens and access credentials for third-party services you connect. Stored securely and used solely to retrieve data on your behalf.
  • Billing Information: Payment details are processed and stored by our third-party payment processor. We receive only non-sensitive metadata such as the last four digits, billing period, and plan type.
  • Derived Data: AI-generated summaries, coaching insights, scorecard assessments, and semantic search indexes derived from your Customer Data. These belong to your organization.

3. Legal Basis for Processing (GDPR)

For users in the EEA, UK, and Switzerland, we process personal data on the following bases:

  • Contract Performance: Providing the subscription service, transcription, AI analysis, and integrations.
  • Legitimate Interests: Security monitoring, fraud prevention, product analytics, and service improvement, where our interests do not override your rights.
  • Legal Obligation: Compliance with applicable law and responding to lawful government requests.
  • Consent: Where specifically requested, such as optional marketing communications.

4. How We Use Your Information

  • Provide, maintain, and improve the repfactor platform and its features.
  • Transcribe call recordings and generate AI coaching insights, summaries, and recommendations using third-party AI and speech-to-text services.
  • Extract text from documents and generate search indexes for contextual AI responses.
  • Process payments and manage subscriptions via our payment processor.
  • Authenticate users and manage sessions.
  • Send service-related transactional emails and optional digest notifications.
  • Redact personally identifiable information from transcripts when the PII Redaction feature is enabled by your organization's admin.
  • Aggregate usage data for product improvement (internal analytics only; not sold or shared with advertisers).
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

AI Training: We do not use your Customer Data (recordings, transcripts, documents, or derived content) to train AI or machine learning models for purposes unrelated to providing the Service to your organization. Our third-party AI providers operate under contractual terms that prohibit training on your content.

5. Data Storage and Security

Your data is stored using managed cloud infrastructure with the following safeguards:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+).
  • Logical data isolation ensuring each organization's data is separated.
  • Access controls restricting internal access to authorized personnel only.
  • Rate limiting on sensitive API endpoints.
  • Cryptographic verification of third-party webhook payloads.

No system is completely secure. In the event of a data breach likely to impact your rights, we will notify affected users and relevant authorities as required by law (typically within 72 hours for GDPR).

6. Service Providers

We do not sell your personal information. We share data only with service providers bound by data protection obligations. Our service providers fall into these categories:

  • Cloud Infrastructure: Database hosting, authentication, and file storage.
  • Application Hosting: Deployment and runtime services.
  • Payment Processing: Subscription billing and payment handling.
  • Speech-to-Text: Audio transcription services.
  • AI Processing: AI analysis, coaching insights, and content generation.
  • Search & Embeddings: Semantic search and text analysis.
  • Email Delivery: Transactional and notification emails.
  • Background Processing: Durable job execution for file and data processing.

A detailed list of named sub-processors is available upon request or as part of a Data Processing Agreement. Contact support@repfactor.ai.

We may also share information: (a) with integrations you explicitly authorize (subject to their privacy policies); (b) when required by law, valid court order, or to protect rights and safety; (c) in connection with a merger, acquisition, or asset sale, with advance notice where practicable.

7. Data Retention and Deletion

  • Active Accounts: Data is retained for the lifetime of your account.
  • Free Plan Inactivity: Call and insight data may be archived after 30 days of inactivity.
  • Account Deletion: Request via Settings or contact us. Personal data is deleted within 30 days of a verified request, subject to legal retention requirements.
  • Workspace Deletion: An admin may permanently delete the workspace, which removes all associated data (recordings, transcripts, insights, member records) via cascading deletion. This is irreversible. Data export is available in Settings before deletion.
  • Backups: Deleted data may persist in encrypted backups for up to 30 days before permanent removal.

8. International Data Transfers

Our services are primarily hosted in the United States. If you are in the EEA, UK, Switzerland, Canada, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in the US. We rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • UK International Data Transfer Agreements (IDTAs) where applicable.
  • Contractual commitments with each service provider regarding data protection.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data in certain circumstances (GDPR Article 17).
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format via Settings.
  • Object: Object to processing based on legitimate interests.
  • Supervisory Authority: Lodge a complaint with your local data protection authority.

California (CCPA/CPRA): You have the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. You have the right to non-discrimination for exercising your privacy rights.

Canada (PIPEDA): We comply with the Personal Information Protection and Electronic Documents Act. You have the right to access, correct, and challenge our handling of your personal information. We collect and use personal information only for identified purposes and with your knowledge or consent.

To exercise any of these rights, contact support@repfactor.ai. We respond within 30 days (GDPR: one calendar month).

10. PII Redaction

When enabled by your organization's admin, the PII Redaction feature processes transcripts and AI-generated content to remove or mask personal information (names, emails, phone numbers) before storage. This feature uses automated AI processing and does not guarantee complete removal. Human review is recommended for sensitive use cases.

11. Third-Party Integrations

repfactor integrates with third-party meeting platforms, CRM systems, file storage services, calendar tools, and communication platforms. We also provide an API that allows third-party automation tools to send transcript data to your workspace. Your use of these integrations is subject to their respective privacy policies. We are not responsible for third-party data practices.

12. Cookies and Local Storage

We use essential cookies for authentication and session management. We do not use advertising, analytics, or tracking cookies. Full details are in our Cookie Policy.

13. Children's Privacy

repfactor is a business platform not intended for individuals under 18. We do not knowingly collect personal information from children under 13 (or the applicable minimum age in your jurisdiction). If you believe we have inadvertently collected such information, contact us and we will promptly delete it.

14. Policy Updates and Contact

We may update this Privacy Policy at any time. Material changes will be communicated by email to account administrators and posted with an updated "Last updated" date at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.

Contact: support@repfactor.ai

Company: Intellibricks Inc.