Legal

Privacy Policy

Last updated: May 5, 2026

This privacy policy describes how the Sales Coach Chrome extension and the Sales Coach cloud service (collectively, “Sales Coach”, “we”, “our”, or “us”) collect, use, and protect information when you use the extension on a live sales call.

The extension is a productivity tool for licensed sales agents and their agencies. It is not a consumer product, and it is not intended to be installed on devices that handle protected health information for purposes other than legitimate Medicare / health insurance sales activity. Where Sales Coach is used in a Medicare context, agents are responsible for obtaining all consents required by CMS and applicable state law before recording or transcribing a call.

1. What we collect

1.1 Account information

When you create a Sales Coach account, we collect your email address and a password hash via our authentication provider (Supabase). The extension stores the resulting JSON Web Token (JWT) and refresh token in chrome.storage.sync so you stay signed in across browser sessions.

1.2 Call audio (transient)

When you click Start Coaching on a supported softphone tab, the extension captures the audio of that tab using the Chrome tabCapture API. The audio is encoded as webm/opus and streamed in ~250 ms chunks over an authenticated WebSocket to the Sales Coach backend.

  • Audio is processed in memory for transcription and is not written to long-term storage.
  • Audio chunks are discarded immediately after transcription.
  • Capture stops the moment you click Stop Coaching, end the call, close the tab, or sign out.

1.3 Transcripts and coaching events

Transcribed text and the coaching cues we generate from it are written to your Sales Coach account so you can review past calls, build analytics, and train your team. Each transcript is associated with the agent who created it and (where applicable) the agency that employs them.

1.4 Extension preferences

The extension stores a small set of preference values in chrome.storage.sync: API base URL, capture mode (tab / mic / disabled), autostart toggle, notification toggles, and the cached Supabase anon key. None of this is personally identifying beyond your email address.

1.5 Diagnostic information

The service worker logs WebSocket reconnect events and HTTP error codes to the browser's extension console for the user's own debugging. We do not transmit those logs off-device.

2. How we use the information

  • Provide the core feature. Audio is transcribed and analyzed in real time so we can return live objection, compliance, tonality, and psychology cues to your side panel.
  • Maintain your account. The JWT lets the backend verify that the WebSocket connection belongs to a paid, licensed agent.
  • Help you review and improve. Transcripts and cue history are available in the Sales Coach portal for analytics and coaching.
  • Service health. Aggregate, non-identifying metrics help us keep the service reliable.

We do not sell, rent, or trade your data, and we do not use your call data to train third-party models without an explicit, opt-in agreement.

3. Third-party processors

  • Supabase — authentication and the user/account database.
  • Railway — hosts the backend service that terminates the coaching WebSocket and orchestrates the AI agents.
  • Vercel — hosts the Sales Coach web portal.
  • A speech-to-text provider (Deepgram or AssemblyAI, selected per deployment) — receives the live audio stream solely to return a transcript. Audio is not retained by the provider per our enterprise agreement.
  • A large language model provider (Anthropic Claude and/or OpenAI) — receives the rolling transcript window in order to generate coaching cues, under enterprise zero-retention terms.

Each sub-processor is bound by a written data-processing agreement that prohibits using your data for any purpose other than providing the contracted service to Sales Coach.

4. Retention

  • Audio frames: never retained — discarded after real-time transcription, typically within seconds.
  • Transcripts and cue events: retained for 90 days by default, after which they are automatically deleted unless your plan or compliance configuration extends retention (e.g. CMS-required 10-year retention for Medicare enrollment calls).
  • Account profile and preferences: retained until you delete your account.
  • Logs and aggregate metrics: retained for up to 30 days.

5. HIPAA and Medicare-specific notes

Sales Coach is designed to be used in HIPAA-aware Medicare workflows. However, the standard Sales Coach plan is not sold as a HIPAA Business Associate; agents must avoid transmitting Protected Health Information (PHI) on coached calls unless their agency has signed a Business Associate Agreement (BAA) with Sales Coach.

Where a BAA is in place:

  • Audio remains transient (never written to disk in our backend).
  • Transcripts are stored in an encrypted database with row-level access policies tied to the agent's user ID and agency ID.
  • Access is logged and auditable.

For Medicare calls subject to CMS recording rules:

  • Sales Coach honors the recording consent the agent obtains at the top of the call. The extension does not record any audio that pre-dates the agent clicking Start Coaching.
  • Transcripts can be exported in CMS-acceptable formats from the Sales Coach portal.

6. Your rights

  • Export all of your transcripts and cue history from the Sales Coach portal (Settings → Data → Export).
  • Delete individual sessions or your entire account from the portal. Account deletion is propagated within 7 days; backups are purged on a 30-day rolling schedule.
  • Opt out of audio capture by setting the capture mode to “disabled” on the Options page.
  • Withdraw consent by signing out of the extension, which immediately invalidates the local JWT and stops all capture.

EEA, UK, and California residents have additional rights under GDPR / UK GDPR / CCPA, including the right to access, correct, and restrict processing. Email the address below to exercise those rights.

7. Security

  • All network traffic to the backend is TLS 1.2+ (HTTPS / WSS).
  • JWTs are short-lived (1 hour) and refreshed via the Supabase refresh-token grant.
  • The extension uses Manifest V3, content-script matches scoped to explicit softphone domains, and an offscreen document for audio capture so the service worker never directly handles raw audio.
  • Backend transcripts are stored in an encrypted Postgres database; access is gated by row-level security tied to the user's Supabase ID.

8. Children

Sales Coach is a B2B product for licensed insurance and sales professionals. It is not directed at, and we do not knowingly collect data from, anyone under 18.

9. Changes

We will post any material change to this policy on this page and update the “Last updated” date at the top. For changes that affect how we process call audio or transcripts, we will also email all active account holders at least 30 days in advance.

10. Contact

Questions, data-subject requests, or BAA inquiries: