FeaturesPricingAboutPartnersSign In
SMVueSMVue
Sign InStart Free Trial
FeaturesPricingAboutPartnersSign In

  • Features
  • Pricing
  • About
  • Privacy
  • Terms
  • Security
  • AI
  • Partners
  • Status
© 2026 SMVue. All rights reserved.

Privacy Policy

Last updated: April 2026

Introduction

SMVue, Inc. ("SMVue," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Rep Relationship Management platform and related services (the "Service").

Information We Collect

Information You Provide

We collect information you provide directly, including:

  • Account information — name, email address, and password (hashed with bcrypt, never stored in plain text)
  • Organization information — company name, industry, team structure
  • CRM data — when you connect your CRM (HubSpot, Salesforce, or Pipedrive), we sync deals, contacts, companies, activities, pipelines, and related records to provide coaching insights. All CRM access is read-only; we never write data back to your CRM.
  • Calendar data — when you connect Google Calendar, we sync your calendar events to power meeting preparation and scheduling features
  • Coaching content — meeting notes, coaching session notes, action items, skill assessments, and other content you create within the Service
  • Meeting transcripts — transcripts you upload for AI-powered analysis
  • Payment information — processed by Stripe; we do not store your credit card number

Information Generated by the Service

Our AI features create and store derived content based on your data, including:

  • Daily Briefs — AI-generated daily summaries of team activity and priorities
  • Meeting Prep — AI-generated agendas, coaching tips, and performance context for upcoming 1:1 meetings
  • Sales Coach conversations — your conversations with the AI coaching assistant, including message history
  • Coaching insights — AI-generated observations about rep performance, deal health, and pipeline trends
  • Skill assessments — manager-created evaluations stored alongside AI-generated coaching recommendations

This derived content is stored in your account and is subject to the same data protection as your directly provided information.

Automatically Collected Information

When you use our Service, we automatically collect:

  • Device information — browser type, operating system, device type
  • IP address — used for security (rate limiting, brute-force protection) and approximate geographic location
  • Usage data — pages visited, features used, and interaction patterns (collected via PostHog with your consent)
  • Error data — application errors and performance metrics (collected via Sentry for bug fixing)

Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better experience by remembering your preferences and understanding how you use our Service.

Cookie Categories

We use the following types of cookies:

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

  • Session cookies for authentication (HttpOnly, secure)
  • Security cookies for CSRF protection
  • Cookie consent preferences — remembers your cookie choices

Analytics Cookies (Requires Consent)

With your consent, we use analytics cookies to understand how visitors interact with our website:

  • PostHog — product analytics that tracks page views, feature usage, and anonymized AI usage metadata (model used, response time, token counts). PostHog data is hosted on US servers. PostHog Privacy Policy

We do not use Google Analytics at this time.

Marketing Cookies

We do not currently use marketing cookies or run retargeting ads.

Cross-Domain Tracking

To provide a seamless experience between our marketing website (smvue.com) and application (app.smvue.com), we use cross-subdomain cookies with your consent. This allows us to:

  • Link your pre-signup activity to your account after registration
  • Understand the customer journey from marketing to product
  • Attribute signups to marketing campaigns

When you click signup links, we may append a tracking parameter (ph_id) to the URL. This identifier connects your browsing session across our domains but does not contain personal information. This tracking only occurs if you have consented to analytics cookies.

Managing Your Cookie Preferences

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of our website. You can also clear cookies through your browser settings.

Cookies We Use

Cookie NameProviderPurposeDuration
smvue_cookie_consentSMVueStores your cookie preferences1 year
ph_*PostHogAnalytics tracking (if consented)1 year

How We Use Your Information

We use your information to:

  • Provide core features — generate meeting prep briefs, Daily Briefs, coaching insights, and Sales Coach conversations using AI
  • Sync your CRM data — import deals, contacts, and activities from your connected CRM to power coaching features
  • Manage your calendar — sync calendar events for meeting scheduling and preparation
  • Process payments — handle billing through Stripe and prevent fraud
  • Improve the Service — analyze anonymized usage patterns (with consent) to improve features
  • Communicate with you — send transactional emails (meeting agendas, account notifications) and respond to support requests
  • Maintain security — detect and prevent unauthorized access, abuse, and fraud

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.

AI Data Processing

SMVue uses AI to power coaching features. Here is how your data is processed:

  • Anthropic (Claude) — our primary AI provider. Your CRM data, meeting notes, and coaching context are sent to Anthropic's API to generate insights, meeting prep, and Sales Coach responses. Anthropic retains API data for up to 30 days for trust and safety monitoring, after which it is deleted. Your data is not used to train AI models. Anthropic Privacy Policy
  • OpenAI — used for generating semantic search embeddings across coaching notes and content. Text content is processed to create mathematical representations (vectors) used for search. OpenAI retains API data for up to 30 days for abuse monitoring, then deletes it. Your data is not used to train AI models. OpenAI Privacy Policy
  • LiteLLM — an open-source abstraction layer that routes AI requests. LiteLLM runs within our own infrastructure and does not send data to any additional third parties.

Prompt Injection Protection

We employ a 5-layer defense system to prevent prompt injection attacks from manipulating AI responses or extracting data through the AI features.

