Privacy Policy

Welcome to Sales Stage AI.

This Privacy Policy explains how we collect, process, store, and protect personal data in connection with the use of our platform and services.

Sales Stage AI provides AI-assisted sales simulations and structured competency evaluations for recruitment and hiring processes. Client companies can send candidates individual access links through which candidates conduct a simulated sales conversation with an AI system. The client then receives a structured analysis of the candidate's conversational performance.

We are committed to handling personal data responsibly and in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the EU AI Act (Regulation (EU) 2024/1689).

As a company incorporated and operating under German and EU law, we are bound by some of the most rigorous data protection legislation in the world. We apply these standards uniformly to all users of our platform, regardless of where they or their candidates are located. This means that even where local law in your jurisdiction would permit less, you and your candidates still benefit from the same level of data protection.

("Sales Stage AI", "we", "us", or "our")

For any questions about data protection or to exercise your rights, please contact the email address above. We respond to all requests as soon as possible.

The use of Sales Stage AI involves two distinct user groups with clearly separated data protection roles.

Companies and professionals who use this platform to evaluate candidates are Data Controllers within the meaning of Art. 4 (7) GDPR. They determine which candidates are assessed, configure sales scenarios and requirement profiles, and receive the resulting evaluations. Responsibility for ensuring a valid legal basis in relation to candidates rests solely with the respective client company.

Sales Stage AI processes candidate data exclusively on behalf of and pursuant to documented instructions from clients, acting as a Data Processor pursuant to Art. 28 GDPR. A Data Processing Agreement (DPA) is concluded with each client for this purpose.

Candidates who complete a simulation are data subjects under the GDPR. They are entitled to the full protections of the Regulation and may exercise their rights against the respective client as Controller and, where Sales Stage AI is directly involved, directly against us.

4.1 Customer Data (B2B Users)

To provide and operate this platform, we process data relating to our customers, including name and company email address, company affiliation and role, billing and payment data, access credentials and authentication information, as well as platform usage data such as login timestamps, positions created, and assessment links sent. We also process technical data including IP address, browser type, device information, and log files that are necessary for the secure operation of the platform. This processing is carried out on the basis of Art. 6 (1) (b) GDPR insofar as it is necessary for the performance of the contract with the respective customer and additionally on the basis of Art. 6 (1) (f) GDPR in respect of legitimate interests in platform security and optimisation.

4.2 Candidate Data

In the course of conducting a candidate simulation, we process the following personal data: the candidate's first and last name and email address as provided by the client, the audio recording of the simulated conversation, the automatically generated transcript of that recording, and the AI-generated performance analysis including the performance score.

The performance score is derived from two sources: First, it reflects the position-specific requirements that the client has configured in advance within the platform. Second, it draws on a standardised framework of measurable conversational competencies. Depending on the scenario type selected, the following competencies are evaluated:

• For sales scenarios: needs analysis, persuasion, objection handling, closing ability, rapport building, and adaptability.
• For advisory and support scenarios: communication skills, problem diagnosis, ownership, composure under pressure, solution focus, empathy, and adaptability.

The score is expressly not a measure of general suitability, personality, cognitive ability, or cultural fit. It relates exclusively to the conversational performance, demonstrated within the simulation as configured by the client.

The processing of candidate data is based on the candidate's explicit consent pursuant to Art. 6 (1) (a) GDPR, obtained before the simulation commences via the consent screen. Art. 6 (1) (b) GDPR may additionally apply insofar as the processing takes place within the framework of the pre-contractual relationship between the candidate and the respective client.

We process personal data only to the extent necessary for the following purposes:

• Providing and operating this platform
• Conducting AI-assisted sales and support simulations
• Generating transcripts and structured competency evaluations
• Supporting recruitment and hiring processes of our clients
• Ensuring platform security, stability and a reliable user experience
• Customer support and communication
• Fulfilling legal obligations
• Billing and payment processing

Sales Stage AI provides structured performance insights intended to support human evaluation processes. Final responsibility for any hiring decisions rests solely with the client as the responsible employer, in all cases.

Candidates are expressly informed in clear and understandable terms before commencing a simulation, that they are interacting with an AI system and that the conversation will be recorded and analysed. Scores and evaluations generated by the platform serve exclusively as decision-support tools for human reviewers at the respective client. This platform does not autonomously accept, reject, rank, or recommend any candidate for progression or hire. No candidate is promoted, shortlisted, or suggested by the AI on the basis of their assessment results. All evaluations are reviewed by a human reviewer, before any hiring decision is made on the basis of those evaluations.

Voice recordings processed through this platform are used exclusively for the purpose of evaluating conversational performance,within the respective simulation scenario. They are not used for biometric identification, speaker recognition, identity verification, or similar biometric profiling purposes. No biometric profiles within the meaning of Art. 9 GDPR are created, or maintained. This platform does not perform emotion recognition, lie detection, or psychological profiling of any kind. No inferences about a candidate's emotional state, personality traits, or psychological characteristics are drawn from voice recordings or any other data processed through the platform.

We place particular importance on storing personal data within the European Union. All candidate data — including transcripts, analyses, scores, and candidate profiles — is stored in a database infrastructure operated exclusively in Germany (Frankfurt am Main, EU). Voice recordings are stored in a cloud storage infrastructure, also operated in Germany (Frankfurt am Main, EU).

