DealParley is a product of Noble Cortex Inc. ("Noble Cortex," "we," "us," "our"). This Privacy Policy explains how we collect, use, share, retain, and protect personal information when you use:

the DealParley marketing site at dealparley.ai,
the DealParley application at app.dealparley.ai,
the DealParley authentication and billing site at auth.dealparley.ai.

For information about how the Noble Cortex parent network handles data on noblecortex.ai, see the Noble Cortex Privacy Policy.

1. Who we are

Data controller: Noble Cortex Inc., 2108 N St #6192, Sacramento, CA 95816, USA.
Privacy contact: info@dealparley.ai
Security contact: security@dealparley.ai
EU/UK representative: email info@dealparley.ai with "EU/UK representative" in the subject line and we will route your request.

2. What DealParley does

DealParley plans and coaches B2B sales calls. You answer a short set of pre-call questions, the application synthesizes a call plan, and during a live call it transcribes your conversation, surfaces coaching cues, and saves a transcript and summary for you to review afterward.

This product is designed for adults working in a professional capacity. It is not intended for personal or consumer use, and not for anyone under the age of 18.

3. Information we collect

3.1 Account and billing

Created when you sign up via auth.dealparley.ai (which uses our Odoo-based identity and billing system shared across the Noble Cortex network):

Name, email address, password (stored as a salted hash; we never see the plaintext).
Company name, role/title.
Subscription plan, billing status, invoice history.
IP address and basic device metadata at sign-up and at each sign-in, for security and fraud prevention.

3.2 Payment information

Payments are processed by Stripe. Card numbers, CVV, and bank account details are entered into Stripe's secure form and go directly to Stripe; DealParley never sees or stores your full card number. We receive a Stripe customer identifier, the last four digits, brand, expiry, and the status of each charge.

3.3 Pre-call planning answers

Before each call you can answer questions about the prospect, the call's purpose, the framework you want to use (MEDDIC, BANT, SPIN, etc.), and context about the persona and account. We store your answers so the application can build a call plan and so you can revisit it.

3.4 Call audio

Audio captured during a live call is streamed in real time to our speech-to-text provider (AssemblyAI) for transcription. The audio is not retained by DealParley after transcription, and AssemblyAI's streaming API does not archive audio by default. We do not send your audio to any other third party.

3.5 Call transcripts and notes

Text transcripts produced from your audio are retained in our database so you can review past calls, so the coaching engine can improve future plans, and so you can export your call history. Any notes, ratings, or tags you add to a call are stored with the transcript.

3.6 Coaching outputs

Call plans, in-call coaching cues, post-call summaries, and other AI-generated outputs are stored with the corresponding call so you can review them and so the application can learn what worked.

3.7 Communications

When you contact support or fill in a marketing-site form (e.g., the "For Teams" waitlist), we collect your name, email, company, role, and the contents of your message.

3.8 Site and product telemetry

IP address, browser type, OS, device type, screen size, language.
Pages and features used, timestamps, request and response metadata.
Error reports (no call content; we redact transcripts and inputs from logs).

3.9 Cookies

See §9.

4. Sensitive personal information

The categories we collect that may be considered Sensitive Personal Information under the California Privacy Rights Act:

Account credentials (your hashed password and session tokens).
Contents of communications (your call transcripts, since they are communications to which DealParley is not the intended recipient or sender; you are the user, your prospect is the other party).

We use these categories only as necessary to provide the service you have asked for. We do not use them to infer characteristics about you, and we do not sell, share for cross-context behavioral advertising, or otherwise disclose them for purposes that would trigger a Right to Limit notice under CPRA. To request that we limit our use of Sensitive Personal Information, email info@dealparley.ai.

5. How we use it (and our legal basis)

For users in the European Economic Area or the United Kingdom, the GDPR legal basis is listed in parentheses.

