1. Who We Are
ТОВ "МікХелпер" (MicHelper LLC), based in Lviv, Ukraine, provides AI-powered sales quality control software for retail networks. Our platform enables businesses to record, transcribe, and analyze sales consultations to improve service quality and sales performance.
Controller vs. Processor
Depending on the context, MicHelper acts in different capacities:
- Data Controller: For account information, billing data, and service usage analytics, we determine the purposes and means of processing.
- Data Processor: For audio recordings, transcripts, and employee performance data, we process this information on behalf of our business customers (the Controllers) according to their instructions and our Data Processing Agreement.
If you are an employee whose conversations are being recorded, your employer is the Data Controller for that processing. Please contact your employer for information about how they handle your data.
2. Data We Collect
2.1 Account Information
When you create an account or your employer creates one for you, we collect:
- Name, email address, phone number (optional)
- Company/organization name and role
- Login credentials (passwords are hashed, never stored in plain text)
- Language and timezone preferences
2.2 Usage Data
We automatically collect information about how you interact with our service:
- Login timestamps and session duration
- Features accessed and actions performed
- Browser type, operating system, and device information
- IP address and approximate location (country/region level)
2.3 Device & Technical Data
For our recording devices (microphones) and web application:
- Device identifiers and status
- Connection quality metrics
- Error logs and diagnostic information
2.4 Audio & Transcript Data
This is the core data we process for our service. See Section 3 for detailed information.
2.5 Data from Third-Party Authentication
If you choose to sign in using Google OAuth, we receive and store:
- Your Google account email address
- Your display name
- Your Google account identifier
We do not access your Google contacts, calendar, or any other Google services data. You can disconnect Google authentication at any time through your account settings.
2.6 Push Notifications
If you enable push notifications, we collect and store a device token used solely to deliver notifications to your device. You can disable push notifications at any time through your device settings or the application. Device tokens are deleted when you unsubscribe from notifications or delete your account.
2.7 Telegram Bot Data
If you interact with our Telegram bot, we collect and store:
- Your Telegram chat ID and username
- Message history with the bot
- Your notification preferences
This data is used to provide bot functionality, deliver notifications, and process your requests. You can stop interacting with the bot at any time by blocking it in Telegram, which will cease all data collection. Existing data will be deleted according to our standard retention policies or upon request.
3. Audio Recordings & Transcripts
3.1 What We Record
Our service records audio from designated microphones in retail locations. These recordings capture sales consultations between employees and customers. The recording devices are placed in accordance with local laws and with appropriate signage.
3.2 Audio Processing
Audio recordings are processed transiently. Audio is uploaded to our servers solely for the purpose of transcription. Once transcription is complete, the original audio file is permanently deleted immediately. Audio is never stored long-term on our servers. During the brief processing window, audio is encrypted in transit (TLS 1.2+) and at rest.
3.3 Transcription Process
Audio is transcribed using advanced AI speech recognition technology. The AI provider processes data for inference only with zero data retention. No customer data is used for AI model training. Transcripts may include:
- Text content of the conversation
- Speaker identification (employee vs. customer)
- Timestamps and segment boundaries
- Language detection results
3.4 Transcripts
Text transcripts generated from audio recordings persist during your subscription. Transcripts are a core service feature used for analytics, coaching, and reporting. Transcripts are encrypted at rest.
3.5 Quality Analysis
Transcripts are analyzed against sales scripts and rules configured by the network administrator to generate:
- Script compliance scores
- Performance metrics and rankings
- Violation flags and recommendations
AI analysis is provided for informational purposes only. Accuracy is not guaranteed.
4. Legal Bases for Processing (GDPR)
We process personal data based on the following legal grounds:
4.1 Contract Performance
Processing necessary to fulfill our service agreement with business customers, including account management, service delivery, and support.
4.2 Legitimate Interests
Processing necessary for our legitimate business interests, such as:
- Improving and developing our services
- Preventing fraud and ensuring security
- Analyzing usage patterns to optimize performance
4.3 Consent
Where required by law, we obtain consent for:
- Marketing communications
- Processing beyond what is strictly necessary for service delivery
4.4 Legal Obligations
Processing necessary to comply with applicable laws, such as tax reporting, fraud prevention, and responding to lawful requests from authorities.
5. How We Use Your Data
We use the data we collect for the following purposes:
5.1 Service Delivery
- Processing and analyzing audio recordings
- Generating transcripts and quality scores
- Creating reports, rankings, and analytics
- Enabling Excel/CSV exports
5.2 Account Management
- User authentication and authorization
- Role-based access control (RBAC)
- Subscription and billing management
5.3 Communication
- Service notifications and alerts
- Support responses
- Product updates (with consent)
5.4 Improvement & Development
- Analyzing usage patterns to improve features
- Debugging and troubleshooting
Customer data is NOT used for AI model training. Customer data is NOT shared with AI providers for training.
