Privacy Policy

Last updated: April 9, 2026

Sales Blitz ("we," "us," or "our") operates the website salesblitz.ai and the web application at app.salesblitz.ai. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials via Clerk (our identity provider). If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store credit card numbers on our servers.

Usage Data

We collect information about how you use Sales Blitz, including which tools you run, target companies and contacts you research, and your interaction patterns. This data helps us improve the product and personalize your experience.

Meeting Recordings (Meeting Bot)

Sales Blitz offers an AI-powered meeting bot that can join your Zoom, Google Meet, or Microsoft Teams meetings. You choose a mode for each meeting:

• Record only: A bot named "Sales Blitz Notetaker" joins as a visible participant. It records, transcribes, and generates post-call intelligence (follow-up drafts, deal qualification, competitor analysis, coaching debrief)
• AI assist mode: A bot named "Sage — Sales Blitz" joins as a visible participant with an AI avatar. You lead the conversation. Sage provides real-time technical answers, live discovery scoring, and a post-call coaching debrief on your dashboard. All meeting participants can see Sage as an attendee. If voice responses are enabled, Sage may speak on the call when you explicitly invoke her by name
• Sage runs the meeting: Sage joins as a visible AI participant and conducts the conversation on your behalf. See "Sage Discovery Calls" below

Across all modes:

• The bot is powered by Recall.ai, a third-party meeting bot infrastructure provider. Recall.ai processes the meeting audio on their servers and returns a structured transcript to us
• Sales Blitz never receives or stores raw meeting audio from the bot. We receive only the transcript
• You are responsible for informing all meeting participants that an AI bot is joining, what it will do, and for obtaining their consent as required by applicable law. This applies to all three modes. Sales Blitz does not support or condone undisclosed AI participation in meetings
• Meeting transcripts are retained for 90 days by default, then automatically deleted
• After transcription, we run a post-call intelligence analysis (via Anthropic Claude) that generates follow-up email drafts, deal qualification insights, competitor mentions, objection patterns, and next-call preparation notes. This intelligence is stored in your account and used to improve future blitz outputs for the same prospect

You can set a default mode per account (strategic, assisted, or delegated) which auto-selects at meeting launch. You can override the mode for any individual meeting.

LinkedIn Profile Capture

Sales Blitz offers a browser tool that reads publicly visible LinkedIn profile information (name, title, company, location, and experience) from the page DOM. This data is only sent to Sales Blitz servers when you explicitly click "Save to Target" or "Quick Blitz." We do not scrape LinkedIn data in the background or access any data requiring authentication bypass.

Practice Blitz & Voice Data

When you use Practice Blitz, your microphone audio is captured in your browser and transmitted to Google's Gemini Flash Live API for speech-to-text transcription and response generation, or to OpenAI's Whisper API for transcription with OpenAI TTS for voice synthesis. The response text is synthesized to audio via either Gemini or OpenAI TTS. Video is rendered via the HeyGen LiveAvatar API. All LiveAvatar API calls are routed through our servers to protect API credentials; the LiveAvatar API key is never exposed to your browser. No raw audio is stored on our servers; audio is streamed to Gemini or OpenAI in real time and discarded after transcription. By using Practice Blitz, you consent to this audio processing pipeline. You can revoke consent at any time by not using Practice Blitz.

AI Chatbot Conversations

When you interact with the Sales Blitz AI chatbot, your messages are sent to Anthropic's Claude API for response generation. We log conversation metadata (timestamps, message counts, safety flags) for security and abuse prevention. Conversation content may be reviewed if a safety flag is triggered (threats of harm, illegal activity). Chatbot conversations are not used to train AI models.

Research Data

When you run a blitz, we use publicly available information about target companies and contacts to generate context files, competitive analysis, and outreach materials. This research is stored in your account and compounded across runs to improve future results.

