Privacy Policy

Effective Date: January 24, 2026

This Privacy Policy articulates the methodologies and standard operating procedures employed by Talkaraa ("the Company") regarding the collection, transmission, and protection of User data. We adhere to stringent privacy protocols to ensure the integrity of your personal information.

1. Information Collection

To provide and personalize the Service, the Company collects and processes specific categories of data. This data is utilized solely for the purpose of service delivery, account management, and security.

1.1 Data Captured from User Activity

The following data points are collected directly from your interaction with the platform:

  • Identity & Profile: Email address, specific authentication tokens, and user-provided profile information including Full Name, Profile Picture (Avatar), and Gender.
  • Service Usage & Preferences: Configuration of AI Personality settings, aggregate message counts (for quota management), and Subscription status/tier details.
  • Technical Telemetry: Account lifecycle timestamps (creation, updates), and login activity logs for security auditing.
  • Interaction Data: Encrypted conversation transcripts stored to facilitate cognitive persistence ("AI Memory").

1.2 Third-Party Authentication Data (Google)

When electing to access the Service via "Continue with Google," the Company receives and systematically stores the following authenticated data points:

  • Google Identifier (sub): A unique, immutable identifier for the authenticated Google account.
  • Verified Email Address: The primary email address associated with the account.
  • Public Profile Information: Full Name and Profile Picture URL as provided by your Google public profile.
  • Verification Status: Confirmation of email ownership validation.

1.3 Financial Transaction Records

The Company does not directly store sensitive payment instrument data. All subscription processing and transaction history are managed exclusively by our merchant of record, RevenueCat, in compliance with PCI-DSS standards.

Data Security and Encryption

  • End-to-End Transmission: All data in transit is protected via TLS 1.3/SSL encryption layers.
  • Rest Encryption: Conversation logs and sensitive user fields are encrypted at rest using industry-standard protocols.
  • JWT-Based Access: Session management utilizes cryptographically signed tokens to prevent unauthorized interception.

LLM Training Policy

Talkaraa maintains a strict, zero-trust policy regarding private user data for commercial training. Your personal conversations are EXPLICITLY EXCLUDED from Large Language Model (LLM) training sets.

2. User Rights

  • Access: Legal right to request a summary of collected personal telemetry.
  • Erasure: Right to permanent and irrevocable account deletion and transcript purging.

For administrative inquiries regarding data rights, please contact the Talkaraa Compliance Office.