Data Security

We implement security measures that go beyond industry standards:

  • Encryption in transit — TLS 1.2+ enforced on all connections; HSTS enabled with preload; HTTP automatically redirected to HTTPS
  • Encryption at rest — Google-managed AES-256 encryption on all database storage, plus application-level AES-128 (Fernet) encryption on sensitive fields with separate encryption keys for different data categories (CRM tokens, coaching notes, AI insights, meeting transcripts each use dedicated key domains)
  • Authentication — bcrypt password hashing (cost factor 12), JWT with token revocation, CSRF protection, brute-force lockout after 5 failed attempts
  • Access controls — row-level organization isolation on all database tables; seat-based visibility (Manager/Executive/Rep); returns 404 instead of 403 to prevent data enumeration
  • Key management — encryption keys stored in Google Secret Manager with IAM-scoped access; MultiFernet supports key rotation without downtime
  • Audit logging — pgAudit database audit logging with 2-year retention
  • Infrastructure — Google Cloud Platform SOC 2 certified infrastructure; Google Cloud Armor WAF with OWASP ModSecurity rules (SQL injection, XSS, LFI, RFI, RCE protection)
  • Code security — Gitleaks secret scanning in CI; Semgrep static analysis; Trivy container and dependency scanning

Data Retention

We retain your data according to the following schedule:

  • Active accounts — data retained for the lifetime of your account
  • Cancelled accounts — access continues through end of billing period; data retained for 90 days after account suspension
  • Suspended accounts (failed payment) — data retained for 90 days after suspension (120 days after initial payment failure)
  • Data deletion — 120 days after account suspension, all account data is permanently and irreversibly deleted
  • Audit logs — retained for 2 years for security and compliance purposes
  • AI conversation history — Sales Coach conversations retained for the lifetime of your account; deleted with account deletion

You can request immediate deletion of your data at any time (see "Your Rights" below).

Your Rights

For All Users

You have the right to:

  • Access your personal data — request a copy of all data we hold about you
  • Correct inaccurate data — update your profile and account information
  • Delete your data — request permanent deletion of your account and all associated data
  • Export your data — receive your data in a portable, machine-readable format
  • Opt out of marketing communications
  • Withdraw cookie consent at any time via the Cookie Settings link

Additional Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you additionally have the right to:

  • Restrict processing of your personal data
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, commonly used format (Article 20)
  • Erasure — request deletion of your personal data (Article 17, "right to be forgotten")
  • Lodge a complaint with your local data protection authority

We process personal data under the following legal bases: consent (for analytics cookies), contractual necessity (to provide the Service), and legitimate interests (for security and fraud prevention).

To exercise any of these rights, contact us at privacy@smvue.com. We will respond within 30 days.

Data Breach Notification

In the event of a data breach that affects your personal data, we will:

  • Notify affected users within 72 hours of becoming aware of the breach
  • Notify relevant supervisory authorities as required by applicable law
  • Provide details of the breach, the data affected, and the steps we are taking to address it

Third-Party Services

We integrate with the following third-party services, each with its own privacy policy:

CRM Integrations (Connected by You)

  • HubSpot — deals, contacts, companies, and activities synced via read-only OAuth. Privacy Policy
  • Salesforce — opportunities, contacts, accounts, and activities synced via read-only OAuth. Privacy Policy
  • Pipedrive — deals, contacts, organizations, and activities synced via read-only OAuth. Privacy Policy

Calendar Integrations (Connected by You)

  • Google Calendar — calendar events synced for meeting management and scheduling. Privacy Policy

Infrastructure & Security

  • Google Cloud Platform (GCP) — all application data hosted in the United States (us-central1 region). Privacy Policy
  • Cloudflare — DNS and network security. Cloudflare processes request metadata (IP addresses, headers) for security and performance. Privacy Policy
  • Sentry — error monitoring and performance tracking. Sentry receives error details and stack traces to help us fix bugs. Privacy Policy

Payments

  • Stripe — payment processing. Stripe handles all credit card data directly; we never see or store your card number. Privacy Policy

Communications

  • Resend — transactional email delivery (meeting agendas, account notifications). Privacy Policy

Analytics

  • PostHog — product analytics (with your consent). Receives page views, feature usage, and anonymized AI usage metadata. Privacy Policy

AI Providers

  • Anthropic — AI-powered coaching insights, meeting prep, and Sales Coach. Privacy Policy
  • OpenAI — semantic search embeddings. Privacy Policy

Marketing & Partnerships

  • Apollo.io — visitor engagement tracking on the marketing website, activated only after analytics cookie consent. Privacy Policy
  • Rewardful — partner referral program management. May receive your email address for commission attribution if you were referred by a partner. Privacy Policy

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at privacy@smvue.com.

International Data Transfers

Our Service is hosted in the United States (Google Cloud Platform, us-central1 region). If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For users in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for data transfers. Our Data Processing Agreement (DPA), available upon request, includes the relevant SCCs.

We ensure that all third-party sub-processors who handle personal data provide adequate data protection safeguards consistent with this Privacy Policy and applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. If we make material changes to how we handle your data, we will notify you by email and may ask you to re-consent to cookies.

When we update this policy, we increment our consent version, which automatically re-prompts all users to review and accept the updated cookie preferences.

Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@smvue.com.

SMVue, Inc. Delaware, United States