Privacy Policy
Last updated: July 9, 2026
This Privacy Policy explains how Teleperson, Inc. (“Teleperson,” “we”) handles information in connection with our platform (the “Service”). Teleperson is a business-to-business product. For account and website data we act as a controller; for the tenant and end-customer data our customers put into the Service, we act as a processor on their behalf and under their instructions.
1. Information we collect
Account & workspace data. When you sign up we collect your name, work email, role, and company details (name, domain, address, industry). Administrators may add other users.
Customer & CRM data (on our customers’ behalf). Tenants store data about their own contacts and customers — such as name, email, phone, title, notes, opportunities, and activity. This is Customer Data that the tenant controls.
Agent conversations. Chat messages exchanged with an AI agent, and any files a user attaches, are processed to generate responses. Consumer-side chat memory is stored on the user’s device by default; operator-side conversations may be stored in the workspace.
E-signature records. When a document is signed in a deal room, we capture the signer’s name and email, IP address, user-agent, timestamp, and a document hash as a legally significant audit trail.
Knowledge base. Text crawled from websites a tenant designates, and documents a tenant uploads (PDF, DOCX, Markdown, text), are stored to ground the tenant’s agent.
Voice calls. For AI voice calls we store structured analysis (such as purpose, sentiment, and a summary). Full call transcripts are retrieved live from the voice provider and are not stored in our database.
Operational & security data. Usage and AI-cost events, audit logs (actor email, action, and source IP), notifications, and rate-limiting data, used to run and secure the Service.
2. How we use information
- to provide, operate, maintain, and improve the Service;
- to power AI features — grounding an agent in the tenant’s persona, knowledge base, and relevant workspace data;
- to process billing and manage subscriptions;
- for security, fraud prevention, audit logging, and to enforce our Terms;
- to provide support and to communicate about the Service; and
- to comply with legal obligations.
3. AI processing
To answer a request, the agent runtime may send the tenant’s configured persona and knowledge base, relevant workspace data, and the end-user’s messages and attachments to the configured large- language-model provider. Tenants may use our default provider or supply their own encrypted provider key. Provider processing is governed by that provider’s API terms. We do not use Customer Data to train our own foundation models, and we do not operate a first-party model-training pipeline. We record token usage and cost for accounting.
4. Cookies & sessions
We use strictly necessary cookies to run the Service: a Supabase authentication session cookie to keep you signed in, and, for Teleperson staff who use the “Sign in as” support tool, a short-lived signed cookie identifying the workspace being viewed. We do not use advertising cookies in the application.
5. Subprocessors
We rely on vetted service providers to deliver the Service. Core subprocessors include:
- Supabase — database, authentication, and file storage;
- Vercel — application hosting;
- Amazon Web Services — cloud infrastructure and AI services;
- Anthropic, OpenAI, Google, and xAI — large-language- model and text-to-speech providers (as configured, including a tenant’s own key);
- ElevenLabs and Vapi — voice and text-to-speech;
- Resend — transactional email;
- Stripe — payments and billing; and
- Google Analytics — aggregate web analytics.
Where a tenant connects its own third-party account (for example, Microsoft 365 for mailbox access or Salesforce for CRM sync), data flows to that service under the tenant’s direction and that provider’s terms.
6. How we protect data
- Tenant isolation. Data is scoped per workspace and enforced with row-level security by company boundary.
- Encryption of secrets. Per-tenant secrets, including provider API keys, are encrypted at rest (AES-256-GCM). Developer API keys are stored only as one-way hashes.
- Access controls, audit logging, and rate limiting guard the Service. The tenant-designated knowledge-file storage bucket is used to serve agent knowledge assets; do not upload confidential files you do not wish served to your agent’s audience.
No method of transmission or storage is perfectly secure, but we work to protect information using commercially reasonable safeguards.
7. Data retention
We retain information for as long as needed to provide the Service, and as required for legal, accounting, or security purposes. Some items have shorter lifespans (for example, certain invitation and deal-room tokens expire automatically). When a workspace is closed we delete or de-identify Customer Data after a reasonable period, unless retention is required by law.
8. International transfers
We and our subprocessors may process information in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers.
9. Your rights
Depending on your location, you may have rights to access, correct, delete, or port personal data, or to object to or restrict certain processing. For account data we hold as a controller, contact privacy@teleperson.com. Where we process data on behalf of a tenant (as a processor), please direct your request to that tenant, and we will assist them in responding.
10. Children
The Service is not intended for, and we do not knowingly collect data from, children under 16.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified through the Service or by email, and the “Last updated” date above will change.
12. Contact
Teleperson, Inc. Privacy questions: privacy@teleperson.com.