Privacy Policy

1. Overview

CASCADE is a B2B sales intelligence platform developed and operated by FBED Labs Ltd ("FBED Labs," "we," "our," or "us"). CASCADE analyzes sales conversations, tracks deal progression, calibrates seller performance, and delivers AI-powered coaching for sales professionals.

CASCADE operates as an MCP-compliant tool server, enabling AI assistants (such as Anthropic's Claude) to access structured sales intelligence on behalf of authorized users through the Model Context Protocol.

All client data processed by CASCADE belongs to the subscribing organization ("Client"). FBED Labs acts as a data processor on behalf of each Client, who remains the data controller. A Data Processing Agreement (DPA) is available upon request for enterprise clients.

2. Data We Collect

2.1 Sales Conversation Data

Conversation transcripts uploaded by authorized users. Extracted intelligence including buyer psychology profiles, need differentials, commitment signals, objection patterns, and stage progression markers. Computed scores including the Cascade Intelligence Score (CIS), buyer readiness-willingness-value (RWV) scores, seller performance scores, and deal health scores. Delta trajectories measuring changes in buyer state across sequential conversations — rapport, trust, likelihood, and microcommitment vectors. Between-call decay vectors measuring the erosion of buyer engagement between conversation touchpoints. BAMFAM events tracking buyer commitment outcomes (Book A Meeting From A Meeting).

2.2 Deal and Pipeline Data

Lead names, company names, deal stages, and deal values. Pipeline configuration and stage definitions. Won, lost, and stalled outcome records with attribution. Historical calibration data derived from completed deals.

2.3 User Account Data

Email address and name provided at registration. Authentication credentials managed by Supabase Auth. Role and permission assignments. Session tokens and login timestamps.

2.4 Network Intelligence (Aggregated)

Cross-client pattern data that has been anonymized and aggregated from multiple clients' deal outcomes. Network thesis weights — statistical models trained on aggregate outcome data where no individual deal or client is identifiable. Hebbian learning signals — reinforcement patterns derived from won and lost outcomes, aggregated across the network.

2.5 Technical and Usage Data

API request logs including endpoint, timestamp, and response status. Error logs for system reliability. Feature usage patterns indicating which tools are accessed.

3. How We Use Data

We use sales conversation data, extracted signals, and scores to deliver sales intelligence and coaching under contract performance. We use lead data, stage history, and delta trajectories to track deal progression and pipeline health. We use conversation pairs, time intervals, and state vectors to generate between-call decay analysis. We use all per-client intelligence and conversation context to provide AI-assisted coaching through Shannon. We use anonymized and aggregated outcome patterns to improve scoring models via network intelligence under legitimate interest. We use completed deal outcomes with evidence chains for historic calibration and benchmarking. We use technical logs and error records for system reliability and error resolution. We use account data and session tokens for authentication and access control.

We do not sell personal data to third parties. We do not use conversation data for advertising. We do not share identifiable client data between clients. We do not train general-purpose AI models on client data.

4. MCP Integration and Claude Interactions

When CASCADE is accessed through Anthropic's Model Context Protocol:

4.1 What Claude Can Access

CASCADE exposes structured sales intelligence through tiered read and write tools. Through MCP, Claude can read pipeline data, lead intelligence, scores, conversation analysis, decay profiles, calibration data, and coaching recommendations. Claude can write structured feedback including outcome records, scoring observations, lead notes, and retention signals back to CASCADE with explicit user confirmation. Claude can stream real-time Shannon coaching sessions.

4.2 What Claude Cannot Access

Raw conversation audio or video files. User authentication credentials or tokens. Data belonging to other clients, enforced by row-level security at the database level. System administration or configuration endpoints.

4.3 Data Flow

The user initiates a query through Claude via MCP. Claude calls CASCADE's tool endpoints with the user's OAuth authorization context. CASCADE validates permissions and retrieves data scoped to the authenticated user's client. Structured results are returned to Claude for presentation to the user. CASCADE does not receive or store Claude's conversational context — only the specific tool parameters submitted in each request.

4.4 OAuth Permissions

During connection, CASCADE requests read access to your sales intelligence data. Write access for structured feedback, outcome tracking, and enrichment requires explicit user confirmation on each operation. Users can revoke CASCADE's connection at any time through Claude's connector settings or through CASCADE directly.

