Privacy Policy

Account data. When you sign up, we collect your name, email address, and a hashed password. We use this to create and secure your account.

Session data. Every practice session you run — the scenario you chose, the persona you described, the conversation transcript, your difficulty setting, and the generated debrief — is stored and tied to your account. This is the core of the product: without it we can’t show you history, track progress, or generate your debrief.

Usage data. We collect anonymized analytics about how you use the product — which pages you visit, how long sessions run, where you drop off. This is aggregate data used to improve the product.

Billing data. If you subscribe, your payment is processed by Stripe. We never see or store your card number. We store your Stripe customer ID and subscription status.

Emails. We store your email to send transactional messages (verification, receipts). If you opt in, we may send product updates.

We use your data to run the product — delivering sessions, generating debriefs, and showing you your history and progress. We don’t sell your data. We don’t use your conversation transcripts to train AI models. We don’t share your data with third parties except the service providers listed below, and only to the extent needed to operate the product.

Running Reps requires several third-party services. Each has its own privacy policy.

• Supabase — database and authentication. Your account data and session data is stored here.
• Anthropic — powers the AI role-play and debrief generation. Session transcripts are sent to Anthropic’s API to generate responses. Anthropic’s enterprise API does not use API inputs to train models.
• Stripe — payment processing. Handles all billing and subscription management.
• IONOS / SMTP — transactional email. Sends your verification codes and receipts.
• PostHog — product analytics. Anonymized usage events only; no conversation content.

We keep your account data and session history for as long as your account is active. If you delete your account, we delete your data within 30 days, except where required by law (e.g., billing records).

Inactive free accounts (no login in 12 months) may be deleted after 30 days’ notice to your email.

You can access, export, or delete your data at any time. To do so, email us at hello@maisongr.com and we’ll respond within 5 business days.

If you’re in the EU or UK, you have additional rights under GDPR and UK GDPR — including the right to object to processing, request restriction, and lodge a complaint with your local supervisory authority.

If you’re in Quebec or elsewhere in Canada, you have rights under Law 25 (Law modernizing provisions relating to the protection of personal information).

We use a session cookie to keep you logged in. We don’t use tracking cookies or advertising cookies. PostHog analytics uses a first-party cookie that can be blocked without affecting core functionality.

Passwords are hashed. Data in transit is encrypted via TLS. We follow reasonable industry practices for security. No system is perfectly secure — if you discover a vulnerability, please email us rather than exploiting it.

Reps is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we’ll delete it promptly.

If we make material changes, we’ll notify you by email at least 14 days before they take effect. The “last updated” date at the top of this page always reflects the current version.

Questions about this policy or your data: hello@maisongr.com

Maison GR, Canada.