privacy policy
Last updated June 20, 2026. This page explains how Brutus AI handles website, account, call coaching, billing, support, and product data.
what this policy covers
This policy covers the public website at brutusai.coach, the Brutus AI app at app.brutusai.coach, the desktop app, support communications, and product features that process sales call data.
who controls your data
Brutus AI is operated by La Rios Co LLC. For privacy questions or requests, email hello@brutusai.coach.
information we collect
Depending on how you use Brutus AI, we may process the following categories of information:
- account information, such as your name, email address, password hash, verification status, settings, and login/session metadata
- billing information, such as token purchases, Stripe customer/payment references, invoices, payment status, and related transaction records
- call coaching data, such as transcripts, call metadata, coaching feedback, summaries, talk ratio, interruption counts, scores, outcomes, tags, notes, and research generated or saved in the app
- desktop app settings, such as selected audio/voice settings, source preferences, and local app configuration
- support and contact information, such as emails you send us, support requests, company details, and message contents
- technical and security data, such as IP address, device/browser metadata, request logs, audit logs, authentication events, error logs, and abuse-prevention signals
- marketing and product communication data, such as email delivery status, engagement with onboarding messages, and preferences where available
how we use information
We use personal data for the following purposes:
- to create, verify, secure, and manage user accounts
- to provide real-time sales coaching, call analysis, transcripts, notes, research, summaries, and related product features
- to process purchases, token balances, receipts, refunds, and billing support
- to respond to support, privacy, partnership, and product questions
- to send onboarding, account, verification, password reset, product, and service emails
- to detect abuse, protect accounts, enforce limits, investigate errors, and maintain service reliability
- to improve product quality, user experience, and site performance
lawful bases for processing
If GDPR or UK GDPR applies to you, we rely on the following lawful bases:
- contract: to provide the app, account, call coaching, billing, support, and core product features you request
- legitimate interests: to secure the service, prevent abuse, improve the product, understand usage, respond to business inquiries, and maintain reliable operations
- legal obligation: to keep records required for tax, accounting, compliance, dispute handling, or lawful requests
- consent: where we ask for consent for optional communications or processing that requires it
AI processing and call content
Brutus AI processes sales call content to provide coaching, summaries, feedback, notes, and related features. Do not include sensitive personal data in calls or prompts unless it is necessary for your sales workflow and you have the right to process it. You are responsible for getting any required call consent from prospects, customers, or participants before using Brutus AI on a call.
Transcription order. Raw call audio is sent to our speech-to-text providers (Groq as primary, OpenAI Whisper as fallback) to produce a transcript. Pattern-based redaction then runs on the transcript text before Brutus stores it long-term. Uploaded audio is processed in memory and is not stored as audio files in our database.
Live coaching. During live coaching, Brutus may send recent transcript text and occasional screen captures from your coaching view to Anthropic (Claude) to generate in-the-moment feedback. Screen captures are processed for coaching and are not stored as image files in our database.
Behavioural coaching profile. Brutus infers a coaching profile from your calls (for example talk ratio, close rate, strengths, habits to watch, and a summary). You can view this in the app Profile page and reset it at any time. It is included in data export and deleted when you delete your account.
sub-processors and service providers
We do not sell your personal information. The table below lists the main providers that process personal data on our behalf. Each processes data only to provide services to us under contractual terms. Data processing agreements (DPAs) are executed or in progress where required by law.
