Privacy Policy

What This Policy Covers

This privacy policy applies specifically to users of LeaderCoreAI's leadership training platform. It explains how we collect, use, store, and protect your personal information during demo sessions and training interactions.

1. Information We Collect

Personal Information You Provide

• Registration Details: Name, email address, company name
• Subscription Information: Subscription key (provided by your organization)
• Profile Data: Role designation (user, HR viewer, admin)

Training Session Data

• Conversation Transcripts: Complete records of your AI-powered leadership coaching sessions
• Performance Data: Scores, assessments, and feedback from completed scenarios
• Session Metadata: Timestamps, scenario selections, difficulty levels chosen
• Progress Tracking: Completion status, attempts, and learning path data

Technical Information

• Usage Analytics: How you interact with scenarios, time spent, navigation patterns
• Device Information: Browser type, IP address (for security and regional compliance)
• Error Logs: Technical issues for platform improvement (anonymized when possible)

AI Interaction Data

• Prompts and Responses: Your inputs to our AI system and the generated responses
• Context Data: Scenario details, frameworks, and coaching guidelines used in sessions
• Model Usage: Which AI models were used and token consumption for cost management

2. How We Use Your Information

Primary Purposes

• Delivering Training: Providing personalized AI-powered leadership coaching
• Progress Tracking: Monitoring your learning journey and skill development
• Performance Assessment: Generating scores, feedback, and improvement recommendations
• Content Personalization: Adapting scenarios and difficulty based on your progress

Secondary Purposes

• Platform Improvement: Analyzing usage patterns to enhance user experience
• Quality Assurance: Reviewing session quality and AI response accuracy
• Technical Optimization: Improving system performance and reliability
• Compliance: Meeting legal and contractual obligations

What We Don't Use Your Data For

• ❌ Selling to third parties
• ❌ Marketing unrelated products
• ❌ Creating profiles for advertising
• ❌ Sharing with competitors

3. Data Processing & AI Integration

AI Processing (Google Gemini)

• Your conversation data is sent to Google's Gemini AI for generating coaching responses
• Privacy-First Approach: We use Google's enterprise-grade AI services with strong privacy protections
• No Training on Your Data: Google does not train their models on your specific conversations
• Regional Processing: Data processed in Europe (europe-central2) for GDPR compliance

Framework Integration

• Leadership Frameworks: Your responses are evaluated against established leadership methodologies
• Contextual Coaching: AI responses incorporate your organization's specific frameworks and culture
• Scoring Algorithms: Automated assessment based on leadership competency models

Session Analysis

• Performance Metrics: Scores calculated across multiple leadership dimensions
• Improvement Recommendations: AI-generated suggestions based on your session performance
• Progress Tracking: Comparative analysis of your development over time

4. Data Storage & Security

Where Your Data Lives

• Primary Database: Google Firestore (europe-central2 region)
• File Storage: Firebase Storage for generated reports and assessments
• Backup Storage: Encrypted backups in Google Cloud Storage (same region)
• Analytics: Anonymized usage data in BigQuery for platform insights

How We Protect Your Data

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions - you can only see your own data
• Authentication: Multi-factor authentication available for admin accounts
• Regional Compliance: All data stored in European data centers for GDPR compliance
• Rate Limiting: Protection against unauthorized access attempts
• Regular Security Audits: Comprehensive security reviews completed

Data Retention Policies

• Session Data: Sessioms containing your conversations with the AI are deleted every 24 hours
• Performance Reports: Retained for 10 days after generation (then automatically deleted)
• Backup Data: Encrypted backups kept for 30 days, then permanently deleted
• Analytics Data: Fully anonymized insights kept indefinitely for platform improvement

5. Data Sharing & Third Parties

Who Has Access to Your Data

• You: Full access to your own sessions, scores, and reports
• Your Organization's HR Team: Access to anonymized abd aggregated progress data (if designated as HR viewers)
• System Administrators: Technical access for platform maintenance (logged and audited)

