Privacy Policy

Apr 10, 2025

This Privacy Policy describes the policies and procedures of Ultimate Tournament Inc., operating as Cobbery ("Cobbery", "the Company", "We", "Us" or "Our") on the collection, use, and disclosure of Your information when You use the Cobbery AI Calling Platform and related services (the "Service"). It tells You about Your privacy rights and how the law protects You.

We use Your Personal Data primarily to provide and improve the Service for Our business Clients. By using the Service (either as an individual User authorized by a Client or as a representative of a Client entity), You acknowledge the collection and use of information in accordance with this Privacy Policy. This Privacy Policy is incorporated into and forms part of the overall Agreement (as defined in our Terms and Conditions) between Cobbery and its Clients.

SECTION 1: Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

SECTION 2: Definitions

For the purposes of this Privacy Policy:

  • Agreement: Refers to the Services Agreement, Order Form(s), Terms and Conditions, this Privacy Policy, and any incorporated attachments between Cobbery and the Client.

  • Client (or "Organization"): Means the legal entity (e.g., company, organization) that enters into an Agreement with Cobbery for use of the Service.

  • User Account: Means a unique account credential (typically username/email and password) created for an individual User authorized by a Client to access the Service under the Client's Organization.

  • Business: For the purpose of the CCPA (California Consumer Privacy Act), refers to Cobbery as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing, or on behalf of which such information is collected, and that does business in the State of California.

  • Company: Refers to Cobbery**.**, 3411 Silverside Rd, STE 104, Wilmington DE, 19810, United States.

  • Consumer: For the purpose of the CCPA, means a natural person who is a California resident.

  • Cookies: Are small files placed on Your Device by a website, containing details of Your browsing history or session information.

  • Country: Refers to: Delaware, United States.

  • Data Controller: For the purposes of the GDPR (General Data Protection Regulation), refers to the entity which alone or jointly with others determines the purposes and means of the processing of Personal Data. Cobbery acts as a Data Controller for Personal Data related to Client accounts, billing, and User Account management. The Client typically acts as the Data Controller for Service Data processed using the platform.

  • Data Processor: For the purposes of the GDPR, refers to an entity which processes Personal Data on behalf of the Controller. Cobbery generally acts as a Data Processor for Service Data processed on behalf of the Client.

  • Device: Means any device that can access the Service such as a computer, a cellphone, or a digital tablet.

  • Do Not Track (DNT): Is a concept for allowing internet users to control the tracking of their online activities across websites.

  • Personal Data: Is any information that relates to an identified or identifiable individual. This includes information defined as "personal data" under GDPR and "personal information" under CCPA.

  • Sale: For the purpose of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.

  • Service: Refers to the Cobbery website ([cobbery.com] or successor URL), the Cobbery AI Calling Platform, applications, APIs, support, and related services provided by Cobbery.

  • Service Data: Means the data processed by Cobbery on behalf of the Client through the Client's use of the Service, including but not limited to call audio recordings, call transcriptions, AI analysis results, phone numbers called or received from, call metadata, and any other information uploaded or generated by the Client or its Users within the calling platform functions.

  • Service Provider: Means any natural or legal person who processes data on behalf of the Company (e.g., cloud hosting providers, payment processors, analytics services). For GDPR purposes, these are generally Data Processors.

  • Usage Data: Refers to data collected automatically about how the Service itself is accessed and used (e.g., IP address, browser type, pages visited, time spent, feature usage, diagnostic data).

  • Website: Refers to the Cobbery website, accessible from [cobbery.com] (or successor URL).

  • You: Means the individual User accessing or using the Service as authorized by a Client, or the Client entity itself when referring to the contractual relationship or Client-level data (e.g., billing). Where distinction is important, "User" or "Client" will be specified. Under GDPR, an individual User can be referred to as the Data Subject.

SECTION 3: Collecting and Using Your Personal Data

Types of Data Collected

  • Personal Data (Provided by Client or Users):

    • Client Account Information: Company name, address, primary contact person details (name, email, phone number), billing information (credit card details processed via third-party, bank account info for ACH if applicable).

