Privacy
How we handle your data.
Effective April 2, 2026 · Updated April 15, 2026
1. Who We Are
CallSherpa is a call-for-proposals management platform operated from Canada. This policy applies to all users: organizers who create calls, applicants who submit proposals, and reviewers who score submissions.
2. Data We Collect
Account data (all users)
- Name and email address (collected via Clerk authentication)
- Optional profile fields: phone, company, role, location, website
Organizer data
- Call details you create (title, description, form fields, rubric)
- API keys for OpenRouter and SourceVerify (stored encrypted with AES-256-GCM)
- Stripe payment information (processed directly by Stripe; we store subscription identifiers only)
Applicant data
- Proposal responses (text, file uploads) for each call you apply to
- Application status and submission timestamps
- References you provide (may be submitted to SourceVerify for verification — see Section 4)
Voice data (AI Max tier only)
- Real-time voice audio streamed during voice assistant sessions
- Audio is processed live by Google Gemini and is not stored by CallSherpa
Reviewer data
- Review scores, comments, and recommendations you submit
- Assignment and completion timestamps
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Operating the platform (authentication, saving drafts, submitting proposals) | Contractual necessity |
| Enabling organizers to manage their review process | Contractual necessity |
| Sending transactional emails (invite links, assignment notifications, decision notifications) | Contractual necessity |
| AI-assisted call creation (processing pasted documents) | Consent (organizer action) |
| AI-assisted review (processing proposal text for reviewer chat) | Consent (disclosed at time of use) |
| AI-drafted decision emails (processing proposal data and reviewer comments) | Legitimate interest |
| Voice assistant sessions — real-time voice I/O processed by Google Gemini (AI Max tier only) | Consent (disclosed at session start) |
| Reference verification via SourceVerify | Consent (checkbox on application form) |
| Billing and subscription management | Contractual necessity |
4. Third-Party Data Processors
All processors are based in the United States. Data transferred to the United States is subject to US law. Canadian users are advised that this constitutes a cross-border transfer under PIPEDA Schedule 1, Principle 7.
| Processor | Purpose | Data Transferred |
|---|---|---|
| Clerk | Authentication | Name, email, password credentials |
| Convex | Database and file storage | All application data, proposals, reviews, files |
| Stripe | Payment processing | Payment card data, billing address |
| OpenRouter | AI model inference | Proposal text, reviewer comments (when AI features are used) |
| Resend | Transactional email | Recipient email addresses, email content |
| Voice AI processing (AI Max tier) | Real-time voice audio during voice assistant sessions; audio is not retained by Google beyond the session | |
| SourceVerify | Reference verification | Reference citation text only (when enabled by organizer) |
| Cloudflare R2 | File storage | Uploaded proposal files, PDFs, attachments, and call banner images |
SourceVerify only receives individual reference citation strings — never the full proposal text. Full proposal content is only sent to OpenRouter when AI features are actively used. Voice audio is streamed to Google Gemini only during active AI Max voice sessions and is not retained by CallSherpa or Google beyond the session.
5. No Selling or Sharing
We do not sell, rent, or share your personal data with third parties for their own marketing or commercial purposes. Your data is only shared with the third-party processors listed above, solely to operate the platform and provide the services you use. We do not use your proposal content, review comments, or any other user data to train AI models.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Until account deletion |
| Submitted proposals | 3 years after the associated call closes |
| Draft applications (never submitted) | 90 days after last update |
| Review scores and comments | 3 years after the associated call closes |
| Reviewer invites | 1 year after creation |
| Reference verification results | 1 year after completion |
| Stripe subscription records | Duration of subscription + 7 years (tax records) |
7. Your Rights
Under PIPEDA (and where applicable, GDPR), you have the right to:
- Access: Request a copy of your personal data. Contact privacy@callsherpa.ai.
- Correction: Update incorrect data via your Profile page.
- Erasure: Delete your account via Profile > Delete Account. This removes your account, all proposals you submitted, uploaded files, reviews you wrote, and any calls you own.
- Portability: Request an export of your submitted proposals and review history.
- Withdrawal of consent: Where processing is based on consent (AI features, reference verification), you may withdraw consent by not using those features or by contacting us.
- Complaint: You may lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
8. Applicant-Specific Rights
Your submitted proposal is shared with the organizer of the call and any reviewers the organizer assigns. If the organizer enables blind review, reviewers will not see your name or identity fields, but they will see your proposal content.
If the organizer uses AI features, your proposal content may be processed by AI services (see Section 4). If you consent to reference verification, the reference citations you provide will be submitted to SourceVerify. Your full proposal is never sent to SourceVerify.
9. Security
Account passwords and social sign-in are managed by Clerk. API keys are encrypted at rest using AES-256-GCM with a per-deployment derived key. Files are stored in Convex managed file storage with access-controlled URLs. All editor, reviewer, and applicant operations are protected by role-based authorization checks.
10. Cookies
CallSherpa uses only essential cookies required for the platform to function. We do not use analytics, advertising, or tracking cookies.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __session | Clerk | Authentication session | Session |
| __client_uat | Clerk | Session freshness check | Session |
| callsherpa-cookies | CallSherpa | Records cookie consent | 1 year |
Because these cookies are strictly necessary for the platform to operate, they do not require opt-in consent under PIPEDA or GDPR. You can disable cookies in your browser settings, but this may prevent you from signing in.
11. Changes to This Policy
We will notify users of material changes by email or by posting a notice on the platform. Continued use after the effective date constitutes acceptance.
12. Contact
Privacy inquiries: privacy@callsherpa.ai