6. Data Sharing & Subprocessors
6.1 We Do Not Sell Your Data
We do not sell, rent, or trade personal data to third parties for their marketing purposes.
6.2 Subprocessors
We use the following third-party service providers (subprocessors) to operate the Service. Each subprocessor processes data only as necessary for its stated purpose.
| Company | Purpose | Location | Data Processed |
|---|---|---|---|
| AI Inference Provider | AI inference: speech-to-text, transcript analysis, reasoning. Zero data retention. | United States | Audio recordings (transient), transcripts (transient) |
| Render Services, Inc. | Cloud hosting, compute, persistent storage | United States (Oregon) | All platform data |
| Telegram FZ-LLC | Bot notifications and management interface (optional) | Cloud | Chat IDs, notification content, user preferences |
We maintain this list and will notify customers of changes at least 30 days in advance. To subscribe to subprocessor change notifications, contact michelperhelp@gmail.com.
6.3 Legal Requirements
We may disclose data when required by law, court order, or to protect our rights, property, or safety.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity.
7. International Data Transfers
Your data is hosted in the United States (Render, Oregon region). An EU data center is planned for Summer 2026.
When we transfer data from the European Economic Area (EEA), UK, or Switzerland to countries not deemed to provide adequate protection, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Other lawful transfer mechanisms as appropriate
Our business customers can request information about the specific safeguards in place for their data by contacting michelperhelp@gmail.com.
Restricted Transfers: MicHelper does not transfer personal data to Russia, China, Belarus, or any country subject to EU/US comprehensive sanctions. None of our subprocessors are located in these jurisdictions.
8. Data Retention
Audio Recordings
Raw audio recordings are processed transiently. Audio is uploaded solely for transcription. Once transcription is complete, the original audio file is permanently deleted immediately. Audio is never stored long-term on our servers.
Transcripts
Text transcripts persist during your subscription. Transcripts are a core service feature that enables analytics, coaching, and reporting. They are retained for the duration of your active subscription.
Analytics, Scores & Performance Data
QA scores, coaching notes, event timelines, and metadata persist during your subscription plus 30 days after termination, to allow for data export.
Account & Configuration Data
User accounts, network configurations, scripts, and system settings are retained for the subscription term plus 30 days following account termination to allow for data export.
Audit Logs
Security and access logs are retained for 90 days.
Summary
| Data Type | Retention |
|---|---|
| Raw audio recordings | Deleted immediately after successful transcription |
| Transcripts | Persist during subscription |
| Analytics & QA scores | Persist during subscription + 30 days after termination |
| Account data | Subscription term + 30 days |
| Audit logs | 90 days |
9. Security Measures
We implement technical and organizational measures to protect your data:
9.1 Technical Measures
- Encryption in Transit: All data transmitted using TLS 1.2 or higher
- Encryption at Rest: Encrypted data at rest
- Access Controls: Role-based access control (RBAC) with principle of least privilege
- Authentication: Secure password hashing (bcrypt), session management
- Rate Limiting: Protection against abuse and brute-force attacks
- CSRF Protection: Cross-site request forgery prevention
9.2 Organizational Measures
- Audit Logging: All data access and modifications are logged (retained 90 days)
- Incident Response: Documented procedures for security incidents
- Regular Reviews: Periodic security assessments and updates
9.3 Incident Notification
In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law, within 72 hours of becoming aware of the breach.
10. Cookies
We use essential cookies only. We do not use tracking, analytics, or marketing cookies.
| Cookie Name | Purpose | Type |
|---|---|---|
| csrf_token | Security (CSRF protection) | Essential |
| connect.sid | Session authentication | Essential |
| oct_consent | Consent preference | Essential |
11. Your Rights
Depending on your location and applicable law, you may have the following rights:
11.1 GDPR Rights (EEA/UK)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw previously given consent at any time
11.2 Exercising Your Rights
To exercise any of these rights:
- Email us at michelperhelp@gmail.com
- Use the Privacy Requests feature in your MicHelper account
- If you are an employee, contact your employer (the Data Controller)
We will respond to verified requests within 30 days (or as required by law).
12. Children's Privacy
MicHelper is a business-to-business service and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
13. Contact & Complaints
13.1 Contact Us
For privacy-related questions or to exercise your rights:
- Privacy inquiries: michelperhelp@gmail.com
- General support: michelperhelp@gmail.com
13.2 Supervisory Authority
If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last updated" date at the top of this page
- For significant changes, we will provide notice through our service or via email
- Continued use of our service after changes become effective constitutes acceptance
We encourage you to review this policy periodically.