PTCC
Login

Legal

Privacy Policy

Effective date: June 28, 2026

This policy explains what data PTCC collects when you use our platform — including during live graded consultation sessions — how we store it, who can see it, and what controls you have over it.

1.Data Controller

PTCC (“we,” “us,” or “our”) operates the platform available at ptcc.io. For the purposes of applicable data-protection law, PTCC is the data controller responsible for the personal data described in this policy.

Questions about this policy or requests relating to your personal data should be directed to privacy@ptcc.io.

2.Information We Collect

Account information

When you register, we collect your name, email address, and profile details through our authentication provider, Clerk. If your account belongs to an organisation, we also record your organisation membership and role.

Voice and audio data

Our platform conducts live simulated sales consultations. With your explicit consent before each session, we capture audio from your device microphone using the browser's WebRTC API. This audio stream is transmitted over an encrypted connection and stored as a compressed audio file in Cloudflare R2 object storage. See Section 3 for full detail.

Session transcripts and assessment records

Each session produces a text transcript of the conversation, a criterion-by-criterion rubric evaluation generated by our automated scoring system, a numerical score, and a pass/fail determination. These records are stored in our database linked to your account.

Payment information

Payment card details are collected and processed exclusively by Stripe. We store only a tokenised reference and your Stripe customer ID — no raw card numbers are held on our systems.

Usage and technical data

We log standard server-access information: IP address, browser type, operating system, pages visited, timestamps, and referring URL. This data is used for security monitoring, debugging, and aggregate analytics.

Contact form submissions

If you contact us through the website form, we store your name, email address, phone number, and message content.

3.Voice & Session Data

This section covers the data category most specific to our platform. Please read it carefully before conducting your first session.

How audio is captured

Sessions are conducted through your browser using WebRTC — the same industry-standard protocol used for video conferencing. Your browser prompts you to grant microphone access before any session begins. You may decline; doing so will prevent session participation.

Transmission and storage

Audio is encrypted in transit using TLS. On session completion, the recording is stored as a compressed audio file in Cloudflare R2 — a globally distributed object storage service. Files are stored in a private, access-controlled bucket and are not publicly accessible.

Automated evaluation

Session audio is transcribed and evaluated by our automated scoring system against a standardised rubric covering six consultation criteria: frame-setting, problem discovery, past-fault discovery, solution mapping, objection handling, and closing. The system produces a score for each criterion and an aggregate percentage. No PTCC employee reviews your audio as part of the standard grading process.

Who can access your recordings

  • You — accessible from your dashboard at any time during the retention period.
  • Your organisation administrator — if your account belongs to a gym or organisation, the designated admin can view your session scores and transcript summaries. Organisation admins cannot export raw audio files.
  • PTCC support staff — may access recordings when investigating a disputed score or technical fault, with access logged for audit purposes.
  • No one else — recordings are not shared with, sold to, or licensed to any third party, including for machine-learning training purposes.

4.How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery. Operating your account, enabling consultation sessions, calculating and recording scores, and issuing certifications.
  • Performance assessment. Running our automated scoring pipeline on your session audio and producing the criterion-level breakdown displayed in your dashboard.
  • Organisation reporting. Providing aggregate and individual progress data to administrators of organisations to which you belong.
  • Platform communications. Sending transactional messages — certification results, receipts, and account notifications. We do not send promotional email without your separate consent.
  • Security and fraud prevention. Monitoring access logs to detect unauthorised access and maintain platform integrity.
  • Legal compliance. Retaining records as required by applicable law and responding to lawful regulatory requests.

We do not use your data to build advertising profiles or sell your information to data brokers.

5.Sharing & Subprocessors

We share data with the following service providers solely to operate the platform. Each is bound by a data processing agreement.

SubprocessorPurpose
ClerkIdentity & authentication
StripePayment processing
Cloudflare R2Session recording storage
ResendTransactional email
Cloud hostApplication hosting & database

Beyond these subprocessors, we disclose data only when required by a court order or regulatory obligation, or to protect the safety of our users. We will notify you of any legally-required disclosure where permitted to do so.

6.Retention

  • Session audio files — retained for 24 months from the session date, then permanently deleted from Cloudflare R2.
  • Session transcripts and scores — retained for the lifetime of your account plus 24 months after account closure.
  • Certification records — retained for 7 years to satisfy potential employer-verification or regulatory requests.
  • Account data — retained until you request deletion, subject to any active legal holds.
  • Contact form submissions — retained for 12 months unless earlier deletion is requested.
  • Server access logs — retained for 90 days for security purposes.

7.Your Rights

Subject to applicable law, you have the following rights regarding your personal data. To exercise any of them, email privacy@ptcc.io. We will respond within 30 days.

  • Access. Request a copy of all personal data we hold about you.
  • Correction. Ask us to correct inaccurate or incomplete data.
  • Deletion. Request erasure of your data. Where a legal obligation requires us to retain certain records, we will inform you of the applicable period.
  • Portability. Receive your data in a structured, machine-readable format.
  • Objection. Object to processing based on our legitimate interests.
  • Withdraw consent. For processing based solely on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the supervisory authority in your jurisdiction.

8.Security

We implement technical and organisational measures appropriate to the risk, including: TLS encryption for all data in transit; encryption at rest for stored audio files; access controls limiting staff access to personal data on a need-to-know basis; audit logging of administrative access to session recordings; and regular review of third-party subprocessor security postures.

No system is fully impenetrable. If you discover a potential vulnerability, please contact security@ptcc.io before public disclosure.

9.Changes to This Policy

We will post any changes to this policy on this page and update the effective date. Where a change materially affects how we process your data, we will notify you by email at least 14 days before the change takes effect. Continued use of the platform after that notice constitutes acceptance.

10.Contact

For privacy-related questions, data subject requests, or to report a concern:

PTCC — Data Privacy

Email: privacy@ptcc.io

Terms of ServiceCookie Policy