Certain processing operations, in particular AI-assisted transcription and conversation analysis, are carried out by trusted service providers, some of whom are based outside the EU. Where personal data is transferred to third countries in this context, such transfers take place exclusively on the basis of appropriate safeguards pursuant to Art. 46 GDPR, specifically through Standard Contractual Clauses (SCC) adopted by the European Commission. The web application is delivered via an international content delivery infrastructure; no personal candidate data is permanently stored outside the EU in this context.

We engage carefully selected sub-processors who process personal data exclusively on our behalf and in accordance with our documented instructions. Data Processing Agreements pursuant to Art. 28 GDPR have been concluded with all sub-processors. We use service providers in the following categories:

Upon reasonable request, we provide clients with a complete list of sub-processors engaged by name, within the framework of a Data Processing Agreement.

We do not sell or rent personal data to third parties and have never done so. No personal data is shared for the purposes of third-party advertising or marketing.

Where data is transferred to service providers outside the European Economic Area in the context of AI-assisted analysis and transcription, this takes place exclusively on the basis of Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR, as adopted by the European Commission. All relevant service providers have signed the applicable agreements and are contractually obligated to comply with European data protection standards. Personal data is transferred only to the extent strictly necessary for the respective processing purpose and is not permanently stored outside the EU.

We store personal data only for as long as necessary for the respective processing purpose or as required by applicable statutory retention obligations.

Assessment links are valid for 14 days from the time of their creation. After this period, the link expires automatically and can no longer be used to access the simulation. All candidate data is automatically and irreversibly deleted 90 days after the simulation is completed. Clients or candidates may request earlier deletion at any time by contacting [privacy@domain.com]. Upon account deletion, all associated candidate data and account information will be permanently deleted within 30 days.

Data subjects are entitled to comprehensive rights under the GDPR. These include:

• The right of access to personal data held about them (Art. 15 GDPR)
• The right to rectification of inaccurate data (Art. 16 GDPR)
• The right to erasure under the so-called right to be forgotten (Art. 17 GDPR)
• The right to restriction of processing (Art. 18 GDPR)
• The right to data portability in a structured, commonly used format (Art. 20 GDPR)
• The right to object to certain processing activities (Art. 21 GDPR)

Where processing is based on consent, that consent may be withdrawn at any time pursuant to Art. 7 (3) GDPR without providing any reason and without affecting the lawfulness of processing, carried out prior to withdrawal.

To exercise any of these rights, an informal request to [privacy@domain.com] is sufficient.

We process all requests within 30 days. Independently of the above, data subjects have the right to lodge a complaint with the competent supervisory authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or, depending on the federal state of the controller, the competent state data protection authority.

Candidate data — including voice recordings, transcripts, and AI-generated analyses — is not used to improve, train, or further develop AI models, neither by Sales Stage AI nor by any engaged third-party provider.

We have actively and verifiably disabled the use of candidate data for AI training purposes with all AI service providers we engage. This requirement is also a binding component of the Data Processing Agreements concluded with the respective providers. For all candidate data, processed by third-party providers in the course of speech transcription and analysis, the following applies without exception: no use as a basis for model training, fine-tuning, or model improvement takes place — neither automatically nor on an optional basis.

Under the EU AI Act (Regulation (EU) 2024/1689), Sales Stage AI may fall within the scope of AI systems used in employment and personnel management, as described in Annex III, No. 4. We take the associated regulatory obligations seriously and implement appropriate technical and organizational measures accordingly:

• All AI-generated evaluations serve exclusively as decision-support tools and no automated hiring or rejection decisions are made. This platform does not accept, reject or recommend any candidate for progression or hire
• Candidates are informed in clear terms before commencing the simulation that they are interacting with an AI system and that the conversation will be recorded and analysed. Prior to starting, candidates are provided with access to this Privacy Policy, which sets out what data is collected, how it is used, how long it is retained, and how they can exercise their rights — including the right to withdraw consent or request deletion of their data at any time.
• The assessment criteria applied are fully documented and traceable by clients
• Only the data strictly necessary for the assessment purpose is collected
• We maintain an internal risk register that is reviewed and updated on a regular basis

To protect personal data against unauthorised access, loss, or misuse, we implement appropriate technical and organisational measures in accordance with Art. 32 GDPR. These include in particular:

• Encryption of all stored data
• Encryption of all data transmissions via TLS/HTTPS
• Strict access control and authentication procedures
• Organisational isolation of customer data through multi-tenancy architecture
• Regular security reviews

We note that no online platform can guarantee absolute security. In the event of a personal data breach, the competent supervisory authorities will be notified within 72 hours of us becoming aware of the incident, in accordance with Art. 33 GDPR. Affected individuals will be informed without undue delay pursuant to Art. 34 GDPR where the breach is likely to result in a high risk to their rights and freedoms.

This platform uses only technically necessary cookies that are strictly required for the secure operation of the application, such as for managing authentication sessions. No tracking cookies, third-party analytics tools, or advertising cookies are used. Candidates accessing the simulation page via a personal access link, are managed exclusively through technically necessary session cookies. No further tracking of user behaviour takes place.

Our platform is directed exclusively at businesses and adults participating in professional recruitment processes. It is not intended for use by individuals under the age of 16 and we do not knowingly collect personal data from minors. Should we become aware that a person under 16 has submitted personal data through our platform, that data will be deleted without undue delay. Please direct any related concerns to [privacy@domain.com].

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or developments to the platform. The current version is always available at [www.salesstage.ai/privacy]. In the event of material changes affecting the rights of data subjects, registered customers will be informed in advance by email.

For questions, comments, or to exercise your data protection rights, please contact: