Privacy Policy
Effective Date: October 17 2025
This Privacy Policy explains how RapportCue ("RapportCue," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website, mobile application, and conversation coaching services (collectively, the "Services").
Our Services include AI-powered conversation coaching and AI-orchestrated human role-play sessions for dating, speeches, interviews, and other high-stakes conversations. This policy applies where we act as a data controller of your personal information.
Jurisdiction Notice
This policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA). If you are located in the European Economic Area (EEA), United Kingdom, or California, additional rights and protections apply to you as described in this policy.
This policy fulfills the information requirements under GDPR Articles 13 and 14.
What We Collect (Categories of Data)
We collect the following categories of personal information:
Account & Contact Information
Name, email address, password (stored as cryptographic hashes), account settings, and preferences.
Session Content
- Real-time audio recordings of your practice sessions
- Optional video recordings (if you enable camera)
- Transcripts of your conversations
- Prosody metrics including words per minute (WPM), pitch variability, pause placement, and vocal tone
- Nonverbal snapshots such as gaze/eye-contact estimates, posture cues, and facial expression analysis
- Time-stamped feedback, coaching nudges, and performance scores
Role-Play Partner Data
Display name or user ID, scheduling metadata, and connection information for AI-orchestrated human role-play sessions.
Device & Usage Information
IP address, device type, operating system, browser type, app telemetry, cookies, and SDK data for analytics and performance monitoring.
Payment Metadata
If you subscribe to paid tiers, we collect payment transaction metadata (handled by our payment processor). We do not store full credit card numbers.
Sensitive Data Notice
Voice recordings, prosody analysis, and nonverbal behavior data may reveal sensitive information about your emotional state or affect. We process this data solely to provide coaching services and apply appropriate safeguards.
Children's Data
We do not knowingly collect personal information from children under 13 years of age. If we discover that we have inadvertently collected such data, we will delete it immediately and disable the associated account. See the "Children's Privacy" section below for more details.
How We Use Data (Purposes & Legal Bases)
We use your personal information for the following purposes:
Core Service Delivery
To provide real-time conversation coaching, including transcription, scoring across six science-backed traits (warmth, clarity, confidence, engagement, adaptability, and authenticity), and delivering real-time nudges during sessions.
Legal Basis: Performance of contract (GDPR Art. 6(1)(b))
Reports & Personalized Drills
To generate post-session analytics reports and create personalized 60-second practice drills tailored to your performance.
Legal Basis: Performance of contract (GDPR Art. 6(1)(b))
Product Safety & Integrity
To troubleshoot technical issues, prevent abuse and fraud, ensure platform security, and maintain service quality.
Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) in protecting our users and maintaining service integrity
Research & Product Improvement
To conduct aggregated, de-identified analytics for AI model tuning, feature development, and UX quality improvements. We implement technical safeguards including anonymization and aggregation to protect your privacy. You may opt out of research use by contacting us.
Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) in improving our services, or consent where required
Communications
To send account notifications, service updates, security alerts, and marketing communications (where you have consented or as permitted by law).
Legal Basis: Performance of contract for transactional emails; consent or legitimate interests for marketing (GDPR Art. 6(1)(a) or (f))
GDPR Compliance
Each processing purpose is mapped to a lawful basis under GDPR Article 6. We process your data only for the purposes described in this policy and in accordance with applicable data protection laws.
Your Privacy Rights
Depending on your location, you have specific rights regarding your personal information. We are committed to honoring these rights and responding to your requests promptly.
For EU/EEA/UK Users (GDPR Rights)
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data in certain circumstances.
Right to Restriction of Processing
Request that we limit how we use your personal data.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Data Portability
Receive your personal data in a structured, machine-readable format.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint
File a complaint with your local data protection authority if you believe we have violated your rights.
To exercise these rights, contact us at support@rapportcue.com
For California Users (CCPA/CPRA Rights)
Right to Know
Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
Right to Delete
Request deletion of your personal information, subject to certain exceptions.
Right to Correct
Request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing
Opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense, but certain data sharing may qualify under CCPA definitions.
Right to Limit Use of Sensitive Personal Information
Limit our use of sensitive personal information (such as voice recordings and biometric data) to purposes necessary to provide the Services.
Right to Non-Discrimination
You will not receive discriminatory treatment for exercising your CCPA/CPRA rights.
To exercise these rights, submit a request via our web form or email support@rapportcue.com
Identity Verification: To protect your privacy, we will verify your identity before processing rights requests. We may ask for additional information to confirm your identity.
Response Timeline: We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA), with possible extensions as permitted by law.
Children's Privacy
RapportCue is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Our Services are designed for adults and teenagers aged 13 and older.
If we learn that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information and disable the associated account.
