Privacy Policy

Welcome to Soundbite Pro ("we," "our," or "us"). We operate the Soundbite Pro platform — an AI-powered communication and public speaking training service (the "Service").

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data. By creating an account or using the Service, you agree to the practices described in this Policy.

If you do not agree with this Policy, please do not use the Service.

2.1 Account and Profile Information

When you create an account or complete your profile, we collect:

• Email address and hashed password
• First name, last name, and display name
• Profile photo / avatar (if uploaded)
• Professional information: job title, industry, years of experience
• Communication goals, self-reported challenges, and experience level
• Account type (individual user, team owner, or team member)
• Account creation and last-updated timestamps

2.2 Training Session Data

When you conduct or manage training sessions, we collect:

• Session configuration: topic, scenario description, difficulty level, training goals, and selected AI trainer persona
• Session start/end times and total duration
• Audio and video recordings of your sessions (stored as WebM/MP4 files)
• Conversation transcripts and chat messages generated during sessions
• Session status (pending, in progress, completed, skipped)

2.3 AI Feedback and Analytics Data

After each session, our AI system generates and stores:

• Performance scores across multiple dimensions: Readability, Clarity, Grammar, Conciseness, Vocabulary, Coherence, Professionalism, Intent Clarity, and Confidence
• Identified filler words, improvement tips, and detailed response breakdowns
• PDF report files for download
• Historical trend data for tracking progress over time

2.4 Payment and Subscription Data

When you subscribe to a paid plan, we (via our payment processor, Stripe) collect:

• Stripe customer ID and subscription ID
• Plan name and price
• Payment card brand and last four digits (we do not store full card numbers)
• Billing dates, invoice numbers, receipt URLs, and payment history
• Subscription status (active, canceled, past due)

2.5 Team Data

If you manage or belong to a team account:

• Team owner and member relationships
• Team invitation records (recipient email, invitation token, status, and expiration date)
• Per-member session usage and billing period tracking

2.6 Security Data

• Two-factor authentication (2FA) status and temporary verification codes (deleted after use)
• Account status flags (active, blocked)
• Authentication session tokens and secure HTTP-only cookies

2.7 Technical and Usage Data

We automatically collect certain technical data when you use the Service:

• Browser type, operating system, and device type
• IP address and approximate geographic location
• Pages visited, features used, and session duration
• Error logs and performance diagnostics

We use the information we collect to:

• Provide and operate the Service: Create and manage your account, deliver AI training sessions, process session recordings, and generate feedback reports.
• Personalize your experience: Tailor AI trainer behavior, difficulty, and session recommendations based on your profile and past performance.
• Process payments and manage subscriptions: Charge for paid plans, send invoices, and manage billing cycles via Stripe.
• Send transactional communications: Deliver account verification emails, 2FA codes, team invitation emails, and subscription status notifications.
• Improve the Service: Analyze aggregated usage patterns to fix bugs, develop new features, and improve AI performance.
• Enforce security and prevent abuse: Detect and prevent unauthorized access, fraud, and policy violations.
• Comply with legal obligations: Retain and disclose information where required by applicable law.

We do not sell your personal information to third parties. We do not use your session recordings or conversation transcripts to train general-purpose AI models beyond what is necessary to deliver feedback within your own account.

We rely on the following third-party service providers to operate the Service:

Supabase

Our primary backend infrastructure. Supabase hosts our PostgreSQL database (which stores all user, session, feedback, team, and subscription data) and our file storage (which stores session recordings and profile images). Data is protected by row-level security policies. Learn more at supabase.com/privacy.

Stripe

Our payment processor. Stripe handles all payment card data and subscription billing. We never store your full payment card number. Learn more at stripe.com/privacy.

OpenAI

We use the OpenAI Realtime API to power live voice conversations with AI trainers during your sessions. Your audio input is transmitted to OpenAI for real-time processing and transcription. Learn more at openai.com/policies/privacy-policy.

Resend

Our transactional email provider. Resend delivers verification emails, 2FA codes, team invitations, and other account-related notifications on our behalf. Learn more at resend.com/legal/privacy-policy.

Vercel

Our hosting and deployment platform. Vercel may process request metadata (IP addresses, headers) as part of serving the application. Learn more at vercel.com/legal/privacy-policy.

Soundbite Pro records your audio and video during training sessions for the purpose of generating AI feedback and allowing you to review your own performance. By starting a session, you consent to this recording.

Recordings are stored securely in cloud storage (Supabase Storage) and are accessible only to you (and, in team accounts, to the team owner). Recordings are not shared with other users or used for any purpose beyond delivering feedback to your account.

You may contact us to request deletion of your session recordings at any time (see Section 9).

We use the following client-side storage mechanisms:

• HTTP Cookies: We use a secure, HTTP-only cookie to manage your authentication session and two-factor authentication state. These cookies are essential for the Service to function and expire with your session or upon logout.
• Local Storage: We store minor preference data (such as session recommendation refresh timestamps) in your browser's local storage to improve your experience. This data does not contain personal information and does not leave your device.

We do not use tracking or advertising cookies.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained for the lifetime of your account.
• Session recordings and transcripts: Retained indefinitely unless you request deletion.
• Feedback reports and analytics: Retained for the lifetime of your account to support progress tracking.
• Payment records: Retained as required by financial and tax regulations (typically 7 years).
• 2FA codes: Deleted immediately after successful verification or expiry.
• Team invitation records: Active invitations expire after 7 days; expired invitations are retained for audit purposes.

Upon account deletion, we will delete or anonymize your personal data, except where retention is required by law or for legitimate business purposes.

We implement reasonable technical and organizational measures to protect your information, including:

• Encrypted data transmission via HTTPS/TLS
• Password hashing — we never store plaintext passwords
• Row-level security (RLS) on our database so users can only access their own data
• Optional two-factor authentication (2FA) for your account
• HTTP-only, same-site cookies to prevent cross-site scripting (XSS) attacks
• Rate limiting on authentication endpoints to prevent brute-force attacks

While we take security seriously, no method of transmission over the Internet is 100% secure. We encourage you to use a strong, unique password and enable 2FA.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update inaccurate or incomplete information via your profile settings.
• Deletion: Request deletion of your account and associated personal data.
• Portability: Request an export of your data in a structured, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain data processing activities.
• Withdraw Consent: Where processing is based on consent (e.g., session recording), you may withdraw consent at any time by discontinuing use of that feature.

To exercise any of these rights, please contact us at support@soundbitepro.com. We will respond within 30 days.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with their information, please contact us at support@soundbitepro.com.

Soundbite Pro is operated from the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or by displaying a notice within the Service.

Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: