Privacy Policy

Last updated: May 19, 2026

1. Who We Are

HuddleRoutine is operated by Vermilion Holdings LLC, an Arizona limited liability company. This policy describes what HuddleRoutine collects, how we use it, and who processes it.

2. Geographic Scope

HuddleRoutine is offered only in the United States. The Service is not intended for use in the European Union, United Kingdom, Canada, or other regions with dedicated data-protection regimes. By using HuddleRoutine you agree your data is processed in the United States.

3. Information We Collect

  • Manager account data — email and display name from Supabase Auth; last-login timestamp.
  • Team / organization data — workspace name, vertical (e.g., solar, roofing, pest), optional website, optional team size and time zone, and onboarding progress.
  • Rep profile data — display name (first / last name) added by managers; optional rep account email if a rep chooses to claim a sign-in account; activity timestamps (last seen, last practice, last huddle participation).
  • Voice / audio submissions— recordings of rep practice and huddle responses. (See “Audio Handling” below.)
  • Transcripts — AI-generated text transcripts of rep responses.
  • AI scores, feedback, and summaries — overall score, rubric breakdown, strengths / weaknesses / suggested improvements, team-level summaries, and readiness check outcomes.
  • Benchmark / approved answers — manager-saved ideal responses for a given objection or scenario.
  • Scenario / objection bank content — starter scenarios we provide, plus custom scenarios and coaching notes authored by managers, solo users, or generated via the AI-suggestion tool.
  • Synthetic scenario audio files — AI text-to-speech audio generated from scenario text and stored in our Supabase Storage bucket for reuse across practice attempts.
  • Participation & activity metadata — counts of huddles, submissions, scenario approvals; onboarding events; admin audit events.
  • Stripe billing identifiers — Stripe customer ID, subscription ID, plan tier, billing status, and trial dates. Stripe stores your payment-method information; we do not store raw card numbers.
  • Invite tokens — hashed personal invite tokens and their scope.
  • Support correspondence — if you email support, we retain the message as needed to respond.

4. How We Use Information

We use the information we collect to: provide and operate the Service; transcribe and score voice submissions; show managers their team's submissions, transcripts, scores, and feedback; run practice readiness checks; bill paid plans; troubleshoot issues; and improve the Service. AI outputs are coaching aids only, not employment evaluations.

5. Audio Handling

Raw rep voice submissions are deleted after successful transcription and scoring. When a rep records a response, the audio is uploaded to a private Supabase Storage bucket and sent to our transcription provider. Once we have written the transcript and AI score back to the database, our pipeline removes the underlying audio file from storage. After that point, only the transcript, AI score, structured feedback, and submission metadata are retained long-term.

Failed processing. If transcription or scoring fails, the underlying audio may be temporarily retained so we can retry or investigate the failure. If you need a failed submission removed, contact support and we will delete the submission and any retained audio.

Synthetic scenario audio.Objection and scenario voices played to reps are AI text-to-speech generated from scenario text using a single configured ElevenLabs voice. They are not recordings of any real person and are not designed to impersonate or clone any specific individual's voice. Audio for an approved scenario is generated once and reused on later practice attempts.

6. Manager & Team Visibility

Reps' transcripts, AI scores, and coaching feedback are visible to the team's manager / owner. Reps can see their own submissions and feedback. Participants may be shown an in-app notice before recording; that notice is remembered on the device or browser only and is not stored by us as a consent or acknowledgment record. If you administer a team, you are responsible for telling participants about recording, transcription, AI scoring, and manager visibility, and for providing any required notices and obtaining any legally required consents.

7. Sub-Processors

We rely on the following third-party processors to operate HuddleRoutine. They process your data on our behalf under their own privacy and security commitments:

  • Supabase — managed PostgreSQL database, authentication, and private object storage for audio assets.
  • Railway — application hosting.
  • OpenAI — speech-to-text transcription and AI scoring / coaching feedback.
  • ElevenLabs — synthetic text-to-speech audio for objection / scenario prompts. Used only with scenario text and a single configured voice. Not used to clone or impersonate any real person.
  • Stripe — payment processing, subscription management, and storage of payment-method information for paid plans.
  • Resend — transactional email delivery when you submit a Guided Pilot or Custom plan contact form on our website. We send your name, email, and message to our support inbox so we can follow up. Account sign-in emails are still sent by Supabase Auth.

We do not currently use SendGrid, Sentry, PostHog, Mixpanel, Google Analytics, or other analytics or email-marketing providers.

8. Retention

Manager, team, and rep profile data are retained for the life of your account. Raw rep voice submissions are deleted shortly after successful transcription and scoring (see Section 5). Transcripts, AI scores, structured feedback, and submission metadata are retained until the related team account or submission is deleted. Synthetic scenario audio (the AI text-to-speech files of scenarios) is retained as long as the parent scenario exists. You may request deletion of your account or specific content by emailing support.

9. Security

We use commercially reasonable safeguards including TLS in transit, encrypted storage at rest via our cloud providers, row-level security in PostgreSQL, private storage buckets, and scoped invite tokens. No system is perfectly secure; you use the Service at your own risk.

10. California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA), including the right to know what personal information we collect about you, the right to request deletion of personal information we hold about you, the right to correct inaccurate personal information, and the right not to be discriminated against for exercising these rights. We do not sell personal information and do not share personal information for cross-context behavioral advertising. To exercise these rights, email [email protected].

11. Other US State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws. We do not sell personal information and do not use personal information for cross-context behavioral advertising. To exercise rights described below, email [email protected]. We will not discriminate against you for exercising these rights.

Texas residents (Texas Data Privacy and Security Act): You may have the right to know what personal data we process, to access, correct, and delete personal data, and to opt out of certain processing where applicable.

Virginia residents (Virginia Consumer Data Protection Act): You may have the right to confirm whether we process your personal data, to access, correct, delete, and obtain a portable copy of personal data you provided, and to opt out of targeted advertising, the sale of personal data, and certain profiling.

Colorado residents (Colorado Privacy Act): You may have similar rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling.

Connecticut residents (Connecticut Data Privacy Act): You may have similar rights to access, correct, delete, obtain a copy of, and opt out of certain processing of your personal data.

Utah residents (Utah Consumer Privacy Act): You may have the right to know what personal data we process, to access and delete personal data, and to opt out of the sale of personal data and certain targeted advertising.

If you believe another state's privacy law gives you additional rights, contact us at the email above and we will respond as required by applicable law.

12. Children

HuddleRoutine is not directed to and is not intended for use by anyone under 18. We do not knowingly collect personal information from children under 18. If you believe a child has submitted information, contact us and we will delete it.

13. Cookies & Tracking

We use first-party cookies and local storage required for authentication (Supabase Auth session) and to remember small UI preferences such as whether you have seen the in-app recording notice on this device or browser. That preference is stored locally in your browser and is not written to our servers as a consent or acknowledgment record. We do not currently use third-party analytics or advertising trackers.

14. Contact

Vermilion Holdings LLC, Arizona, USA. For privacy questions or data requests, email [email protected].