Replio

Privacy Policy

Last updated: January 1, 2026

1. Introduction

Replio, operated by AitekLabs ("we", "us", "our"), is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered sales training platform.

We comply with the General Data Protection Regulation (GDPR), the EU AI Act, and other applicable data protection laws. By using Replio, you agree to the practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is:

AitekLabs

Address: European Union

Email: [email protected]

Website: https://aiteklabs.com

Our Data Protection Officer can be contacted at [email protected] for any privacy-related inquiries.

3. Data We Collect

3.1 Account Information

  • Name and email address
  • Organization/company name
  • Password (encrypted)
  • Account preferences and settings

3.2 Voice and Audio Data

Important Notice

Our platform records voice during training sessions. Voice data may be considered biometric data under certain regulations. We process this data with your explicit consent and implement strict security measures.

  • Voice recordings from training sessions
  • Transcriptions of conversations
  • Audio quality metrics
  • Session timestamps and duration

3.3 Training and Performance Data

  • Training session history and progress
  • Performance scores and feedback
  • Interaction patterns with AI personas
  • Learning analytics and improvement metrics

3.4 Technical Data

  • IP address and device information
  • Browser type and version
  • Usage logs and session data
  • Cookies and similar technologies

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Consent

For voice recordings and biometric data processing. You can withdraw consent at any time.

Contract

To provide our services and fulfill our contractual obligations to you.

Legitimate Interest

For improving our services, security, and fraud prevention. We have conducted a balancing test per CNIL guidelines to ensure our legitimate interests do not override your fundamental rights.

Legal Obligation

To comply with applicable laws and regulations.

5. EU AI Act Compliance

As an AI-powered platform, we comply with the EU AI Act requirements:

Our AI system is classified as 'limited risk' under the EU AI Act, requiring transparency obligations.

  • Transparency: We clearly inform users when they are interacting with AI systems
  • Human Oversight: Training results and AI feedback are tools to assist, not replace, human judgment
  • Data Governance: Training data for our AI models is carefully curated and does not include your personal voice data without explicit consent
  • Risk Assessment: We regularly assess and mitigate risks associated with our AI systems
  • Documentation: We maintain comprehensive documentation of our AI systems and their intended purposes

6. How We Use Your Data

  • Providing AI-powered sales training simulations using third-party AI models
  • Generating personalized feedback and performance analytics
  • Managing your account and providing customer support
  • Sending service-related communications
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations

AI and Data Processing

We do not train AI models with your data. However, we anonymize text transcriptions (removing all personal identifiers such as names, emails, and phone numbers) and retain them for potential future service improvements, including the possible development of proprietary AI models.

Voice recordings are NOT used for AI training and are only retained for your personal session review.

You can opt out of anonymized data retention in your account settings. When opted out, your session transcriptions will not be anonymized and retained for future use.

7. Data Retention

We retain your data for the following periods:

  • Account data: For the duration of your account plus 30 days after deletion
  • Voice recordings: Retained until account deletion, or earlier upon request (biometric data)
  • Training analytics: 24 months from creation
  • Technical logs: 90 days
  • GDPR audit trail: 7 years (legal requirement)

You can request deletion of your data at any time by contacting us at [email protected] or through your account settings.

We retain data only as long as necessary for the purposes collected. Voice recordings enable session playback for training review; analytics provide long-term performance tracking.

8. Data Sharing and Third Parties

We may share your data with:

  • Service Providers: Cloud hosting (with EU data residency), AI processing services, analytics providers
  • Your Organization: If you use Replio through an employer, administrators may access your training data
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

8.1 Categories of Third-Party Processors

We use the following categories of third-party service providers:

AI Service Providers

Purpose: AI-powered persona generation, session analysis, and real-time voice conversations

Data shared: Anonymized prompts, training descriptions, questionnaire responses. NO personal data, voice recordings, or user identifiers are shared.

Safeguards: Standard Contractual Clauses (SCCs) where data may be processed outside EEA

Cloud Storage Providers

Purpose: Secure storage of voice recordings and platform assets

Data shared: Voice recordings, session data

Safeguards: EU-based storage, encryption at rest and in transit

Email Service Providers

Purpose: Transactional emails (account notifications, password resets, invitations)

Data shared: Email addresses only

Safeguards: Data Processing Agreement in place, EU-based processing

We have signed Data Processing Agreements (DPAs) with all processors ensuring GDPR compliance, including processing only on our instructions, confidentiality obligations, security measures, and audit rights.

9. International Data Transfers

Your data is primarily stored within the European Union. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

9.1 AI Data Processing

To provide AI-powered features such as persona generation and session analysis, certain non-personal data may be processed by third-party AI service providers whose servers may be located outside the European Economic Area. These transfers are protected by Standard Contractual Clauses and other appropriate safeguards in compliance with GDPR.

Data sent to AI providers: Data sent to AI providers includes only non-personally identifiable information such as training descriptions, questionnaire responses, and anonymized prompts. Personal data, voice recordings, and user identifiable information are stored exclusively within the EU and are not sent to external AI providers.

Safeguards: Our AI service providers maintain comprehensive data protection agreements that include Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring equivalent protection to that provided under EU law.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data (Right to be Forgotten)

Restriction

Limit how we process your data

Portability

Receive your data in a portable format (JSON, CSV)

Objection

Object to certain processing activities

Withdraw Consent

Withdraw consent at any time

Lodge Complaint

File a complaint with your local supervisory authority

To exercise your rights, contact us at [email protected]. We will respond without undue delay, within one month as required by GDPR.

You can export your data directly from your account settings in a structured, machine-readable format.

You may lodge a complaint with your local data protection authority: CNIL (France), BfDI (Germany), DPA (Greece), AEPD (Spain), CNPD (Portugal).

11. Automated Decision-Making (GDPR Article 22)

Our platform uses AI to generate performance scores and feedback during training sessions.

11.1 No Legal or Significant Effects

AI-generated assessments are training tools only. They do not produce legal effects or similarly significantly affect you. Final decisions regarding employment, performance reviews, or career advancement remain with your employer/manager.

11.2 Your Rights Regarding AI Decisions

You have the right to:

  • Request human review of any AI-generated assessment
  • Express your point of view regarding AI feedback
  • Contest AI decisions that you believe are inaccurate
  • Obtain a clear explanation of how the AI reached its assessment

11.3 How to Exercise These Rights

Contact [email protected] with subject line 'Human Review Request' to request human review of any AI assessment.

12. Data Security

We implement robust security measures to protect your data:

  • Encryption at rest and in transit (AES-256, TLS 1.3)
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response procedures
  • Secure data centers within the EU

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

13. Cookies and Similar Technologies

We use cookies to enhance your experience on our platform.

13.1 Cookie Categories

Strictly Necessary

Required for platform functionality (authentication, security, session management). These cookies do not require consent.

Analytics

Help us understand how you use our platform to improve it. Requires your consent.

Functional

Remember your preferences (language, theme). Requires your consent.

You can manage your cookie preferences at any time through the cookie banner or your account settings. You can also configure your browser to reject cookies, though this may affect platform functionality.

We will not set non-essential cookies until you have provided your consent through our cookie banner.

14. Children's Privacy

Replio is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform at least 30 days before they take effect. The "Last updated" date at the top indicates when the policy was last revised.

16. Contact Us

For privacy-related questions or to exercise your rights:

Data Protection Officer

Email: [email protected]

AitekLabs, European Union

We aim to respond to all requests without undue delay, within one month as required by GDPR.