Meddicc Score

Enhance your sales process with Meddicc score for Hubspot

Privacy Policy

Last updated: July 4, 2025

Meddicc Score (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application (the “Application”). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OUR APPLICATIONS.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted.

This Privacy Policy does not apply to the third-party online/mobile store or marketplace from which you install the Application or make payments, including any in-app virtual items, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

Integration with HubSpot

This application is integrated with HubSpot and is available through the HubSpot Apps and Marketplace. By using this application, you also agree to HubSpot’s terms and policies. For more information, please refer to HubSpot’s Privacy Policy and HubSpot’s Terms of Service.

Collection of Your Information

We collect information about you in various ways to provide and improve our services. The types of information we collect depend on your interactions with our application but it is limited to:

Information Collected and Stored by MeddiccScore

  • Personal Data. Demographic Information:

    • User email
    • Any other personally identifiable information you voluntarily provide when participating in activities related to the Application, such as sending feedback and responding to surveys.

  • HubSpot User Information:

    • User email
    • Account name

  • Deal Information:

    • Deal name
    • Deal amount
    • Deal closing date
    • Deal stage
    • Responses to the framework

  • Usage Information:

    • Last use dates of MeddiccScore

Information Collected and Stored by Stripe

  • User Email:

    • Email address used for billing and communication

  • Financial Information (optional):

    • Address
    • Legal name
    • Payment details (e.g., credit card number, expiration date)

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. We store only very limited, if any, financial information that we collect. All payments are managed by Stripe. See their Privacy Policy here:

Stripe’s Privacy Policy

Information Collected but Not Stored (Used in the LLM)

  • HubSpot Engagement Records for the Deal:
    • Notes
    • Emails
    • Tasks
    • Calls
    • Meetings

Our app integrates services powered by OpenAI’s ChatGPT, an advanced language model that facilitates dynamic interactions and content generation. By using our app, you acknowledge and agree to the following:

  1. Nature of ChatGPT: ChatGPT is an AI-based service designed to assist users by generating responses, suggestions, and content based on input provided by the user. While we strive to ensure the accuracy and relevance of these responses, it is important to understand that ChatGPT-generated outputs may not always be correct, complete, or applicable to your specific situation.

  2. Data Handling: The queries and information submitted to ChatGPT may be processed and stored by OpenAI in accordance with their privacy policy. We do not have direct control over how OpenAI manages the data you provide through these interactions, and you are encouraged to review OpenAI’s Privacy Policy for more details on their data handling practices.

  3. User Responsibility: You are responsible for how you use the content provided by ChatGPT. The outputs generated by ChatGPT are intended for informational purposes only and should not be considered professional, legal, financial, or medical advice. Always verify critical information with qualified experts.

  4. Limitations and Liability: While we integrate OpenAI’s technology to enhance the user experience, we do not guarantee the performance, availability, or suitability of ChatGPT for any particular purpose. Our app is not liable for any consequences arising from the use of ChatGPT-generated content, including any inaccuracies, omissions, or actions taken based on the information provided.

  5. Updates and Changes: As OpenAI continues to develop and improve its services, updates or changes may be made to the integration of ChatGPT within our app. We reserve the right to modify or discontinue the use of ChatGPT in our app without prior notice.

  6. Use of your data for training models: According to OpenAI’s current policy, As of March 1, 2023, data sent to the OpenAI API is not used to train or improve OpenAI models:

https://platform.openai.com/docs/models#how-we-use-your-data

Use of Your Information

Having accurate information about you allows us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:

  • Create and manage your account.
  • Fulfill and manage purchases, orders, payments, and other transactions related to the Application.
  • Email you regarding your account or order.
  • Increase the efficiency and operation of the Application.
  • Monitor and analyze usage and trends to improve your experience with the Application.
  • Notify you of updates to the Application.
  • Offer new products, services, mobile applications, and/or recommendations to you.
  • Perform other business activities as needed.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Process payments and refunds.
  • Request feedback and contact you about your use of the Application.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.

Disclosure of Your Information

We do not share your information with third parties, except as described in this Privacy Policy. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal processes, investigate or remedy potential violations of our policies, or protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

List of Sub-processors

Legal Entity Purpose of Processing Location(s)
(NDA needed) Cloud Infrastructure United States
Google LLC Website Analytics, Email United States
(NDA needed) Database Infrastructure United States
Github, Inc. Landing page, repository United States
Sendinblue Platform and Marketing Messaging France
Stripe, Inc. Billing platform United States

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Business Partners

We will not share your information with any business partners to offer you certain products, services or promotions.

Website Analytics

We may also partner with selected third-party vendors, such as Google Analytics, to allow tracking technologies and remarketing services on the Application through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Application, determine the popularity of certain content, and better understand online activity. By accessing the Application, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can install and/or update your settings for Google Analytics Opt-Out Plugin.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

How Your Data is Stored

Your data is stored securely on servers located in Frankfurt, Germany, managed by Amazon Web Services (AWS). We use MongoDB for our database storage, which is also hosted on AWS. See their Privacy Policies here:

https://www.mongodb.com/legal

How Your Data is Transferred

All data transferred between your device and our servers is encrypted using Secure Socket Layer (SSL) technology to ensure its confidentiality and integrity during transmission.

