Privacy Policy
Effective Date: June 16, 2026 · Last Updated: June 16, 2026
1. Who We Are
ObjectionPro is a sales objection training platform operated by Pablo Ruiz Acevedo, registered in Quebec, Canada.
- Privacy Officer: Pablo Ruiz Acevedo
- Email: swpruizacevedo@gmail.com
- Mailing Address: 102 impasse d'anticosti, Gatineau, QC J8V 0A4, Canada
Under the GDPR, we are the data controller.
2. Information We Collect
Information you provide directly
- Account information: email address, name, password (managed by auth provider, not stored in plaintext)
- Professional profile: job role, industry, product/service description
- Sales preferences: sales channel (B2B, D2D, Inside Sales, Creator Sales), difficulty, language, UI theme
- Practice content: responses during AI roleplay, custom objection scenarios, voice recordings
- Game Film uploads: audio or text files for AI coaching
Information generated through use
- Practice session records: scores, duration, category, pass/fail
- Mastery tracking: progress per objection (New, Practicing, Mastered)
- Streak and milestone data
- Daily challenge participation
- AI-generated content: battle cards, personalized packs, coaching analysis
Information collected automatically
- Authentication tokens (required for function)
- Basic request metadata via hosting provider (IP, browser type, timestamps)
Information we do NOT collect
- No advertising or third-party tracking cookies
- No analytics services like Google Analytics
- No payment card numbers (handled by Stripe)
3. How We Use Your Information
- Providing the Service: authentication, AI roleplay, scoring, mastery tracking, personalization
- AI-powered features: text sent to Google Gemini for roleplay, evaluations, battle cards, packs, coaching
- Subscription management: Stripe billing
- Service improvement: aggregate usage patterns only; we never sell your data
- Communication: transactional emails only unless you explicitly opt in for marketing. You can opt in at signup or in Settings, and withdraw anytime through Settings or the unsubscribe link. Consent records are retained for 3 years per CASL.
Legal basis (GDPR): contract performance, legitimate interest, consent for marketing.
4. Third-Party Service Providers
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Auth + database | Email, name, profile, sessions, mastery | West EU (Ireland) |
| Google Gemini API | AI features | Practice text, scenarios, Game Film uploads | Google Cloud servers |
| Stripe | Payments | Email, customer ID (no card numbers) | United States |
| Vercel | Hosting | Request metadata (IP, headers) | Global edge network |
| Sentry | Error monitoring | Error stack traces, app state (PII disabled) | United States |
Important notes about Gemini API: We use Google Gemini's paid API tier, meaning your data is not used for model training. However, content is processed on Google's servers.
Game Film uploads: If you upload recordings of calls with other people, you are responsible for obtaining their consent to share the recording. We recommend anonymizing recordings where possible.
We do not sell, rent, or trade personal information.
5. Data Retention
- Account data: Retained while your account is active. You can delete your account at any time using the Delete Account button in Settings. All data is removed immediately; backups are purged within 30 days.
- AI request logs: Retained for 7 days for rate limiting purposes. The daily limit of 50 AI interactions is tracked and resets at midnight UTC.
- Email consent records: Retained for a minimum of 3 years per CASL requirements.
- Stripe billing data: Retained per Stripe's own retention policies.
6. Your Rights
All users may: access their data, request correction, request deletion (self-service via Settings or by emailing us), and request data portability (JSON/CSV export).
EU residents (GDPR): You additionally have the right to restrict or object to processing, and to lodge a complaint with your local Data Protection Authority.
Quebec residents (Law 25): You have the right to de-indexation and to information about automated decision-making. Note that AI scoring in ObjectionPro is training feedback only and does not make decisions that produce legal or significant effects.
California residents (CCPA/CPRA): You have the right to know, delete, and opt out of sale of personal information. We do not sell personal information.
Canadian residents (PIPEDA): You have the right to access, correct, challenge compliance, and withdraw consent.
To exercise any of these rights, contact us at swpruizacevedo@gmail.com. We respond within 30 days.
7. Data Security
We implement the following security measures:
- TLS/HTTPS encryption for all data in transit
- Row-Level Security (RLS) in the database
- Authenticated AI proxy to protect API keys
- Per-user rate limiting
- Passwords managed by Supabase Auth (never stored in plaintext)
- Service role key not exposed to the frontend
No system is 100% secure. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.
8. International Data Transfers
Your data may be transferred to and processed in the United States (Stripe, Vercel, potentially Google and Supabase). For transfers from the EU, we rely on Standard Contractual Clauses. For transfers from Quebec, we conduct an adequate protection assessment as required by Law 25.
9. Children's Privacy
ObjectionPro is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16.
10. Cookies and Local Storage
We use essential storage only:
- Supabase authentication token (required for login)
- localStorage for app state (theme, language, preferences)
We do not use advertising cookies, tracking cookies, or analytics cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a new "Last Updated" date. For material changes, we will notify you by email or through an in-app notification.
12. Users in Other Jurisdictions
ObjectionPro is available worldwide. This policy is designed to cover the requirements of the GDPR, Quebec's Law 25, PIPEDA, and the CCPA/CPRA.
If you are located in another jurisdiction, we will honor your data protection rights upon request, including those under the UK GDPR, Brazil's LGPD, Australia's Privacy Act, Japan's APPI, South Korea's PIPA, Mexico's LFPDPPP, and Singapore's PDPA.
13. Contact Us
- Email: swpruizacevedo@gmail.com
- Privacy Officer: Pablo Ruiz Acevedo
- Mailing Address: 102 impasse d'anticosti, Gatineau, QC J8V 0A4, Canada
If you are not satisfied with our response, you may lodge a complaint with your local authority:
- EU: Your local Data Protection Authority (DPA)
- Quebec: Commission d'accès à l'information (CAI)
- Canada: Office of the Privacy Commissioner (OPC)
- California: California Privacy Protection Agency (CPPA)
- UK: Information Commissioner's Office (ICO)
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)