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Anthropic (Claude) | AI sales coaching, call analysis, live coaching, chat | Redacted transcripts, coaching context, screen captures during live coaching | United States |
| Groq | Primary speech-to-text transcription | Raw call audio (before transcript redaction) | United States |
| OpenAI (Whisper) | Fallback speech-to-text transcription | Raw call audio (before transcript redaction) | United States |
| ElevenLabs | Text-to-speech for roleplay voice | Text prompts, voice selection | United States / EU (confirm with provider) |
| Resend | Transactional email | Email address, name | United States |
| Stripe | Payments and billing | Billing identity, payment method metadata | United States |
| PostHog | Product analytics (web app and backend) | Pseudonymous user ID and event properties; backend events do not include email or name | United States |
| Supabase | PostgreSQL database hosting | Application data at rest (transcripts, account data, coaching outputs) | United States (us-west-2) |
| Railway | Backend API hosting | Runtime logs (PII minimized where possible) | United States |
| Vercel | Frontend and marketing site hosting | Static assets, edge logs | Global |
| Brave Search | AI research feature | Research query strings | United States |
Brutus does not use the Supabase Data API or Supabase Auth. Our backend connects to PostgreSQL directly via Prisma.
We do not persistently store user-uploaded video files. Video uploads, when supported, are processed in memory for transcription like audio.
sharing beyond service providers
We may disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition. We do not sell personal information.
international transfers
Brutus AI is operated from the United States. If you access the service from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate. Where required, we rely on appropriate safeguards such as contractual protections or other legally recognized transfer mechanisms.
retention
We keep personal data only as long as reasonably needed for the purposes described in this policy, unless a longer period is required for legal, tax, accounting, security, fraud-prevention, or dispute-resolution reasons.
- Account data is kept while your account is active and deleted when you delete your account (subject to limited legal/billing records below).
- Call transcripts are stored while your account is active. Automated retention clears transcript text from calls older than 90 days, while keeping call metrics (scores, duration, tags, etc.). Coaching feedback JSON may remain after transcript text is cleared.
- Live session data (in-progress coaching sessions) is deleted after 90 days when completed or cancelled. Sessions abandoned for more than 24 hours are marked cancelled.
- Research queries (prospect/company lookups) are deleted after 90 days.
- Notes are kept while your account is active until you delete your account or the related session is removed.
- Audit and security logs are kept for up to 365 days, then deleted automatically.
- Billing and transaction records may be kept as required for accounting, tax, refund, and fraud-prevention obligations.
- Support emails are kept as long as needed to handle the request and maintain business records.
your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent where processing is based on consent, and the right to lodge a complaint with your local data protection authority.
Brutus AI provides in-app account export and deletion tools where available. You can also email hello@brutusai.coach to make a privacy request. We may need to verify your identity before completing a request.
account deletion and export
You can request or use available product controls to export your data or delete your account. Deleting your account is intended to permanently remove account data and related product data from active systems, subject to limited records we must retain for legal, billing, security, fraud-prevention, backup, or dispute-resolution purposes.
security
We use administrative, technical, and organizational safeguards designed to protect personal data, including authentication controls, TLS encryption in transit, infrastructure-level encryption at rest (via our database and cloud providers), access controls, audit logging, security headers, rate limits, and operational monitoring. Brutus does not apply separate application-level encryption to individual transcript fields in the database. No online service can guarantee absolute security, but we work to protect the data entrusted to Brutus AI.
cookies and similar technologies
The Brutus app uses an HttpOnly session cookie (brutus_session) for authentication. This cookie is not accessible to JavaScript on the page. PostHog may set analytics cookies on the web app. The app may use limited localStorage for non-auth preferences (for example roleplay voice selection). We do not use these technologies to sell personal data.
children
Brutus AI is not intended for children. Do not use Brutus AI if you are under 18 years old.
HIPAA and protected health information
Brutus AI is not intended for HIPAA-regulated use or for processing protected health information (PHI) unless Brutus AI has signed a Business Associate Agreement with your organization. Do not upload, transmit, record, or process patient health information, medical records, treatment information, insurance details tied to an individual, or other PHI through Brutus AI unless that written agreement is in place.
changes to this policy
We may update this policy as Brutus AI changes. If an update materially changes how we handle personal data, we will take reasonable steps to notify users through the site, app, or email.
contact and requests
If you have a privacy question, email hello@brutusai.coach.