    • User Account Information: User's full name, business email address, potentially business phone number, user credentials (managed securely, potentially via third-party like Clerk), role/permissions within the Organization.

    • Support and Communication Data: Information provided when contacting support or communicating with Us.

  • Usage Data:

    • Collected automatically when Users interact with the Service.

    • May include Device IP address, browser type/version, operating system, pages visited within the Service, time/date of visit, time spent on pages, feature usage patterns, unique device identifiers, diagnostic data.

  • Service Data (Processed on behalf of Client):

    • Cobbery processes data generated through the Client's use of the AI calling features, acting primarily as a Data Processor under the Client's direction as specified in the Agreement. This includes:

      • Call audio recordings and associated metadata.

      • Call transcriptions.

      • AI agent interaction data and analysis results derived from calls.

      • Phone numbers and contact information used or generated during campaigns.

      • Any other data uploaded or inputted by the Client/Users into the calling campaigns or platform.

    • The Client is solely responsible for ensuring it has the necessary rights, consents, and legal basis to collect, process, and instruct Cobbery to process Service Data via the platform in compliance with all applicable laws (including privacy, call recording, and telemarketing laws).

    • Security and Compliance Features: Cobbery implements technical and organizational measures designed to secure Service Data, including encryption of data at rest and in transit. Furthermore, Cobbery provides capabilities that Clients may configure (subject to the terms of their Agreement or Order Form), such as features for automatic redaction of sensitive Personal Data (e.g., PII, payment card information) from call transcripts or logs. For Clients subject to the Health Insurance Portability and Accountability Act (HIPAA), Cobbery can support HIPAA compliance for eligible Services, which requires the execution of a formal Business Associate Agreement (BAA) between Cobbery and the Client outlining specific responsibilities and safeguards. The specific security measures, data handling practices, and compliance features applicable are further detailed in the Agreement and associated documentation.

  • Tracking Technologies and Cookies:

    • We use Cookies and similar tracking technologies (beacons, tags, scripts) to track activity on Our Service, maintain user sessions, secure access, understand usage patterns, and improve the Service.

    • Types of Cookies We Use:

      • Necessary / Essential Cookies (Session & Persistent): Essential for Service operation, authentication, security, and providing core features. The Service may not function properly without them.

      • Functionality Cookies (Persistent): Allow Us to remember User choices (e.g., preferences) for a more personalized experience.

      • Tracking and Performance Cookies (Persistent, often Third-Party): Help Us understand traffic patterns, Service usage, performance, and test new features. Data is often aggregated or linked to a pseudonymous identifier. Examples include analytics providers like Google Analytics.

    • You can manage Cookie preferences through Your browser settings. However, refusing necessary Cookies may impact Service functionality. For more details, refer to documentation from your browser provider. We may also utilize a cookie consent management tool.

SECTION 4: Use of Your Personal Data

Cobbery uses Personal Data for the following purposes:

  • To provide and maintain our Service: Including monitoring usage, ensuring security, and delivering features as contracted with the Client.

  • To manage Client Organizations and User Accounts: Setting up Organizations, managing User access, authentication, and providing User-specific functionalities.

  • For the performance of a contract: To fulfill Our obligations under the Agreement with the Client, including providing the contracted Services, billing, and support.

  • To contact You: Communicating with Client representatives or individual Users regarding Service updates, security alerts, support requests, billing issues, or other information related to the Service via email, phone (where provided), or in-app notifications.

  • To provide You (Client contacts) with news, special offers, and general information: About other Cobbery products, services, or events, unless You have opted out.

  • To manage Your requests: Responding to inquiries and support requests from Clients or Users.

  • For business transfers: Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, where Personal Data is among the assets transferred.

  • For other legitimate business purposes: Such as internal data analysis (aggregate Usage Data), identifying usage trends, assessing promotional campaign effectiveness (for B2B marketing), improving the Service, fraud prevention, and ensuring legal/regulatory compliance.

