Privacy, stated plainly.

This Privacy Policy describes how One Click Coaching Inc. ("we," "us," or "our") collects, uses, stores, and shares personal information when you use our sales coaching platform, website, and related services (together, the "Service").

It applies to anyone who uses the Service, including sales reps, managers, administrators, and individuals whose conversations are analyzed through a connected integration. It does not apply to third-party services you connect to (Fathom, Fireflies, HubSpot, etc.) — those are governed by their own privacy policies.

If your organization has its own agreement with us (a Master Services Agreement or Data Processing Addendum), that agreement may override parts of this policy. Where there's a conflict, the signed agreement wins.

We collect three categories of information — nothing more.

What we don't collect

• Personal communications unrelated to sales coaching (we only ingest from sales-tool integrations you approve).
• Browsing behavior outside our Service.
• Cookies from advertising networks or third-party trackers. See our Cookie Policy.
• Special categories of data (health, biometrics, religion, political views). If a sales call happens to mention these, they're treated like any other transcript data — never used for training, never shared.

We use your information for six purposes, and only those six:

• To run the Service — authenticate you, analyze calls, generate coaching, surface insights to you and your manager.
• To improve the Service — aggregated, anonymized usage patterns help us understand which features help reps improve. Your specific content never feeds this.
• To communicate with you — transactional emails, product updates, critical security notices, and responses to your requests.
• To ensure security — detect fraud, abuse, and unauthorized access; investigate incidents.
• To meet legal obligations — respond to lawful legal process, enforce our Terms, defend claims.
• To bill you — process payments through our payment processor (Stripe).

We rely on the following lawful bases under GDPR: (i) performance of our contract with you (running the Service), (ii) our legitimate interests (security, product improvement, communications), (iii) your consent (for specific integrations and marketing), and (iv) legal obligation (tax, fraud prevention).

We don't sell your data. We don't rent it. We don't license it to third parties for marketing. Here's every category of party that ever touches your data:

• Sub-processors — cloud infrastructure, AI model providers, and operational vendors we use to deliver the Service. The full list is public at Sub-processors. We sign DPAs with each, bind them to equivalent security, and notify you before adding new ones.
• Your organization — if your employer or the account holder for your seat is a customer, managers and admins in your organization can see data about your activity on the Service. That's the entire point of a coaching tool.
• Integration partners — data flows to and from tools you explicitly connect (Fathom, HubSpot, etc.) only as needed to provide the feature.
• Professional advisors — lawyers, accountants, auditors, bound by confidentiality.
• Authorities — if legally compelled. We review every request, challenge overly broad demands, and notify you unless prohibited by law.
• A successor — in the event of a merger, acquisition, or asset sale, data transfers to the acquirer, who inherits the same obligations. We'd notify you in advance.

That's the entire list. Nobody else sees your data.

This is the section that matters most for a coaching product, so we want to be direct.

We use third-party large language models (listed on our Sub-processors page) to analyze calls and generate coaching. In every case we use zero-retention, no-training API endpoints: the provider processes your prompt, returns a result, and does not retain or train on the data. Where we can additionally contract for it, we have zero-day retention agreements with named model providers.

We may use fully aggregated and anonymized usage signals — for example, "reps who received feedback within 24 hours improved methodology scores by X%" — to improve the product. Those aggregates cannot be linked back to any individual or organization.

For more on how we handle AI, see our AI Usage & Responsible AI page.

Full detail lives on our Security page. The summary:

• Encryption — AES-256 at rest, TLS 1.3 in transit.
• Tenant isolation — row-level isolation in every database; no shared tables.
• Access control — SSO/SAML available, role-based permissions, MFA required for staff.
• Audits — SOC 2 Type II audit in progress; annual penetration testing by an independent firm.
• Breach notification — we commit to notifying affected customers within 72 hours of confirmed unauthorized access to their data.

No security control is perfect. If something happens, we'll tell you fast and tell you the truth.

Depending on where you live, you may have some or all of the following rights over your personal information. We honor these rights for everyone, regardless of jurisdiction:

• Access — ask for a copy of what we hold about you.
• Correction — fix anything that's wrong.
• Deletion — delete your account and all associated data.
• Portability — export your data in a machine-readable format.
• Objection / restriction — object to or limit certain uses.
• Withdraw consent — where processing is based on consent, withdraw it.
• Opt out of automated decision-making — we don't make solely-automated decisions that have legal or similarly significant effects; coaching recommendations are informational, not decisional.
• Complain to a regulator — you can lodge a complaint with your local data protection authority.

To exercise any of these, email privacy@oneclickcoaching.com. We respond within 30 days (usually within 5 business days). If you're an employee of a customer, we may route your request through your organization's administrator, as they control your workspace.

California residents (CCPA/CPRA): you have the rights above, plus the right to know the categories of personal information collected, disclosed, or sold in the preceding 12 months. We do not sell or share personal information for cross-context behavioral advertising.

EEA/UK/Swiss residents: our EU/UK representative for GDPR purposes is [To be appointed / Listed upon publication]. You can lodge complaints with your supervisory authority.

We keep data only as long as we need it to run the Service or meet a legal obligation.

When you cancel, your workspace enters a 30-day grace period during which you can re-activate or export your data. After 30 days, we destroy it — across primary storage, analytical copies, and backups within the rotation window above.

We operate from Canada. Some of our sub-processors are located in the United States and the European Union. Your data may be transferred to, stored in, and processed in any country where we or our sub-processors operate.

For transfers of EEA, UK, or Swiss personal data out of those regions, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK's International Data Transfer Addendum, and the Swiss Federal Data Protection and Information Commissioner's equivalent framework. Where available, we also rely on adequacy decisions (for example, Canada's adequacy status under GDPR).

Customers on our Enterprise tier can request EU-only data residency; contact sales.

One Click Coaching is a B2B tool intended for use by sales professionals. The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email privacy@oneclickcoaching.com and we'll delete it.

We'll update this policy as the Service evolves. When we make material changes — anything that meaningfully affects how we handle your data — we'll notify account admins by email at least 30 days before the change takes effect, and post the new version here with a changelog. Minor clarifications are posted without notice; the "Last updated" date at the top always reflects the current version.

Prior versions are available on request.

Privacy questions, requests, or complaints go to the addresses below. We read every one.