Where Your Data is Stored

Your data is stored in AWS data centers located in Frankfurt, Germany. AWS provides robust security measures to protect your data, including physical security controls, network security, and data encryption.

Security Measures

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. These measures include:

  • Encryption: All data is encrypted both in transit and at rest using industry-standard encryption algorithms.
  • Access Controls: Access to your data is restricted to authorized personnel only, and we regularly review our access controls to ensure they are up-to-date.
  • Regular Security Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities in our systems.

What Happens in Case of a Breach

In the unlikely event of a data breach, we will promptly notify you and the relevant authorities as required by applicable law. We will take all necessary steps to mitigate the impact of the breach and prevent any further unauthorized access to your data.

Options Regarding Your Information

Data Retention and Deletion

You have the right to delete your data at any time. You can delete your account and all associated data within the app or by contacting our support team. Upon request, we will delete your data from our systems, except where we are required to retain it for legal or regulatory purposes.

Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:

  • Contacting us using the contact information provided below

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline to honor commitments we made in this Privacy Policy.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

California Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.

GDPR Clauses

1. Data Controller & Representative

We (Meddicc Score) are the Data Controller.

For EU/UK data subjects, our EU Representative (if applicable) is:

David Gomez
meddiccscore@gmail.com

2. Lawful Basis for Processing

We process personal data only if we have:

  • Consent (e.g., surveys, cookies not strictly necessary)
  • Contractual basis (account creation, billing)
  • Legal obligation (e.g., tax, fraud prevention)
  • Legitimate interests, balanced with your rights (e.g., analytics, system improvement)

3. Data Collected & Purpose

A. Personal Data

  • Email, HubSpot account name, usage data
    Purpose: Account setup, support, personalization, analytics

B. CRM & Deal Data

  • Deal names, amounts, closing dates, framework responses
    Purpose: Core functionality

C. Stripe Payment Data (via Stripe)

  • Email, billing address, payment information (card numbers are not stored by us)
    Purpose: Transaction processing. All financial data is handled by Stripe under their policy.

D. ChatGPT/OpenAI Data Usage

  • Only user input data (not stored for our use)
    Purpose: To power AI features. Data is processed according to OpenAI’s policy (not used for model training as of March 2023).

E. Non-stored HubSpot Records

  • Engagement details like tasks, notes, calls, emails (not stored on our servers)

4. Data Transfers & Sub-processors

  • We use EU-region servers (e.g., Frankfurt, Amsterdam) for data storage.
  • Sub-processors include Stripe (US), Google Analytics, Sendinblue (France), GitHub, AWS, etc.
  • All transfers outside the EU/UK are subject to Standard Contractual Clauses, ensuring adequate protection.

5. Security Measures

  • Encryption in transit and at rest (SSL/TLS, AES)
  • Access control for authorized staff only
  • Regular security audits and daily database backups
  • Incident response & breach notification within 72 hours to individuals and relevant authorities

6. Cookies & Tracking

  • Strictly necessary cookies: Essential for app functionality
  • Optional analytics/marketing cookies: Require opt-in consent
  • A cookie banner allows users to control their settings

7. Data Retention

  • Data is kept only as long as necessary for its purpose, with specific retention periods:
    • Contract/account-related: Until termination plus statutory period (e.g., tax/accounting law)
    • Analytics/usage: Anonymized or deleted after X months
  • You will be informed of the retention period during data collection.

8. Your Rights (under GDPR & UK GDPR)

You can, at no cost and usually within one month:

  • Request access, rectification, erasure, restriction, or transfer of your data
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (re-opt-in may be required later)
  • Lodge a complaint with a supervisory authority (e.g., ICO, EU member state DPA)

Contact: meddiccscore@gmail.com

9. Profiling & Automated Decision-Making

  • We do not use profiling or make decisions solely by automated means—every outcome includes human oversight.

10. Children

Our app is not intended for those under 16. We do not knowingly collect their data.

11. Policy Changes

We’ll update this policy’s “Last updated” date and notify users via email or in-app message before any material changes.

12. Contact & Complaints

EU/UK users can contact:

  • Data Privacy Officer: meddiccscore@gmail.com
  • Supervisory Authorities: ICO (UK) or the relevant EU DPA for unresolved complaints.

Email Communications: What You’ll Receive

We send several types of emails—each under a different lawful basis:

1. Transactional Emails (Legitimate Interest)

Strongly focused on necessary, service-related actions you’ve taken, such as:

  • Order confirmations
  • Billing receipts
  • Security alerts
  • Release notes for major changes (e.g., Terms of Service, privacy updates)

2. Product Updates & Release Notes (Legitimate Interest)

Information you’ve opted into by using our service, like:

  • New features
  • Bug fixes
  • Maintenance notifications

A link to our Privacy Policy and instructions for managing preferences is always included.

3. Promotional & Marketing Emails (Consent Granted on installation)

If we do send offers—such as discounts, new product announcements, or upsells—it’s only after:

  • You have explicitly opted in by installing the app.
  • You are clearly informed how to unsubscribe at any time in every email.

If even so, you want do not want to receive any email from us, please contact us.

Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

meddiccscore@gmail.com