Use of Service Data: Cobbery processes Service Data solely on behalf of and as instructed by the Client in accordance with the Agreement (including any Data Processing Addendum). This processing is to enable the core functionality of the AI calling platform for the Client. Cobbery may use aggregated and anonymized Service Data for internal analysis to improve the underlying AI models and platform performance, provided such data cannot identify the Client, its Users, or any individuals involved in the calls.

SECTION 5: Sharing Your Personal Data

We may share Personal Data in the following situations:

  • With Service Providers: Sharing information with third-party companies essential for providing the Service (e.g., cloud hosting providers like AWS/GCP/Azure, payment processors like Stripe, analytics providers, communication tools, customer support platforms). These providers are contractually bound to protect the data and use it only for the purposes We specify.

  • For business transfers: Sharing or transferring Personal Data in connection with negotiations or completion of any merger, sale of Company assets, financing, or acquisition.

  • With Affiliates: Sharing information within Our corporate group (parent company, subsidiaries), requiring them to honor this Privacy Policy.

  • With business partners: Sharing limited information only where necessary for specific integrations or joint offerings explicitly agreed upon with the Client.

  • As Directed by the Client: Sharing Service Data as instructed or configured by the Client through the platform's functionalities (e.g., via API integrations set up by the Client).

  • For Legal Compliance: Disclosing Personal Data if required by law, subpoena, or other legal process, or if We believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a valid government request.

  • With Your Consent: Disclosing Personal Data for any other purpose not listed here only with explicit consent from the relevant party (User or Client).

SECTION 6: Retention of Your Personal Data

  • Client/User Account Data: Retained for as long as the Client's account is active or as needed to provide the Service, plus a reasonable period thereafter as necessary to comply with Our legal obligations (e.g., financial record-keeping), resolve disputes, and enforce Our agreements.

  • Usage Data: Generally retained for a shorter period for internal analysis, unless needed for security, service improvement, or legal reasons requiring longer retention.

  • Service Data: Retained according to the terms specified in the Agreement with the Client. Cobbery will delete or return Service Data upon termination of the Agreement as instructed by the Client or as outlined in the Agreement, subject to legal retention requirements.

SECTION 7: Transfer of Your Personal Data

Your information, including Personal Data, is processed at Cobbery's operating offices and potentially in other locations where Our Service Providers are located. This means information may be transferred to — and maintained on — computers located outside of Your state, province, or country where data protection laws may differ. We will ensure appropriate safeguards are in place for such transfers as required by applicable law (e.g., Standard Contractual Clauses for transfers from the EEA/UK). Your use of the Service and submission of information represents Your agreement to these transfers, subject to those safeguards.

SECTION 8: Disclosure of Your Personal Data

Disclosure may occur under circumstances outlined in Section 5 (Sharing Your Personal Data), particularly for Business Transactions, Law Enforcement requests, or to comply with other legal requirements necessary to protect Cobbery's rights/property, prevent wrongdoing, or ensure safety.

SECTION 9: Security of Your Personal Data

The security of Your Personal Data and Service Data is important to Us. We implement and maintain reasonable administrative, technical, and physical security measures designed to protect the information against unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved and the nature of the data. However, no method of transmission over the Internet or electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your data, We cannot guarantee its absolute security. Security responsibilities are further detailed in the Agreement.

Our Commitment to Security Standards (Including SOC 2 Initiative): As part of Our ongoing commitment to maintaining a high level of data security and trust, Cobbery is actively pursuing industry-recognized security standards. We are currently working towards achieving SOC 2 Type II compliance. SOC 2 (System and Organization Controls 2) is an auditing standard developed by the AICPA that evaluates a service provider's systems based on the Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy).

Our process involves rigorous assessment and implementation of controls to ensure the security, availability, and confidentiality of the systems used to process Your Personal Data and our Clients' Service Data. We are currently undergoing the monitoring period for our SOC 2 attestation. Furthermore, as part of our validation efforts supporting our security posture and SOC 2 preparation, we have successfully completed independent penetration testing by Oneleet, demonstrating our proactive approach to identifying and mitigating vulnerabilities.

