<aside>
<img src="/icons/arrow-turn-right_green.svg" alt="/icons/arrow-turn-right_green.svg" width="40px" />
Useful links:
SecondBody Trust Center
</aside>
<aside>
<img src="/icons/arrow-southeast_pink.svg" alt="/icons/arrow-southeast_pink.svg" width="40px" />
Last Updated: Sept 2025
Introduction
SecondBody Inc. ("SecondBody," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information.
This Privacy Policy describes how we process personal data when you use our AI-powered conversation simulation platform ("Service"). By using our Service, you acknowledge that you have read and understood this Privacy Policy.
Important: Our Service processes voice recordings using artificial intelligence. Please read this Privacy Policy carefully, particularly the sections on voice data processing and your rights.
Who We Are
SecondBody Inc.
2061 Broadway, Suite 5
New York, NY 10023
Email: [email protected]
For EU/UK users, we act as a data controller for your personal information.
Information We Collect
Voice Recordings and Audio Data
As the core of our AI conversation simulation service, we collect and process:
- Voice recordings during your conversations and practice sessions
- Audio quality metadata (volume levels, background noise indicators)
- Conversation transcripts generated from your voice recordings
- Voice pattern data for personalization and AI model improvement
- Speech characteristics (pace, tone patterns) for conversation analysis
Important: Voice recordings may inadvertently contain sensitive personal data such as health information (cough, breathing patterns) or biometric identifiers (voice patterns). We implement technical measures to minimize processing of such characteristics and do not use voice data for biometric identification.
Account and Profile Information
- Full name and email address
- Account preferences and settings
- Subscription and billing information
- Usage history and conversation logs
Technical and Usage Data
- Device information (type, operating system, browser)
- IP address and approximate geographic location
- Service usage patterns and performance metrics
- Error logs and diagnostic information
- Interaction data (features used, session duration)
Third-Party Integration Data
When you connect third-party accounts or services:
- Authentication tokens and connection status
- Limited profile information as authorized by you
- Integration usage data for service delivery
How We Use Your Information
Core Service Delivery
- AI Conversation Simulation: Processing voice recordings to create personalized conversation experiences
- Performance Analytics: Analyzing conversation patterns to provide progress insights
- Content Generation: Using AI models to generate appropriate responses and scenarios
- Platform Personalization: Customizing experiences based on your usage patterns
Legal Basis for Processing
Voice Recordings and Core Service Data:
- Consent: We rely on your explicit consent for processing voice recordings and sensitive audio characteristics
- Contract Performance: Processing necessary to deliver our conversation simulation services
- Legitimate Interests: Analytics and service improvement, balanced against your privacy rights
Account and Technical Data:
- Contract Performance: Managing your account and service delivery
- Legitimate Interests: Security, fraud prevention, and service optimization
Service Improvement
- Analyzing aggregated, anonymized usage patterns to enhance AI model performance
- Conducting research and development for new features
- Quality assurance and error diagnosis
- Security monitoring and threat detection
Note: We do not use individual voice recordings for AI model training unless you explicitly opt-in to our improvement program.
Information Sharing and Disclosure
Authorized Subprocessors
We share personal data only with vetted service providers under strict contractual obligations:
| Provider |
Purpose |
Location |
Safeguards |
| AWS |
Cloud Infrastructure |
USA |
SCCs, encryption, transfer risk assessed |
| Koyeb |
Cloud Compute |
France |
EEA-hosted |
| OpenAI |
AI Inference |
USA |
API-only access, no training use, SCCs |
| Posthog |
Analytics |
USA |
SCCs, access controls |
| Vanta |
Security Compliance |
USA |
SCCs |
| Auth0 |
Identity Management |
USA |
SCCs |
| 11Labs |
Text-to-Speech |
USA |
SCCs, limited retention |
| Deepgram |
Speech-to-Text |
USA |
SCCs, no permanent retention |
| Google Workspace |
Email, collaboration |
USA |
SCCs |
| Pipedrive |
CRM |
EU/USA |
SCCs |
| Stripe |
Payments |
USA |
SCCs, PCI DSS compliant |
| SendinBlue |
Communications |
EU |
EEA-hosted |
| Sentry |
Monitoring & Logging |
USA |
SCCs |
| Livekit |
Audio delivery |
USA |
SCCs |
AI Service Providers: For OpenAI, 11Labs, and Deepgram, we:
- Use API-only access without data retention for model training
- Implement contractual prohibitions on secondary data use
- Monitor compliance with published data handling policies
- Maintain technical controls to prevent unauthorized processing
Other Disclosures
We may share your information:
- Legal Requirements: To comply with laws, regulations, or valid legal processes
- Safety and Security: To protect against fraud, security threats, or illegal activity
- Business Transfers: In connection with mergers, acquisitions, or asset sales
- With Your Consent: For any other purpose with your explicit permission
International Data Transfers
Your personal data may be transferred to and processed in countries outside your residence, including the United States.
For EEA/UK Users:
- We implement Standard Contractual Clauses (SCCs) for transfers to non-adequate countries
- We conduct transfer risk assessments aligned with EDPB guidance
- We implement supplementary safeguards including encryption and access controls
- Formal Transfer Impact Assessments are available upon request
Safeguards in Place:
- End-to-end encryption for voice data transmission
- Access controls limiting personnel who can access transferred data
- Contractual restrictions on data use by international processors
- Regular compliance monitoring and auditing
Data Retention
Voice Recordings: Retained for up to 1 year for service delivery and improvement, then automatically deleted unless you request extended retention
Account Data: Maintained during your active subscription and for 30 days post-cancellation for account restoration
Usage Analytics: Aggregated, anonymized data may be retained indefinitely for service improvement
Legal Retention: Some data may be retained longer where required by law or for legal defense
Configurable Retention: Enterprise customers may request modified retention periods through their service agreements.
Your Privacy Rights
Universal Rights
- Access: Request copies of your personal data
</aside>