RRally10
Sign inStart free trial

Privacy Policy

Last updated · Effective

This Privacy Policy explains how Rally10 (“Rally10,” “we,” “us”) collects, uses, and shares information about you when you use our website and services.

1. Information we collect

  • Account information. Name, email, organization name, and profile image (via Clerk).
  • Business data. Anything you enter into Rally10 — rocks, scorecard numbers, todos, meeting notes, processes, 1-on-1 topics, V/TO, etc. This is your data; we process it on your behalf.
  • Usage data. IP address, browser, pages visited, timestamps. Used for security and product improvement.
  • Billing data. Payment information is collected and stored by Stripe, not by us. We receive subscription status and invoices.

2. How we use information

  • Operate and improve the service.
  • Generate AI-powered features (meeting summaries, process drafts, 1-on-1 talking points) on your organization’s own data. Your content is never used to train foundation models.
  • Send transactional email (meeting summaries, invites, billing receipts).
  • Prevent fraud and abuse.

3. Sharing

We do not sell your data. We share limited information with the following subprocessors strictly to operate the service:

  • Vercel — hosting, edge network, analytics.
  • Neon / Postgres — database.
  • Clerk — authentication.
  • Stripe — payments.
  • Anthropic (and optionally OpenAI/Google) via Vercel AI Gateway — AI model inference. Content sent to these providers is not retained for training.
  • Resend — transactional email delivery.

4. AI features and your content

Rally10’s AI features (meeting summaries, process drafts, 1-on-1 talking points, scorecard insights, issue root cause) send the relevant portions of your organization’s data to the AI provider for inference. We route through the Vercel AI Gateway. Providers under contract do not retain your content for model training.

5. Data retention

We retain your data as long as your organization’s account is active. When you delete your organization, we delete your data within 30 days, except where we’re legally required to retain it (for billing, tax, or dispute resolution).

6. Security

Encryption in transit (TLS 1.2+) and at rest. Strict multi-tenant isolation — queries are scoped by organization at every layer. See our Security Overview.

7. Your rights

If you’re in the EEA, UK, or California, you may have rights to access, correct, delete, or export your personal data. Contact privacy@rally10.com and we’ll respond within 30 days.

8. Changes

We’ll post updates to this page and, for material changes, email org owners at least 14 days before they take effect.

9. Contact

privacy@rally10.com