Privacy Policy
This policy explains how CompassAi handles information when authorized users transcribe recordings, perform quality assurance reviews, manage scorecards, match MirrorCXT leads, and create reports.
CompassAi stores its working data primarily in your browser. Recordings and transcript content are sent through CompassAi's secure web relay to OpenAI using the API key you provide. Microsoft Entra ID authenticates approved users.
1. Scope and operator
This Privacy Policy applies to the CompassAi web application and its related pages. CompassAi is designed and operated by Adam Stephens. Questions or privacy requests may be sent to astephens@convertros.com.
2. Information CompassAi processes
- Account information: your name, business email address, and authentication/session information supplied through Microsoft Entra ID.
- Call content: audio or video recordings you select, generated transcripts, timestamps, detected client, agent and customer details, QA evidence, scores, reviewer notes, overrides, and report content.
- Business context: scorecards, client detection rules, MirrorCXT exports, lead details, phone numbers, dispositions, and Clover links you import.
- Preferences and credentials: your selected models, display theme, locally saved OpenAI API key, and other workspace preferences.
- Technical information: hosting, authentication, and AI service providers may process routine request metadata such as IP address, browser/device information, timestamps, authentication events, usage information, and error details under their own policies.
3. How information is used
Information is used only to provide, secure, maintain, and troubleshoot CompassAi; authenticate authorized users; transcribe and analyze calls; select and apply scorecards; support human QA review; match imported leads; generate reports; and prevent misuse. CompassAi does not sell personal information or use call content for advertising.
4. Browser-local storage
CompassAi currently stores the OpenAI API key, jobs, transcripts, QA results, scorecard changes, reports, model selections, and appearance preferences in the local storage of the browser profile you use. This information may remain there until you clear it through CompassAi, clear browser/site data, or remove the browser profile. Other users or software with access to that browser profile may be able to access locally stored information.
5. Cloud processing and service providers
CompassAi relies on the following providers to deliver the service:
- Microsoft Entra ID authenticates users and returns identity information needed to establish an authorized session.
- Vercel hosts the web application and temporarily relays authorized transcription and QA requests.
- OpenAI receives recordings, transcript text, prompts, scorecard context, and your API key as needed to provide transcription and QA results.
CompassAi's relay responses use no-store cache controls and CompassAi does not maintain a separate application database for call content. Providers may nevertheless process and retain information according to their own terms, security logs, and legal obligations. OpenAI states that API data is not used to train its models by default unless the API customer opts in, and that default abuse-monitoring logs may be retained for up to 30 days. Your OpenAI organization's settings and eligibility for additional retention controls may change that treatment.
Review the OpenAI Privacy Policy, OpenAI API data controls, Microsoft Privacy Statement, and Vercel Privacy Policy for provider-specific details.
6. Retention and deletion
Browser-stored CompassAi data remains until it is cleared by the user or browser. Use Settings to clear the API key and local jobs, or clear the site's browser data to remove all locally saved CompassAi information. Downloaded reports are controlled by whoever downloaded them. Microsoft, Vercel, and OpenAI may retain provider-side information under their own policies and account settings. Requests concerning CompassAi-controlled information may be sent to the contact address above.
7. Security
CompassAi uses Microsoft authentication, an approved-domain allowlist, HTTPS transport, same-origin relay endpoints, and browser-local storage to reduce unnecessary server-side persistence. No system is completely secure. Users must protect their Microsoft account, browser profile, device, OpenAI API key, exported reports, and downloaded files, and must promptly report suspected unauthorized access.
8. Recording and data responsibilities
You must have lawful authority, required notices, and any necessary consent before uploading or processing a recording or personal information. Do not submit content you are not authorized to use. CompassAi is not intended for highly sensitive data requiring specialized legal or regulatory safeguards unless your organization has independently determined that its configuration and provider agreements satisfy those requirements.
9. Children
CompassAi is a business application intended for authorized adult users and is not directed to children under 18. Do not use the service to intentionally collect information directly from children.
10. International processing
Information may be processed in the United States or other locations where the service providers operate. Your organization is responsible for determining whether its use of CompassAi and any cross-border transfer complies with applicable requirements.
11. Changes to this policy
This policy may be updated as CompassAi's features, providers, or legal obligations change. The effective date at the top of this page identifies the current version. Continued use after an update means you acknowledge the revised policy.