Purpose	Legal basis (GDPR Art. 6)
Provide the service: authenticate you, run pre-call planning, transcribe live calls, generate coaching, store transcripts.	Contract (Art. 6(1)(b))
Billing: charge your subscription, generate invoices, recover failed payments.	Contract (Art. 6(1)(b)); legal obligation for tax (Art. 6(1)(c))
Improve the service: aggregate and de-identify usage data to improve prompts, coaching quality, and reliability.	Legitimate interest (Art. 6(1)(f))
Transactional emails: sign-up confirmation, password reset, billing receipts, security notices.	Contract (Art. 6(1)(b))
Product updates: feature announcements. Unsubscribe from any such email.	Legitimate interest (Art. 6(1)(f)); consent where required (Art. 6(1)(a))
Customer support: respond to inquiries, reproduce reported issues from your account.	Contract (Art. 6(1)(b))
Security: detect and prevent fraud, abuse, and security incidents.	Legitimate interest (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))
Comply with law: respond to legally binding requests, defend legal claims, enforce our Terms.	Legal obligation (Art. 6(1)(c)); legitimate interest (Art. 6(1)(f))

We do not use your information for automated decision-making that produces legal or similarly significant effects about you. The AI-generated coaching content is presented to you as suggestion; you decide what to do with it.

6. How we share it

We do not sell or rent your personal information. We share it only as described here.

6.1 Service providers (data processors)

Vendor	What we share	Why	Where
Hetzner Cloud GmbH	All hosted data	Application hosting	Germany (EEA)
Stripe	Name, email, billing address, transaction metadata	Payment processing	EU and US
AssemblyAI Inc.	Live call audio (streamed; not archived by default)	Real-time speech-to-text	US
OpenAI, LLC	Prompt content (planning answers, transcript excerpts, coaching prompts)	LLM inference	US
Anthropic, PBC	Same as OpenAI	LLM inference	US
Cerebras Systems Inc.	Same as OpenAI	LLM inference	US
Sentry	Error metadata; no call or transcript content	Error monitoring	EU region selected
Transactional email provider	Name, email, message subject and body	Email delivery	EU or US

Each processor is bound by a Data Processing Agreement that limits its use of personal information to the purpose stated, requires appropriate security, and (where applicable) commits to assist us with data-subject requests and breach notifications.

6.2 Within the Noble Cortex network

Account, billing, and identity are managed by a shared Odoo-based system at auth.dealparley.ai that is also used by other Noble Cortex products. Other Noble Cortex products do not access your DealParley call transcripts, coaching outputs, or pre-call planning answers.

6.3 Legal disclosures

We may disclose information when we believe in good faith that disclosure is required to comply with a legal obligation, court order, or lawful government request; to enforce our Terms; to protect the rights, property, or safety of Noble Cortex, our users, or the public; or to investigate fraud or security incidents.

6.4 Business transfers

If Noble Cortex or DealParley is involved in a merger, acquisition, financing, or sale of all or part of its assets, personal information may transfer to the counterparty subject to confidentiality protections. We will notify you of any change in control or use of your personal information.

6.5 SMS opt-in data

If you opt in to receive SMS messages, your opt-in information will not be shared with unaffiliated third parties for their marketing purposes.

7. International data transfers

Our primary infrastructure is in Germany (Hetzner Cloud, EEA jurisdiction). EEA and UK customer data stays in the EEA at rest. US customer data also resides in the EEA today.

LLM inference and live transcription are performed by service providers in the United States (OpenAI, Anthropic, Cerebras, AssemblyAI). For these transfers we rely on:

the EU-US Data Privacy Framework (and the UK and Swiss extensions) where the recipient is self-certified, or
Standard Contractual Clauses approved by the European Commission, supplemented by technical and organizational measures (TLS in transit, short retention windows, minimized payload).

A US data region for DealParley is on our roadmap for customers with data-residency requirements; contact info@dealparley.ai if this affects your procurement.

8. How long we keep it

Category	Retention
Call audio	Not retained. Streamed to AssemblyAI for transcription, then discarded.
Call transcripts and summaries	Retained until you delete the call or your account. You can delete individual calls or your entire account at any time.
Pre-call planning answers	Same as transcripts.
Account and identity	Retained while your account is active. After deletion, identity is removed within 30 days, except for records we are required to keep for tax, billing dispute, or other legal reasons (typically 7 years for invoices).
Subscription and billing records	7 years from the date of the transaction (US/EU tax law).
Transactional emails	18 months in our sending provider's logs.
Support tickets	3 years from last activity.
Server logs	30 days.
Application error metadata	90 days.
Backups containing any of the above	30 days after the source record is deleted.

