When we process call data for you, the roles are straightforward: you are the controller of the data you submit, and we are your processor. We process it only to provide the service and on your instructions.
What the processing involves
- Purpose: automated analysis of call transcripts to produce scores, evidence excerpts, summaries, and recommendations.
- Types of personal data: identifiers (names, email addresses) and the content of conversations in transcripts; account email; usage metadata.
- Data subjects: your representatives/employees and the other participants on the analyzed calls (e.g. prospects, customers); your account users.
- Duration: for the term of your use of the service.
What we store (data minimization)
We do not store full transcripts. We retain only derived analysis (scores, confidence, short verbatim evidence excerpts, summaries, recommendations) in a cache keyed to a one-way cryptographic hash of the transcript, for up to 30 days; scorecard templates under your account; and hashed-email usage counters. Logs contain no transcript content.
Sub-processors
| Sub-processor | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, database, KV storage, identity/access | US / global edge |
| Anthropic, PBC | AI scoring of transcripts | US |
| Transactional email provider (when email is enabled) | Report email delivery | To be confirmed |
We hold a data-protection agreement with each sub-processor imposing obligations no less protective than those we offer you, and we'll give notice before adding or replacing one.
Security measures
- Encryption of data in transit (TLS) and at rest.
- Identity-based access control (Cloudflare Access / Zero Trust); least privilege.
- No storage of full transcripts; logs exclude transcript content and model output.
- Prompt-injection input filtering and output validation ("output gate").
- Rate limiting, daily quotas, and anomaly lockout.
- Reputable, SOC 2-certified sub-processors.
Assistance, breaches, deletion
- We reasonably assist you with data-subject requests and your security and impact-assessment obligations.
- We notify you without undue delay after becoming aware of a personal-data breach affecting your data.
- On termination or request, we delete or return your data. Because full transcripts aren't stored and the derived-analysis cache auto-expires within 30 days, most call data is short-lived by design.
International transfers
Where we transfer personal data across borders, we rely on a valid transfer mechanism (e.g. EU Standard Contractual Clauses), set out in the formal DPA.
Requesting the formal DPA
If your organization requires a signed DPA, contact info@projectmoneyball.com and we'll provide one for execution.