Sage Discovery Calls

Sage can join Zoom, Google Meet, or Microsoft Teams meetings as an AI-powered participant that conducts discovery, follow-up, demo, or closing conversations on your behalf. You select the meeting type at launch; each type adjusts Sage's conversational approach and scoring emphasis. When you use Sage Discovery:

• Sage joins the meeting as "Sage — Sales Blitz" via a Recall.ai-powered bot that streams Sage's video avatar (powered by HeyGen LiveAvatar) and synthesized voice (powered by Google Gemini or OpenAI TTS) into the meeting as the bot's camera and microphone feed. All participants see and hear Sage as a visible meeting attendee
• Meeting audio is captured by Recall.ai and streamed to our servers for real-time speech-to-text processing via Google Gemini Flash Live or OpenAI Whisper
• Conversation content is processed by Anthropic Claude in real time via LangGraph state graphs to generate contextual responses
• In assisted mode, Sage may also respond verbally on the call when you explicitly invoke her by name. Voice responses use the same TTS and LiveAvatar pipeline. You can disable voice responses at any time during the call
• After the call, Sage's LangGraph post-call graph generates a score specific to the meeting type, a dimensional breakdown, and a follow-up email draft via Anthropic Claude. These are stored in your account
• Conversation transcripts and intelligence from Sage calls are accumulated into your target account data to improve future interactions and are used in future blitz outputs
• You are responsible for disclosing that an AI agent is participating in the meeting and for obtaining consent from all meeting participants. All meeting participants must be aware that Sage is an AI before the call begins. Sales Blitz does not support or condone undisclosed AI participation in meetings of any kind

Proposal & Insertion Order Data

When Sage generates proposals or insertion orders after qualifying calls, we collect and process the following additional data:

• Proposal Content: AI-generated proposals include executive summaries, situation analysis, pain points, recommended packages, ROI projections, pricing tables, and contract terms. This content is derived from Sage call transcripts, your Company Settings (pricing, legal entity, address), and accumulated prospect intelligence
• Cover Emails: AI-generated cover emails are stored alongside proposals for your review and editing before sending
• Approval Records: When you approve a proposal, we record the approval timestamp, your user ID, and the document version
• Delivery Records: When a proposal is sent, we record the delivery method (built-in Gmail, DocuSign, or PandaDoc), recipient email, Gmail message and thread IDs (for built-in delivery), or external document IDs (for DocuSign/PandaDoc)
• Signing Data: For built-in e-signature pages, we capture the signer's typed name, IP address, timestamp, and user agent string. For DocuSign or PandaDoc delivery, signing data is managed by those services per their respective privacy policies
• Insertion Orders: IO data includes service descriptions, pricing, contract terms, and vendor/customer signer information as configured in your Company Settings

Email Outreach Data (Sage)

When you use Sage, our AI-powered outreach agent, we collect and process the following additional data:

• Gmail OAuth Tokens: If you connect your Gmail account to send emails through Sage, we store an encrypted OAuth refresh token in our database. This token is scoped to the minimum permissions required (gmail.send, gmail.readonly) and is used only to send campaign emails and check for replies on your behalf. Tokens are encrypted at rest (AES-256), isolated per campaign via row-level security, and automatically revoked when you delete a campaign or disconnect your Gmail account.
• Prospect Contact Data: When you import prospects into a Sage campaign (via CSV upload), we store their contact information (name, email, title, company, LinkedIn URL) in your account. This data is only accessible to you and is used to personalize outreach emails.
• Email Content: Outbound emails generated by Sage are stored in your account for audit and review. Reply content received from prospects is stored for classification and response drafting.
• Reply Classification: Incoming replies are classified by AI into categories (interested, not interested, out of office, meeting request, do not contact, objection, referral, question). Classification results and confidence scores are stored alongside the reply.
• Campaign Analytics: We track send, open, reply, and bounce events for emails sent through Sage. This data powers your campaign dashboard and is only visible to you.