You can export your transcripts and call data via the application at any time. After account deletion, an audit trail of "user X deleted account on Y" is retained for security and to defend against fraudulent deletion claims, but the underlying personal data is removed within 30 days.

9. Cookies and similar technologies

Category	Examples	Purpose	Consent required?
Strictly necessary	`paywall_session`, CSRF token, consent record	Sign-in, security, paywall enforcement	No
Functional	Theme preference, last-used framework	Remember your preferences inside the app	Yes
Analytics	First-party page-view counters on the marketing site	Marketing-site improvement only; no behavioral profiling	Yes
Marketing	None currently enabled	(Would require explicit consent if introduced)	Yes

We do not use cookies inside the app to track you across other websites and we do not run advertising trackers anywhere. We honor the Global Privacy Control browser signal as an opt-out of sale and sharing of personal information and as a request to disable non-essential cookies.

10. Your privacy rights

Your rights depend on where you live. To exercise any of the rights below, email info@dealparley.ai with "Privacy Request" in the subject line. We will verify your identity by matching the email on your account or by asking you to confirm details we already hold. We respond within the time required by applicable law (one month under GDPR, 45 days under California law, extendable once with notice for complex requests).

10.1 European Economic Area, United Kingdom, Switzerland

You have the right to access, rectify, erase, restrict processing, object to processing (including direct marketing, which we stop on request without exception), portability, and withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

10.2 California (CCPA as amended by CPRA)

You have the right to Know, Delete, Correct, Opt out of sale or sharing (DealParley does not sell or share personal information for cross-context behavioral advertising), Limit Use of Sensitive Personal Information (see §4), and to be free from discrimination for exercising any CCPA right. You may use an authorized agent.

10.3 Other US states

We extend Access, Correction, Deletion, and Opt-Out rights to all US residents regardless of state of residence.

10.4 Appeals

If we deny your request, you may appeal by replying "Appeal" to our response.

11. Children's privacy

DealParley is a B2B product for adults. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact info@dealparley.ai and we will delete it promptly.

12. Security

We implement technical and organizational measures designed to protect your information:

In transit: TLS 1.2 or higher for all public endpoints and for all cross-service traffic.
At rest: encrypted disk volumes for database storage.
Authentication: salted password hashes (Argon2), session cookies marked Secure, HttpOnly, and scoped to our domains.
Access controls: role-based administrative access with audit logging; production access limited to named engineers and reviewed periodically.
Vendor diligence: Data Processing Agreements with all subprocessors.
Backups: daily, encrypted at rest, tested periodically; 30-day retention.
Incident response: documented playbook with escalation, customer notification, and post-incident review steps.

SOC 2 Type II and a standard Data Processing Addendum template are on our roadmap for team customers; contact security@dealparley.ai if your procurement requires either today. See also our security page.

13. Data breach notification

If we determine that a security incident has compromised your personal information, we will notify the relevant supervisory authority within the time required by applicable law (within 72 hours under GDPR where feasible), and we will notify you directly without undue delay where the incident is likely to result in a high risk to your rights and freedoms. Notifications will describe the nature of the incident, the categories of data affected, the likely consequences, and the measures we are taking.

14. Changes to this policy

Material changes (new categories collected, new categories of recipient, new purposes, new transfers outside the EEA/UK) will be announced at least 30 days before they take effect, by email to the address on your account and via a notice on the marketing site. Non-material changes (typos, clarifications, link repairs) will be reflected by updating the "Last Updated" date. We will never reduce your existing rights under this policy without your consent.

15. How to contact us

Privacy questions, rights requests, and general inquiries: info@dealparley.ai
Security incidents and vulnerability reports: security@dealparley.ai
Postal mail: Noble Cortex Inc., Attn: DealParley Privacy, 2108 N St #6192, Sacramento, CA 95816, USA

DealParley privacy policy.

On this page