Rehearsable icon

Rehearsable

Return to Rehearsable


Rehearsable Privacy Policy


Last updated: 09-Apr-2024


1. Introduction 2. The type of personal information we collect 3. How we get the personal information and why we have it 4. How we store your personal information 5. Your data protection rights 6. International transfer 7. How to complain 8. Notification of changes and acceptance of policy 9. Interpretation 10. Terms of Use

1. Introduction and definitions

Welcome to Rehearsable’s Privacy and Data Protection Policy (“Privacy Policy”).

At Rehearsable Ltd (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.


Our contact details

Name: Rehearsable Ltd
Email: hello@rehearsable.ai


Useful definitions

  • Creator Company: a company with a direct relationship to Rehearsable Ltd through the Master Services Agreement; equivalent to 'Customer' in the MSA
  • Learner Company: a customer of a Creator Company with access to their associated Creator Company's Rehearsable services
  • User: any registered user of Rehearsable, including Creator Users, Learner Users and Demo Users
  • Authorised User: an individual identified by the Creator Company as authorised to access the Software and/or Services in accordance with their Master Services Agreement, and may include employees, contractors or customers of the Creator Company
  • Creator User ("Creator"): an Authorised User with a Creator account (typically an employee or contractor of a Creator Company)
  • Learner User ("Learner"): an Authorised User with a Learner account (typically an employee or contractor of a Learner Company)
  • Demo User: a registered user with a Demo account (not a member of a Creator Company or Learner Company)

2. The type of personal information we collect

We currently collect and process the following information:

  • Profile/Identity Data: This is data relating to your first name and last name.
  • Contact Data: This is data relating to your email address.
  • Marketing and Communications Data: This is your preferences in receiving marketing information and other information from us.
  • Transactional Data:This is information of details and records of all payments made by Creators for our services or products.
  • Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.
  • Customer Support Data: This is data relating to any support requests, issue reports, feedback and survey responses you provide.
  • Usage Data: information about how you use our website, products and services (e.g. clicks, page views etc.).
  • User Content Data (”User Content”): This is data relating to any input you provide to our services to engage with the scenarios, including the messages you send within a scenario conversation, or voice recordings if you use the voice recognition feature in a scenario
  • Creator Content Data ("Creator Content"): This is data relating to any input a Creator provides to our services to create scenarios, including prompts (instructions) to the AI system
  • Generated Output Data: This is data generated by the artificial intelligence (AI) services based on inputs provided from Creator Content and User Content.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. In accordance with our Terms of Use, you must not input any sensitive personal data or confidential information to Rehearsable.


3. How we get the personal information and why we have it

Set out below is a table containing the different types of personal information we collect, how we use it and the lawful basis for processing that information.

Examples provided in the table below are indicative in nature and the purposes for which we use your information may be broader than described but we will never process your information without a legal basis for doing so and it is for a related purpose. For further inquiries please contact us by email at hello@rehearsable.ai.

Activity Type of data Legal Justification Lawful basis for processing
when a user registers an account

Profile/Identity Data

Contact Data

Marketing and Communications Data

Technical Data

Usage Data

Consent

Contractual Obligations

Legitimate Interest

We need to process this data to create an account for a user and provide them with the relevant accesses
when a Creator or Learner administrator invites new users

Profile/Identity Data

Contact Data

Consent

Contractual Obligations

Legitimate Interest

We need to process this data to set up user accounts and send invitations to users
when a user inputs content (User Content, Creator Content) into the web application (e.g. scenario designs, conversation messages)

Profile/Identity Data

Technical Data

Usage Data

User Content Data

Creator Content Data

Contractual Obligations

Legitimate Interest

We need to process this data to provide our AI conversation practice and feedback services
when a user requests support or provides feedback

Profile/Identity Data

Contact Data

Marketing and Communications Data

Technical Data

Customer Support Data

Usage Data

Contractual Obligations

Legitimate Interest

We need to process this data so that we can diagnose user issues, collect and understand feedback, and contact the user where follow-up is required or requested
when a user interacts with the features and functionality of the website

Profile/Identity Data

Technical Data

Usage Data

User Content Data

Creator Content Data

Legitimate Interest

We need to process this data to help us analyse and better understand how you are using our product in order to improve your experience. We use third-party analytics providers who use cookies and other technologies to collect data on our users' behaviour (e.g. clicks, page views, time spent) and their devices (e.g. IP address, device type, browser information)
when a Creator pays an invoice for our services

Transactional Data

Contractual Obligations

Legal Compliance

We need to process this data to keep a record for our internal accounting purposes

We may share this information with a small number of carefully-selected service providers and data sub-processors to help operate and optimise the service we provide, including Google, Microsoft, OpenAI, Heap, Hotjar.