Parents & Guardians
If you believe your child under 13 has provided personal information to RapportCue, please contact us immediately at support@rapportcue.com so we can delete the information and terminate the account.
This policy complies with the Children's Online Privacy Protection Act (COPPA) in the United States.
Disclosures & Data Processors
We may share your personal information with third-party service providers who assist us in operating our Services. These processors act on our behalf and are contractually obligated to follow our instructions, maintain confidentiality, and implement adequate security safeguards.
Categories of Processors:
- Cloud Hosting & Infrastructure: Servers and storage for application data and session recordings
- Analytics & Performance Monitoring: Tools to understand usage patterns and improve service quality
- Error Monitoring & Debugging: Services to identify and resolve technical issues
- Communications: Email delivery and customer support platforms
- Identity & Abuse Prevention: Fraud detection and account security services
- Payment Processing: Secure payment gateways for subscription billing
- Real-Time Infrastructure: Voice and video communication services for live coaching sessions
FTC Guidance on AI & Data
We follow Federal Trade Commission guidance requiring truthful, non-misleading claims about AI capabilities and data handling. Our processors are selected based on their security practices and compliance with applicable privacy laws.
We do not sell your personal information to third parties for their own marketing purposes. Any data sharing is limited to the purposes described in this policy and subject to appropriate contractual protections.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
Typical Retention Periods:
- Raw audio/video recordings: Kept 30 days after a session ends, then permanently deleted. You can request earlier deletion at any time.
- Derived analytics & scores: Kept 24 months to show trends and progress, then deleted or converted to aggregated (non-identifiable) statistics.
- Account data: Kept while your account is active. If there's no activity for 24 months, we'll notify you and schedule deletion of the account and associated personal data (you can also request deletion anytime).
- Aggregated/de-identified data: May be kept indefinitely, because it cannot reasonably be linked back to you.
Retention Criteria
We determine retention periods based on: (1) the nature and sensitivity of the data, (2) the purposes for which we process it, (3) legal and regulatory requirements, and (4) your preferences and requests. You may request earlier deletion of your data by contacting us.
This retention policy complies with GDPR Article 13 requirements to inform you about storage periods or the criteria used to determine them.
International Data Transfers
RapportCue operates globally, and your personal information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.
When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms that require recipients to protect your data
- Data Processing Agreements: Contracts with processors that include data protection obligations
- Other Approved Mechanisms: As recognized under GDPR Chapter V
If you have questions about international data transfers or would like more information about the safeguards we use, please contact us at support@rapportcue.com.
Security
We implement layered technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Employee training on data protection and security practices
- Incident response procedures and monitoring systems
Important Security Notice
While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You can help protect your account by using a strong, unique password, enabling two-factor authentication (if available), and keeping your devices and software up to date.
Our security practices align with Federal Trade Commission guidance on safeguarding nonpublic consumer data and responsible AI deployment.
Automated Decision-Making & Profiling
RapportCue uses automated systems, including artificial intelligence and machine learning models, to analyze your conversation sessions and generate scores across six science-backed traits: warmth, clarity, confidence, engagement, adaptability, and authenticity.
These automated assessments are designed to provide you with real-time coaching feedback and personalized improvement recommendations. They do not result in legal or similarly significant decisions about you, but rather serve as educational tools to help you improve your conversation skills.
Your Controls:
- Review: You can review your session scores and feedback at any time
- Challenge: You may contact us to question or challenge automated assessments
- Delete: You can request deletion of session data and associated scores
- Opt-Out: You may discontinue use of the Services at any time
Under GDPR Article 22, you have the right to not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our automated scoring does not fall into this category, but we provide transparency and control mechanisms as a best practice.
Your Choices & Controls
You have several choices regarding how we collect, use, and share your personal information:
Recording Permissions
You control whether to enable audio and video recording during sessions. You can toggle these permissions in your device settings or within the app. Note that disabling recordings may limit certain coaching features.
Camera & Microphone Access
You can manage camera and microphone permissions through your device or browser settings. We will request permission before accessing these features.
Cookie Preferences
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect your ability to use certain features of our Services.
Marketing Communications
You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message or by updating your communication preferences in your account settings. You will continue to receive transactional emails related to your account and services.
California-Specific Opt-Outs
California residents can exercise additional rights under CCPA/CPRA:
We honor Global Privacy Control (GPC) and similar browser signals where required by law.
Account Deletion
You can request deletion of your account and associated personal information by contacting us at support@rapportcue.com. We will process your request in accordance with applicable law.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:
- Posting the updated policy on our website with a new "Effective Date"
- Sending you an email notification (if you have provided your email address)
- Displaying a prominent notice within our Services
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Services after the effective date of an updated policy constitutes your acceptance of the changes.
If we make changes that materially reduce your rights, we will seek your consent where required by applicable law.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
© 2025 RapportCue. All rights reserved.