CallCopilot is an AI sales coaching tool that gives you real-time guidance during live calls. It tracks MEDDPICC methodology, suggests next-best questions, and helps handle objections — all invisible to your prospects and private from your manager.

Can my prospects or manager see CallCopilot?

No. CallCopilot runs privately on your screen only. It is completely invisible to prospects on the call and your coaching data is not shared with your manager or team unless you explicitly choose to share notes.

What sales methodologies does CallCopilot support?

CallCopilot tracks MEDDPICC (Metrics, Economic buyer, Decision criteria, Decision process, Paper process, Identify pain, Champion, Competition) with real-time scoring across all 8 dimensions during every call.

How much does CallCopilot cost?

CallCopilot offers a free plan with 4 coached meetings. Paid plans start at $18.99/month (Starter, 12 meetings), $24.99/month (Pro, 20 meetings), and $39.99/month (Max, 40 meetings). Annual plans get a 15% discount.

What CRMs does CallCopilot integrate with?

CallCopilot integrates with Salesforce, HubSpot, and other major CRMs to automatically sync call notes, MEDDPICC scores, and action items to your deal records.

Data Processing Addendum

Last updated: March 9, 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service (the “Agreement”) between CallCopilot (“Processor”, “we”, “us”) and the Customer (“Controller”, “you”) who has entered into the Agreement. This DPA applies to the extent that we process Personal Data on your behalf in the course of providing the CallCopilot service.

1. Definitions

In this DPA, the following terms have the meanings set out below. Any capitalised terms not defined here have the meanings given in the Agreement.

“Privacy Laws” means all applicable data protection and privacy legislation, including the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the Swiss Federal Act on Data Protection (FADP), the California Consumer Privacy Act (CCPA), and any successor or implementing legislation.
“Personal Data” means any information relating to an identified or identifiable natural person that is processed by CallCopilot on behalf of the Controller in connection with the Agreement.
“Subprocessor” means any third party engaged by CallCopilot to process Personal Data on behalf of the Controller.
“Standard Contractual Clauses” (SCCs) means the standard contractual clauses approved by the European Commission for the transfer of Personal Data to third countries, as set out in Commission Implementing Decision (EU) 2021/914.
“UK Addendum” means the International Data Transfer Addendum to the EU Standard Contractual Clauses, issued by the UK Information Commissioner under Section 119A of the Data Protection Act 2018.

2. Roles and scope of processing

The Customer is the Controller and CallCopilot is the Processor with respect to Personal Data processed under this DPA. We process Personal Data only on your documented instructions and solely for the purpose of providing the CallCopilot service as described in the Agreement.

You are responsible for ensuring that you have a lawful basis for providing Personal Data to us and that any necessary consents or notices have been obtained or provided.

3. Categories of data processed

The Personal Data processed under this DPA is limited to:

Account data: Name and email address of the Customer.
Calendar metadata: Meeting titles, times, and attendee names (if Google Calendar is connected). We do not access email content.
CRM metadata: Contact names, roles, and deal information synced from HubSpot or Salesforce (if a CRM integration is connected).
Usage data: Anonymous product usage analytics (features used, session duration). No call content is included.

Data we do not process: Call audio is streamed for real-time transcription and immediately discarded. Transcripts are stored locally on the Customer's device and are never transmitted to or stored on our servers. We do not have access to call transcripts, coaching history, or meeting notes.

4. Data subjects

The data subjects whose Personal Data may be processed under this DPA include: the Customer (account holder), meeting attendees (names and roles from calendar integrations), and CRM contacts (names, roles, and business contact details from connected CRM systems).

5. Confidentiality

We ensure that any personnel authorised to process Personal Data are subject to appropriate confidentiality obligations. Access to Personal Data is limited to personnel who require it to perform their duties.

6. Security measures

We implement appropriate technical and organisational measures to protect Personal Data, including:

Encryption of data in transit using TLS 1.3.
Encryption of data at rest using AES-256.
Infrastructure hosted on Cloudflare Workers with edge computing across 300+ global data centres.
Regular security reviews and vulnerability assessments.
Access controls and authentication for all internal systems.

For further details, see our Security page.

7. Subprocessors

You authorise us to engage the Subprocessors listed below. We will notify you of any intended changes to our Subprocessors by updating this page and, where you have subscribed to notifications, by email at least 14 days before the change takes effect. If you object to a new Subprocessor, you may terminate the affected service by notifying us within 14 days of our notice.

Subprocessor	Purpose	Location
Deepgram	Real-time speech-to-text transcription	United States
Anthropic	AI coaching and analysis (API)	United States
OpenAI	AI coaching and analysis (API)	United States
Google Cloud	AI coaching and analysis (Gemini API)	United States
xAI	AI coaching and analysis (Grok API)	United States
Cloudflare	Infrastructure, edge computing, storage	Global
Resend	Transactional email	United States

We require all Subprocessors to enter into data processing agreements that impose obligations no less protective than those in this DPA.

8. International data transfers

CallCopilot is based in the United Kingdom. Where Personal Data is transferred outside the UK, EEA, or Switzerland to a country not recognised as providing an adequate level of data protection, we ensure appropriate safeguards are in place:

EU Standard Contractual Clauses (SCCs): We rely on the SCCs approved by the European Commission (Module Two: Controller to Processor) for transfers from the EEA.
UK International Data Transfer Addendum: For transfers from the UK, we supplement the SCCs with the UK Addendum issued by the ICO.
Swiss Federal Act on Data Protection: For transfers from Switzerland, we rely on the SCCs as recognised by the Swiss Federal Data Protection and Information Commissioner.

9. Data subject rights

We will assist you in responding to data subject requests (access, rectification, erasure, portability, restriction, or objection) to the extent that we hold the relevant Personal Data. Given our local-first architecture, most user-generated data (transcripts, coaching data) is stored on the Customer's device and is outside our control. For account data we hold, we will respond to your instructions within 30 days.

10. Data breach notification

In the event of a Personal Data breach, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. Our notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.

11. Audit rights

We will make available to you, on request, all information reasonably necessary to demonstrate compliance with this DPA and applicable Privacy Laws. You may conduct audits (or appoint a third-party auditor) no more than once per year, with at least 30 days' written notice, during normal business hours, and subject to reasonable confidentiality obligations.

12. Data retention and deletion

Upon termination of the Agreement, or upon your written request, we will delete or return all Personal Data in our possession within 30 days, unless retention is required by applicable law. Since call transcripts and coaching data are stored locally on your device, deletion of that data is under your direct control.

13. Precedence

In the event of any conflict between this DPA and the Agreement, the terms of this DPA shall prevail with respect to the processing of Personal Data. This DPA is subject to the governing law and jurisdiction provisions of the Agreement.

Contact

For questions about this DPA or to exercise any rights under it, contact us at privacy@callcopilot.io.