QuotaZenQuotaZen

Privacy Policy

Last updated: April 2026

Introduction

QuotaZen ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered sales practice platform, including our website, web application, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, job title, and password. If you sign up through a team invitation, your organization administrator may provide this information on your behalf.

Usage Data

We collect information about how you interact with the Service, including practice session transcripts, scores, and performance metrics. This data is used to provide scoring feedback, generate analytics for your team dashboard, and improve the quality of our AI models.

Technical Data

We automatically collect certain technical information when you access the Service, including your IP address, browser type, operating system, device identifiers, and pages visited. We use this information for security, analytics, and to improve the Service.

Payment Information

When you subscribe to a paid plan, payment information (such as credit card number and billing address) is collected and processed directly by our payment processor, Stripe. We do not store your full credit card number on our servers. We receive only a token reference and the last four digits of your card for display purposes.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate practice scores, coaching feedback, and analytics
  • Process transactions and manage your subscription
  • Send transactional communications such as account confirmations, billing notices, and support responses
  • Improve and develop our AI models and scoring algorithms using aggregated and anonymized data
  • Detect, prevent, and address security issues and fraud
  • Comply with legal obligations and enforce our Terms of Service

Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure located in the US East (N. Virginia) region (us-east-1). All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Database backups are encrypted and retained for 30 days.

We implement industry-standard security measures including network isolation, access controls, regular security audits, and automated vulnerability scanning. Access to production data is restricted to authorized personnel and requires multi-factor authentication.

Third-Party Services

We share information with the following third-party services:

  • Amazon Web Services (AWS): Cloud infrastructure, database hosting, and AI model inference. AWS processes data in accordance with their Data Processing Addendum.
  • Stripe: Payment processing and subscription management. Stripe handles all payment card data and is PCI DSS Level 1 certified.

We do not sell your personal information to third parties. We do not share your practice session transcripts or individual performance data with anyone outside your organization unless required by law.

Data Retention

We retain your account information and practice data for as long as your account is active or as needed to provide the Service. When you or your organization administrator requests account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely to improve the Service.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent laws:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing of your personal data for certain purposes, including direct marketing.
  • Right to restrict processing: You may request that we limit the processing of your personal data under certain circumstances.

To exercise any of these rights, please contact us at privacy@quotazen.com. We will respond within 30 days as required by applicable law. Our lawful basis for processing personal data includes contractual necessity (to provide the Service), legitimate interests (to improve and secure the Service), and consent (where applicable).

Cookies

We use cookies and similar technologies to operate the Service and analyze usage. The cookies we use fall into the following categories:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
  • Analytics cookies: Used to understand how users interact with the Service so we can improve the experience. These can be disabled through your browser settings.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking or behavioral advertising networks.

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

Email: privacy@quotazen.com