2. How We Use Your Information

• To provide and improve Sales Blitz services, including research, asset generation, practice mode, meeting intelligence, AI discovery calls, and proposal/IO generation
• To process and transcribe meeting recordings you initiate
• To personalize your experience based on your research history and preferences
• To process payments and manage your subscription
• To communicate with you about your account, product updates, and support
• To detect and prevent fraud, abuse, and security threats

3. Third-Party Services

We use the following third-party services to operate Sales Blitz:

• Clerk (authentication): Manages sign-in and user identity
• Stripe (payments): Processes subscription payments and stores payment methods
• OpenAI (transcription): Whisper API transcribes meeting audio. Audio is processed per OpenAI's data usage policies and is not used to train their models via the API
• Anthropic (AI analysis): Claude generates research, playbooks, practice scoring, and meeting analysis. Data sent via the API is not used to train Anthropic's models
• Supabase (database): Hosts our PostgreSQL database and vector embeddings
• Vercel (hosting): Serves our web application and marketing site
• Resend (email): Sends transactional emails (notifications, delivery confirmations)
• Apollo.io (enrichment): Enriches prospect contact data for Sage campaigns
• Brave Search API (web research): Powers prospect and company research for blitzes and Sage campaigns
• Instantly.ai (email sending): Alternative sending provider for Sage campaigns with built-in warm-up. Prospect data (email, name, company) is shared with Instantly for sending. Delivery events are reported back via webhooks
• Cal.com (meeting booking): Handles meeting scheduling when prospects click a booking link in Sage outreach. Prospect email is shared with Cal.com for booking confirmation
• Google Gmail API (email sending): When you connect your Gmail via OAuth, Sage sends outreach emails from your inbox using the Gmail API. We request only gmail.send and gmail.readonly scopes
• Langfuse (observability): Logs AI call metadata (model, token counts, latency, cost) for performance monitoring. Full prompt/response content is not logged
• HeyGen/LiveAvatar (video & voice): Powers the AI avatar for Practice Blitz, Sage Discovery, and Sage assisted mode voice responses. Video lip-sync matches text sent to the API. All API calls are routed through our servers to protect credentials
• Recall.ai (meeting bot): Powers the meeting bot that joins Zoom, Google Meet, and Microsoft Teams to record and transcribe meetings. Recall.ai receives the meeting URL and processes audio on their servers. We receive only the transcript. Recall.ai does not retain meeting data after processing per their data processing terms
• AssemblyAI (audio analysis): Provides real-time transcription for meeting bots and post-call audio intelligence including speaker identification, entity detection, and text-based sentiment analysis. Meeting audio is processed on AssemblyAI servers per their data usage policies
• Google Cloud (embeddings & live): Gemini API generates vector embeddings for semantic search & Gemini Flash Live provides real-time STT/LLM/TTS for Practice Blitz & Sage Discovery calls
• Cloudflare (DNS): Handles domain routing & DDoS protection for salesblitz.ai
• DocuSign, Inc. (e-signature): When you connect your DocuSign account, Sales Blitz creates and sends document envelopes for proposals and insertion orders you approve. We store an encrypted OAuth refresh token scoped to signature and impersonation permissions. Proposal content, signer names, and email addresses are shared with DocuSign for envelope creation. Signing events are reported back via webhook
• PandaDoc, Inc. (document creation & e-signature): When you connect your PandaDoc account, Sales Blitz creates documents from templates, populates them with proposal data, and sends them for signature. We store an encrypted OAuth refresh token. Proposal content, signer details, and company information are shared with PandaDoc for document creation. Document status events are reported back via webhook

Each service processes data per their own privacy policies. We do not sell or share your data with advertisers or data brokers.

