Privacy Policy

1 · Who we are (data controller)

Acceleration Sales (“we”, “us”) is the data controller for personal data processed through our website and the ROSS platform. For personal data you upload into your own ROSS workspace about your prospects and customers, you act as the controller and we act as your processor — those terms are governed by our Data Processing Agreement. Contact: david@accelerationsales.com. Data Protection Officer: dpo@accelerationsales.com.

2 · What we collect & why

• Account data — name, work email, workspace and role. Basis: performance of contract (art 6.1.b).
• Usage & product telemetry — pages, features, agent actions, cost per action. Basis: legitimate interest (art 6.1.f) and, for non-essential analytics, consent (art 6.1.a).
• Customer content you upload — CRM records, prospect data, call transcripts, documents. Processed on your behalf under the DPA.
• Billing data — company, plan, invoices. Basis: contract + legal obligation (art 6.1.c).
• Support & communications — what you send us. Basis: legitimate interest.

We do not sell personal data, and we do not use customer content to train third-party foundation models.

3 · Where your data lives (EU residency)

Primary data — your account and the content in your workspace — is stored in the EU on Supabase (Frankfurt region), isolated per tenant via Postgres Row-Level Security. Where a sub-processor is located outside the EEA (e.g. LLM inference), transfers rely on EU Standard Contractual Clauses and a signed Data Processing Agreement. See the sub-processor list below.

4 · Sub-processors

We notify customers of material sub-processor changes before they take effect, per the DPA. This list reflects our current production stack and is kept current.

5 · AI & automated processing

ROSS uses AI agents that draft, summarise and assist. When you interact with our AI voice or chat agents, you are told you are talking to an AI system, in line with the EU AI Act (art 50). Synthetic audio produced by our voice agent carries a machine-readable watermark (AI Act art 52). AI output is a recommendation: material decisions remain subject to human review, and you can object to solely automated decisions under GDPR art 22.

6 · Retention

Account and workspace data is retained for the life of your subscription and deleted (or returned) within 30 days of termination, unless a longer period is required by law. Immutable audit logs are retained for up to 7 years for compliance and forensic integrity. Anonymous, aggregated analytics may be kept longer.

7 · Your rights

• Access (art 15) — know what data we hold about you.
• Rectification (art 16) — correct inaccurate data.
• Erasure / right to be forgotten (art 17).
• Restriction of processing (art 18).
• Data portability (art 20) — receive your data in a structured format.
• Objection (art 21) — object to processing based on legitimate interest.
• Not be subject to solely automated decisions (art 22 · relevant to AI Act art 50).
• Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any right, email dpo@accelerationsales.com. You also have the right to lodge a complaint with your supervisory authority — in Spain, the AEPD (Agencia Española de Protección de Datos).

8 · Security

We apply per-tenant isolation (Postgres RLS), encryption in transit and at rest, least-privilege access, and an immutable SHA-256-chained audit log of agent actions. Security controls are described on our Trust page.

9 · Changes to this policy

We may update this policy as the product and our stack evolve. We will post the new version here and, for material changes, notify account owners. The “in force” date at the top reflects the current version.