4.5 Anthropic's Data Handling

When using CASCADE through Claude, Anthropic's own privacy practices govern how Claude processes tool responses. CASCADE's data is transmitted to Anthropic solely for the purpose of generating responses to the user. Refer to Anthropic's Privacy Policy and their commercial API terms for details on how Anthropic handles data transmitted through MCP integrations.

5. Data Storage and Security

5.1 Infrastructure

All CASCADE infrastructure is hosted in EU regions. Database services are provided by Supabase (PostgreSQL) hosted on AWS EU (eu-west region). API services run on Railway hosted in EU. Authentication is managed by Supabase Auth. LLM processing for Shannon AI coaching is handled by the Anthropic API — coaching requests are processed in real time and are not stored by CASCADE after delivery.

5.2 Security Measures

Row-Level Security (RLS) is enforced on every database table at the PostgreSQL level, ensuring tenant isolation independent of application logic. All API requests require valid authentication tokens. Staff and client users operate under distinct permission scopes via role-based access control. All data is transmitted over HTTPS/TLS. Analysis results follow an append-only architecture — each pipeline run creates new records with a unique analysis_run_id, preserving full audit history. All write operations validate against known column whitelists to prevent injection.

5.3 Multi-Tenant Isolation

Client data is strictly isolated. Database queries are scoped by client_id at every level. RLS policies enforce isolation server-side, independent of application logic. Network intelligence uses only anonymized, aggregated data — no individual client's data is identifiable in network-level outputs.

6. Data Retention

Conversation analysis, scores, and deal outcome records are retained for the duration of the client subscription plus 90 days. Network intelligence derived from aggregated data is retained indefinitely in anonymized form. Authentication logs are retained for 12 months. Error logs are retained for 90 days. Account data is retained for the duration of the subscription plus 30 days.

Upon subscription termination, the Client may request a full data export in structured format (JSON). Client data is deleted within 90 days of termination unless legally required to retain. Anonymized contributions to network intelligence are retained as the aggregation is non-reversible.

7. Data Sharing and Third Parties

We share data only as necessary to operate the service.

7.1 Data Subprocessors

Supabase Inc. — database hosting and authentication. Railway Corp. — API hosting. Anthropic PBC — Shannon coaching generation via the Claude API.

7.2 What We Do Not Share

We do not share data with advertising networks, data brokers, analytics platforms that track individual users, or any party not listed above.

8. Data Breach Notification

In the event of a data breach affecting client data, FBED Labs will notify affected clients within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the data affected, measures taken in response, and recommended actions for affected users. We will also notify relevant supervisory authorities as required by applicable law.

9. Your Rights

Depending on your jurisdiction, you may have the following rights: Access — request a copy of all data CASCADE holds about you. Correction — request correction of inaccurate data. Deletion — request deletion of your data, subject to retention obligations. Export — request your data in a portable, machine-readable format. Restriction — request that we limit processing of your data. Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact privacy@cascadeintelligence.ai. We respond to all data rights requests within 30 days.

10. Network Intelligence Processing

CASCADE derives anonymized network intelligence from aggregate client outcomes. This process strips identifiers — individual lead names, company names, and client identifiers are removed before aggregation. Statistical patterns are computed including win/loss correlations, stage progression benchmarks, and scoring weight optimizations across the anonymized dataset. Temporal decay is applied so that older patterns are weighted down (90-day half-life). The aggregation is non-reversible — aggregated statistics cannot be traced back to individual deals or clients.

11. Cookies and Tracking

CASCADE's web application uses session cookies required for authentication (essential, cannot be disabled) and local storage for UI preferences and session state. We do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies.

12. Children's Privacy

CASCADE is a B2B sales intelligence platform. We do not knowingly collect data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it promptly.

13. International Data Transfers

CASCADE's primary infrastructure is hosted in EU regions. Where data is transferred to subprocessors operating outside the EU, transfers are protected by encryption in transit and at rest, contractual data processing agreements, and technical isolation measures including row-level security and tenant scoping.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated to active clients via email at least 30 days before taking effect. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

15. Contact Us

For privacy inquiries, data rights requests, or concerns:

FBED Labs Ltd
Email: privacy@cascadeintelligence.ai
Website: cascadeintelligence.ai

For urgent security concerns: security@cascadeintelligence.ai