4. LinkedIn Profile Capture Permissions

The Sales Blitz LinkedIn profile capture tool requests the following permissions:

• activeTab: Accesses the current tab to read LinkedIn profile data when you click "Save to Target" or "Quick Blitz"
• storage: Stores your authentication token locally in the browser

Host permissions (app.salesblitz.ai, linkedin.com) allow the tool to sync authentication and read LinkedIn profiles on those specific domains only.

5. Data Ownership & Your Content

Prep & Research Data

Research outputs, competitive analysis, playbooks, outreach sequences, and practice scores are generated from publicly available information combined with your profile inputs. These outputs reflect your professional skill development and are retained in your account.

Meeting Transcripts & Intelligence

Meeting transcripts capture conversations involving multiple parties who may be subject to their own employer's data policies. You are responsible for ensuring you have the right to record any meeting and for complying with your employer's data handling and confidentiality policies. Sales Blitz never stores raw meeting audio; our meeting bot provider processes audio and returns transcripts only. Transcripts are retained for 90 days by default and then automatically deleted. Coaching analysis derived from transcripts (scores, skill assessments, improvement areas) is retained in your account as part of your professional development record.

Data Deletion & Purge Requests

You can delete individual recordings, transcripts, research runs, or your entire account from within the application. If your employer or a meeting participant requests removal of specific recording data, contact security@salesblitz.ai and we will process the request within 30 days. You can also request a full export of your non-recording account data (profile, research, coaching history) at any time.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS 1.2+), encrypted data at rest, rate limiting, audit logging, and security headers (CSP, HSTS, X-Frame-Options). Authentication is handled by Clerk with support for multi-factor authentication.

7. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account deletion
• Research, playbooks, and outreach sequences: retained in your account until you delete them
• Raw audio files (meeting bot): never stored on Sales Blitz servers; processed by Recall.ai and AssemblyAI, returned as transcript only
• Meeting transcripts: retained for 90 days by default, then automatically deleted. You can delete transcripts manually at any time before the retention period expires
• Post-call intelligence (follow-up drafts, deal insights, competitor analysis): retained as part of your prospect intelligence until you delete the recording or close your account
• Coaching analysis and scores: retained as part of your professional development record until you delete them or close your account
• Usage logs: retained for 90 days for debugging and security purposes
• Sage campaign data (prospect records, email content, replies): retained while the campaign exists. Deleted when you delete the campaign. Prospect contact information is removed 30 days after campaign completion if you do not explicitly choose to retain it
• Gmail OAuth tokens: revoked via Google's revocation endpoint and deleted from our database when you delete a campaign or disconnect your Gmail account
• Proposal drafts and insertion orders: retained in your account until you delete them or close your account. Sent proposals include delivery records (message IDs, external document IDs) for tracking purposes
• DocuSign/PandaDoc OAuth tokens: encrypted at rest (AES-256) and deleted when you disconnect the integration or close your account. Tokens are automatically refreshed and old tokens are overwritten
• Signing page data (built-in): signer name, IP address, timestamp, and user agent are retained as part of the insertion order record for audit purposes

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise any of these rights, contact security@salesblitz.ai. We will respond within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination for exercising your privacy rights.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. The categories of personal information we collect are described in Section 1 above. To exercise any CCPA/CPRA right, email security@salesblitz.ai with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

8a. Cookies & Tracking

Sales Blitz uses cookies and similar technologies for the following purposes:

• Essential cookies (always active): Authentication session tokens (Clerk), CSRF protection, and load balancing. These are required for the Service to function.
• Functional cookies: User preferences, theme settings, and UI state. These improve your experience but are not strictly necessary.
• Payment cookies: Stripe sets cookies for fraud detection during checkout.

We do not use advertising cookies, retargeting pixels, or third-party analytics trackers. We do not participate in cross-site tracking. You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

9. Children's Privacy

Sales Blitz is designed for business professionals and is not intended for use by anyone under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For questions about this Privacy Policy or your data, contact:

Evan Lasiewicz
Sales Blitz
contact@salesblitz.ai