This initiative provides independent assurance of our security practices and demonstrates our dedication to protecting Your information and Service Data according to established frameworks. Detailed security documentation and access to the SOC 2 report (once the attestation is completed and the report is available) can typically be provided to Our Clients under a Non-Disclosure Agreement (NDA).

SECTION 10: Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data only to perform tasks on Our behalf and are obligated not to disclose or use it for any other purpose. Key categories include:

  • Analytics: We may use third-party providers (e.g., Google Analytics) to monitor and analyze the use of our Service (Usage Data). You can typically opt-out via browser add-ons or cookie settings. (Review Google's policies: policies.google.com/privacy).

  • Email Communications: We may use providers to manage and send service-related emails or B2B marketing communications (with opt-out) to Client contacts.

  • Payments: We use third-party payment processors (e.g., Stripe) for processing Client payments. We do not store full payment card details. Processors adhere to PCI-DSS standards. (Stripe's policy: stripe.com/us/privacy).

  • Infrastructure & Security: We may use providers for hosting, content delivery, and security services (e.g., reCAPTCHA for bot protection - Google's policy: www.google.com/intl/en/policies/privacy/).

SECTION 11: GDPR Privacy (For Users/Clients in the European Economic Area/UK)

  • Legal Basis for Processing Personal Data: We process Personal Data based on:

    • Performance of a Contract: Processing necessary to provide the Service to the Client under the Agreement.

    • Legal Obligations: Processing necessary to comply with applicable laws.

    • Legitimate Interests: Processing for Our legitimate interests (e.g., Service security, improvement, B2B marketing), provided these are not overridden by Your rights.

    • Consent: Where required (e.g., for certain cookies or marketing communications), we rely on Your consent.

  • Your Rights under the GDPR: If GDPR applies to You, You have the right to:

    • Request access to Your Personal Data.

    • Request correction of inaccurate Personal Data.

    • Request erasure of Your Personal Data ("right to be forgotten").

    • Object to processing based on legitimate interests.

    • Request restriction of processing.

    • Request data portability (for data processed based on consent or contract).

    • Withdraw consent at any time (where processing is based on consent).

    • Lodge a complaint with a supervisory authority.

  • Exercising Your Rights:

    • Individual Users should typically direct requests concerning their User Account data to Cobbery via the contact information below.

    • Requests concerning Service Data (call content etc.) should be directed to the Client Organization, as they are the Data Controller. Cobbery will assist the Client in responding to such requests as outlined in the Agreement (e.g., via a Data Processing Addendum).

    • We may need to verify Your identity before processing Your request.

SECTION 12: CCPA Privacy (For California Residents)

This section supplements the information contained in Our Privacy Policy and applies solely to California residents ("Consumers").

  • Categories of Personal Information Collected (in the last 12 months):

    • Category A: Identifiers (e.g., User name, email, IP address; Client contact name, address, email, phone). YES.

    • Category B: California Customer Records personal information categories (e.g., Name, contact details, User credentials; Client billing info). YES.

    • Category C: Protected classification characteristics under California or federal law. NO.

    • Category D: Commercial information (e.g., Records of services purchased by Client, usage history). YES.

    • Category E: Biometric information. NO.

    • Category F: Internet or other similar network activity (Usage Data). YES.

    • Category G: Geolocation data (Approximate location based on IP address might be inferred, but not precise tracking). NO (generally).

    • Category H: Sensory data (Audio data within Service Data, processed on behalf of Client). YES (as Processor).

    • Category I: Professional or employment-related information (User job title/role provided for account setup). YES.

    • Category J: Non-public education information. NO.

    • Category K: Inferences drawn from other personal information (e.g., basic usage patterns, but not detailed profiling). NO (generally for Cobbery's own use).

  • Sources of Personal Information: Directly from You (Users/Clients), Indirectly (observing Service usage), Automatically (Cookies), From Service Providers.

  • Use of Personal Information for Business/Commercial Purposes: As described in Section 4 ("Use of Your Personal Data").