Third-Party Services We Use

• Google Cloud Platform: Infrastructure, database, and AI services
• Vercel: Website hosting and content delivery

What We Never Share

• ❌ Individual conversation transcripts with unauthorized parties
• ❌ Personal information with marketing companies
• ❌ Performance data with other organizations
• ❌ Identifiable information in analytics or research

6. Your Rights & Controls

Access Rights

• View Your Data: Access all your scores and profile information
• Download Reports: Generate and download PDF reports of your progress

Control Rights

• Data Correction: Update your profile information at any time
• Session Management: Sessions are marked for deletion immediately after session end
• Preference Settings: The system does not send you notifications except a one-time invitation email to a demo subscription or a password reset email, if you choose to trigger it.

Privacy Rights (GDPR Compliance)

• Right to Access: Request a copy of all data we hold about you
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Export your data in a structured, machine-readable format
• Right to Object: Object to certain types of data processing

How to Exercise Your Rights

7. Data Lifecycle Management

During Active Use

• Real-time Processing: Your inputs processed immediately for AI responses
• Session Storage: Conversations saved 24 hours for performance calculation and anonymized analytics, then automatically deleted
• Performance Calculation: Scores generated and stored after session completion
• Report Generation: User-downloadable PDF assessments created

Session Completion

• Immediate Availability: Scores available for review
• 10-Day PDF Window: Generated reports available for download for 10 days
• Progress Integration: Session results integrated into your overall progress tracking

Subscription End

• 30-Day Grace Period: Performance Data remains accessible for 30 days after subscription ends, but will be deleted upon subscription expiry for demo users
• Automated Deletion: Personal data permanently deleted after grace period, but will be deleted upon subscription expiry for demo users
• Analytics Anonymization: Your data anonymized for platform insights

GDPR Right to Erasure

• System Cleanup: Technical data purged from backups within 30 days
• Analytics Impact: Your data is by default anonymized in any retained analytics
• Verification: Confirmation email sent when deletion is complete

8. International Data Transfers

Regional Strategy

• Primary Processing: All data processed within the European Union (europe-central2)
• Google Services: Data may be processed by Google's global infrastructure with EU adequacy protections
• Backup Storage: All backups maintained within EU data centers
• No US Processing: Your personal data is not processed in the United States

9. Cookies & Tracking

Essential Cookies

• Browser storage: Authentication tokens stored in browser's local storage/IndexedDB via Firebase SDK
• UI preferences: Minimal cookie usage for interface settings (sidebar state)
• Token-based authentication: Secure token-based authentication without traditional session cookies
• Tracking: No cross-site tracking

What We Don't Use

• ❌ Third-party advertising cookies
• ❌ Cross-site tracking pixels
• ❌ Social media tracking
• ❌ Behavioral profiling for marketing

10. Demo-Specific Considerations

Demo Data Handling

• Same Security Standards: Demo data receives the same protection as production data

11. Children's Privacy

LeaderCoreAI is designed for professional adults in leadership roles. We do not knowingly collect information from individuals under 18 years of age. If we discover that a minor has provided personal information, we will delete it immediately.

12. Contact Information

Privacy Questions

Technical Support

Data Protection Officer

13. Legal Basis for Processing (GDPR)

Legitimate Interests

• Platform Operation: Providing the leadership training service you've requested
• Security: Protecting your data and our systems from threats
• Improvement: Enhancing platform functionality based on usage patterns

Contractual Necessity

• Service Delivery: Processing necessary to provide the demo experience
• Performance Assessment: Generating the scores and feedback
• Technical Support: Resolving issues and maintaining service quality

Consent-Based Processing

• Marketing Communications: Only with your explicit opt-in consent
• Optional Features: Advanced analytics or social features (if implemented)
• Research Participation: Contributing to platform improvement studies (voluntary)