Privacy Policy
Last updated: March 11, 2026
1. Introduction
SalesTwin Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered sales CRM platform ("Service"). This policy applies to information collected through our website at mysalestwin.com and all related services, applications, and tools.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when using the Service, including:
- Account Information: Name, email address, and authentication credentials when you create an account
- Lead and Contact Data: Names, email addresses, phone numbers, addresses, and other contact information for your sales leads and customers that you input into the Service
- Communication Content: Emails, SMS messages, notes, and other communications you compose or send through the Service
- AI Training Data: Voice samples, writing samples, and communication preferences you provide to train the AI Sales Twin feature
- Media Files: Photos, videos, and documents you upload for media decks and presentations
- Calendar Data: Appointment details, availability schedules, and booking information
- Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
2.2 Information Collected Automatically
When you use the Service, we automatically collect certain information, including:
- Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns
- Device Information: Browser type, operating system, device type, and screen resolution
- Log Data: IP address, access times, referring URLs, and error logs
- Cookies: Session cookies for authentication and preference cookies for user experience (see Section 8)
2.3 Information from Third Parties
We may receive information from third-party services you connect, including:
- Calendar Services: Event data from Google Calendar or Microsoft Outlook when you enable calendar sync
- Authentication Providers: Basic profile information from our OAuth authentication provider
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Train and operate AI features (Twin, Deal Coach, scoring) | Contract performance / Consent |
| Send emails and SMS on your behalf | Contract performance |
| Generate analytics, reports, and insights | Legitimate interest |
| Improve the Service and develop new features | Legitimate interest |
| Send service notifications and updates | Legitimate interest |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. AI-Specific Data Processing
How We Use Your Data for AI Features:
- AI Sales Twin: We process your writing samples, communication history, and style preferences to generate messages that approximate your communication style. This data is processed in real-time and is not used to train general-purpose AI models.
- AI Deal Coach: We analyze your lead data, interaction history, and pipeline information to generate personalized sales recommendations. This analysis is performed per-request and is not stored beyond the session.
- Lead Scoring: We process lead information and engagement data to calculate qualification scores. Scoring algorithms are applied to your data only and do not incorporate data from other users.
- Auto-Generated Content: AI-generated emails, SMS messages, and media captions are created using your data and approved templates. You retain full control over whether to send or discard generated content.
No Cross-User Training: We do not use your personal data, lead information, or communication content to train AI models that serve other users. Your data is processed in isolation to provide personalized features for your account only.
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- Service Providers: We share data with third-party service providers who assist us in operating the Service, including Stripe (payments), Resend (email delivery), cloud hosting providers, and AI model providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
- Message Recipients: When you send emails or SMS messages through the Service, the content and your contact information are shared with the intended recipients.
- Calendar Integrations: When you enable calendar sync, appointment data is shared with Google Calendar or Microsoft Outlook as applicable.
- Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. After account termination, we retain your data for up to 90 days to allow for data export, after which it is permanently deleted from our systems, except where longer retention is required by law (e.g., financial records for tax purposes).
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 90 days |
| Lead and contact data | Duration of account + 90 days |
| Communication history | Duration of account + 90 days |
| Media files | Duration of account + 30 days |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
7. Your Privacy Rights
7.1 Rights Under GDPR (European Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection authority
7.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
7.3 Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.
8. Cookies and Tracking Technologies
We use the following types of cookies and similar technologies:
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session / 30 days |
| Functional | User preferences, theme settings, onboarding state | 1 year |
| Analytics | Usage patterns, feature adoption, performance monitoring | 1 year |
We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL
- Encryption of sensitive data at rest
- Secure authentication with session management
- Regular security assessments and monitoring
- Access controls limiting employee access to personal data
- Secure cloud infrastructure with industry-standard protections
While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection.
11. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at [email protected].
12. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT signals. However, we do not engage in cross-site tracking or sell your personal information to third parties.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
SalesTwin Inc. — Data Protection
Email: [email protected]
General inquiries: [email protected]
Website: mysalestwin.com
For GDPR-related inquiries, you may also contact your local data protection authority. A list of EU data protection authorities is available at the European Data Protection Board website.