  • Disclosure of Personal Information for Business/Commercial Purposes (in the last 12 months): We may have disclosed Categories A, B, D, F, I for business purposes to Service Providers, Affiliates, or as required by law, consistent with Section 5 ("Sharing Your Personal Data"). We process Category H on behalf of Clients.

  • Sale of Personal Information: Cobbery does not "sell" Personal Data as the term is traditionally understood or as defined under CCPA for monetary value. We do not sell Client data or Service Data. The use of certain third-party analytics or advertising cookies might potentially be construed as a "sale" (for valuable consideration, e.g., analytics insights) under CCPA's broad definition. We provide mechanisms to opt-out of such cookie-based tracking (See Section 13).

  • Sharing for Cross-Context Behavioral Advertising: We do not share Personal Data for cross-context behavioral advertising purposes.

  • Minors Under 16: The Service is not directed to minors under 16, and We do not knowingly collect or sell/share the Personal Data of minors under 16.

  • Your Rights under the CCPA:

    • Right to Know/Access: Request information about the categories and specific pieces of Personal Data collected, sources, purposes, and categories of third parties shared with/sold to.

    • Right to Delete: Request deletion of Your Personal Data, subject to exceptions.

    • Right to Correct: Request correction of inaccurate Personal Data.

    • Right to Opt-Out of Sale/Sharing: Direct Us not to sell Your Personal Data or share it for cross-context behavioral advertising. (As noted, We do not sell/share in this manner, but cookie opt-outs are provided).

    • Right to Limit Use of Sensitive Personal Information: (Not applicable as we don't typically collect/use SPI for our own purposes).

    • Right to Non-Discrimination: Not be discriminated against for exercising CCPA rights.

  • Exercising Your CCPA Rights: California residents can exercise their rights by contacting Us via the methods in the "Contact Us" section. Only You or an authorized agent registered with the California Secretary of State may make a verifiable request. We will need to verify Your identity. We aim to respond within 45 days. Requests concerning Service Data should generally be directed to the Client Organization.

SECTION 13: Do Not Sell or Share My Personal Information / Cookie Opt-Out

As stated, Cobbery does not sell Your Personal Data for monetary value. To the extent that the use of third-party analytics/performance cookies might be deemed a "sale" or "sharing" under CCPA, You may opt-out:

  • Via Cookie Settings: Adjust Your preferences through any cookie consent banner or settings tool We provide on Our Website.

  • Via Browser Settings: Manage cookies directly through Your browser.

  • Via Industry Opt-Out Tools: Utilize platforms like the NAI's (networkadvertising.org/choices/) or DAA's (optout.aboutads.info).

Please note opt-outs are typically browser/device specific.

SECTION 14: "Do Not Track" Policy (CalOPPA)

Our Service does not currently respond to Do Not Track (DNT) signals initiated by browsers.

SECTION 15: Children's Privacy

Our Service is not intended for or directed at individuals under the age of 18 (or 16/13 depending on jurisdiction). We do not knowingly collect personally identifiable information from children. If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us. If We become aware We have collected Personal Data from a child without appropriate parental consent, We will take steps to remove it.

SECTION 16: Your California Privacy Rights (Shine The Light Law)

California residents with an established business relationship may request information once a year about sharing certain Personal Data with third parties for their direct marketing purposes (if any). Contact Us using the information below if you are a California resident seeking this information. (Note: Cobbery primarily engages in B2B marketing, not typically sharing with third parties for their direct marketing).

SECTION 17: Links To Other Websites

Our Service may contain links to other websites not operated by Us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We advise You to review the privacy policy of every site You visit.

SECTION 18: Changes To This Privacy Policy

We may update Our Privacy Policy from time to time. We will notify Clients of material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and/or via email or a notice on the Service, as appropriate or required by the Agreement. You are advised to review this Privacy Policy periodically. Changes are effective when posted on this page.

SECTION 19: Contact Us

If you have any questions about this Privacy Policy or wish to exercise Your rights, please contact us:

  • By email: support@cobbery.com

  • By mail: Cobbery, 3411 Silverside Rd, STE 104, Wilmington DE, 19810, United States

‹ Terms of Service