Privacy Policy

Suro is an AI-powered sales coaching platform operated by Suro Ltd. ("Suro", "we", "us"), a company registered in Israel. This policy explains how we collect, use, and protect your personal data when you use our platform at suro.ai.

We collect the following categories of data:

• Account data — name, email address, company name, and role (provided during sign-up).
• Usage data — interactions with the platform such as training sessions completed, call recordings uploaded, and AI-generated coaching content.
• Call recordings & transcriptions — audio files and their transcriptions that you or your team upload to the platform for analysis.
• Technical data — IP address, browser type, device information, and cookies strictly necessary for authentication and session management.
• Billing data — payment processing is handled entirely by our payment provider (LemonSqueezy). We do not store credit card numbers or payment credentials.

We use your data exclusively to:

• Provide and improve the Suro platform and its AI coaching features.
• Generate personalized training content, feedback, and analytics for your team.
• Process billing and manage your subscription.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Respond to support requests and contact form submissions.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Suro uses third-party AI models to power coaching, transcription, and analysis features. When your data is processed by AI:

• It is sent to our AI providers via encrypted connections.
• It is used solely to generate results for your account — not to train third-party models.
• Our AI providers are contractually bound to data protection obligations.

Call recordings and transcriptions are processed to provide coaching insights and are stored within your tenant's isolated environment.

• All data is hosted on infrastructure located in the European Union.
• Data is encrypted in transit (TLS 1.2+) and at rest.
• Each tenant's data is logically isolated — no cross-tenant access is possible.
• Access to production systems is restricted and logged.
• We use infrastructure providers that maintain SOC 2 and/or ISO 27001 certifications.

• Your data is retained for as long as your account is active.
• If you cancel your subscription, your data is preserved for 30 days, after which it is permanently deleted.
• You can request immediate deletion of your data at any time by contacting us.

Under applicable data protection laws (including GDPR if you are in the EU/EEA), you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Deletion — request deletion of your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to certain processing activities.
• Restriction — request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@suro.ai.

We rely on a limited number of sub-processors to deliver our services:

• Vercel — application hosting (EU region).
• Anthropic — AI model provider for coaching and analysis.
• Deepgram — speech-to-text transcription.
• LemonSqueezy — payment processing and subscription management.
• Resend — transactional email delivery.

All sub-processors are selected for their security practices and data protection commitments. We maintain agreements with each to ensure your data is handled responsibly.

We use only strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required as these cookies are essential to provide the service you requested.

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. The "Last updated" date at the top reflects the most recent revision.

For any questions about this privacy policy or your data, contact us at:

privacy@suro.ai