We may share with Creator Companies:

  • Individual Learner User Content Data and Generated Output Data (including conversations and feedback, and user-created scenarios) to enable the Creator Companies to provide tailored assistance where needed (e.g. for workshop facilitators or coaches)
  • Aggregated engagement, usage, performance data (e.g. average feedback scores from Generated Output, overall themes of feedback from Generated Output, participation rates) so that the Creator Company (e.g. workshop facilitators and coaches) can focus on areas where the group may need support

We may share with Learner Companies:

  • Aggregated engagement, usage, performance data (e.g. average feedback scores from Generated Output, overall themes of feedback from Generated Output, participation rates) so that the Learner Company can understand the value from Learners' use of Rehearsable, and notice where Learners may need support.

We will not share individual Learner User Content Data and Generated Output Data with Learner Companies as we believe this would undermine the judgement-free benefits of an AI coach.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • "Consent": Certain situations allow us to collect your personal information, such as when you ‘opt in’ to a service. You are able to remove your consent at any time. You can do this by contacting us by email at hello@rehearsable.ai.
  • "Contractual Obligations": We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

We may share your Personal Data with subcontractors or affiliates, subject to confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions.

We may also share Personal Data with interested parties in the event that Rehearsable Ltd anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.

If Rehearsable Ltd is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data to a third party as part of or in connection with that transaction. Upon such transfer, the Privacy Policy of the acquiring entity may govern the further use of your Personal Data. In all other situations your data will still remain protected in accordance with this Privacy Policy (as amended from time to time).

We may share your Personal Data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.

Rehearsable.ai may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave Rehearsable.ai, we encourage you to read the privacy policy of every website you visit.


4. How we store your personal information

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. We implement various security measures and industry best practices to ensure the security of your Personal Data on our systems, including:

  • Hosting (e.g. for webservers, databases) on Google Cloud, following their best practices, e.g. encryption in transit and HTTPS;
  • Best practices for user authentication, e.g. computationally-expensive cryptographic hashing and salting of passwords, default to well-known libraries for security and login functionality, conceal whether users exist, and role-based permissions;
  • For Rehearsable Ltd employees/contractors, we use strong passwords and keys, multi-factor authentication and/or single-sign-on where possible;
  • We follow security best practices for user input (e.g. for web forms), and best-effort protections against malicious AI attacks such as prompt injection.

We use cookies (a small text file saved to your browser when you visit a website) to enable the effective functioning of our product. You can control the use of cookies in your browser settings by choosing whether to accept, reject or notify you on the use of cookies.

Any personal information collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Rehearsable Ltd to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us.

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for. We will then dispose of your information by removing any personally-identifiable information from our systems. We may retain your personal information for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.


5. Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us by email at hello@rehearsable.ai if you wish to make a request.

California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to hello@rehearsable.ai.


6. International transfer of data

Your information may be stored and processed in the US or other countries or jurisdictions outside the US where Rehearsable Ltd has facilities. By using Rehearsable Ltd, you are permitting and consenting to the transfer of information, including Personal Data, outside of the US.


7. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by emailing hello@rehearsable.ai.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website https://www.ico.org.uk


8. Notification of changes and acceptance of policy

We keep our Privacy Policy under review and will place any updates here. This version is dated 9th April 2024.

By using Rehearsable, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Rehearsable will constitute your express acceptance of any modifications to this Privacy Policy.

Updates

  • 09-Apr-2024: 3. How we get the personal information and why we have it updated to include user-created scenarios in Individual Learner User Content Data that may be shared with Creator Companies as part of new user scenario creation functionality

9. Interpretation

All uses of the word "including" mean "including but not limited to" and the enumerated examples are not intended to in any way limit the term which they serve to illustrate. Any email addresses set out in this policy may be used solely for the purpose for which they are stated to be provided, and any unrelated correspondence will be ignored. Unless otherwise required by law, we reserve the right to not respond to emails, even if they relate to a legitimate subject matter for which we have provided an email address. You are more likely to get a reply if your request or question is polite, reasonable and there is no relatively obvious other way to deal with or answer your concern or question (e.g. FAQs, other areas of our website, etc.).

Our staff are not authorised to contract on behalf of Rehearsable Ltd, waive rights or make representations (whether contractual or otherwise). If anything contained in an email from a Rehearsable Ltd address contradicts anything in this policy, our terms or any official public announcement on our website, or is inconsistent with or amounts to a waiver of any Rehearsable Ltd rights, the email content will be read down to grant precedence to the latter. The only exception to this is genuine correspondence expressed to be from the Rehearsable Ltd legal department.