Privacy policy

• +We process two kinds of data: account data from researchers, and response data from the people who answer their studies.
• +Voice recordings and transcripts are processed by AI to produce themes, quotes, and translations. They are not used to train third-party models.
• +We store data in the EU where we can. A few processors are based in the US and rely on approved transfer mechanisms (SCCs, EU-US DPF).
• +When you delete your account, we delete your studies, responses, audio, and transcripts within 90 days.
• +You can reach us about any of this at hello@talkful.io and we will reply within one business day.

Talkful is a product of Metascend GmbH, a Swiss company registered in the Canton of Zürich (UID CHE-195.997.652). For the purposes of the GDPR and the revised Swiss Federal Act on Data Protection (nFADP), Metascend GmbH is the controller of personal data collected through talkful.io.

You can write to us at hello@talkful.io for anything data-related: access requests, corrections, deletion, or questions about this policy.

From researchers (account holders)

• +Name, email address, and authentication identifiers (from Supabase Auth, including Google OAuth sub claims if you sign in with Google).
• +Billing details processed by Stripe. We receive a customer ID, plan, and billing status. We never see your card number.
• +Study configuration you create: question text, optional images, Loom URLs, target response counts, and integration tokens if you connect Slack.
• +Usage logs and diagnostic events tied to your account (see section 06).

From respondents (people answering studies)

• +The voice recording you submit for each question.
• +Anything you type into a text fallback or a contact field the researcher added.
• +Basic device and browser metadata (user agent, approximate timezone, IP address for rate limiting).
• +A random respondent token (nanoid) so the study can group your answers. We do not ask for your real name unless the researcher explicitly requests it.

Derived data (produced by AI)

• +Transcripts of each recording (Deepgram Nova-3).
• +English translations when the response is in another language (OpenAI models via OpenRouter).
• +Themes, sentiment, and representative quotes with timestamps (Anthropic Claude models via OpenRouter).
• +Short 15 second audio clips cut from the original recording to match a selected quote.

• +Contract. We process researcher account data to deliver the service you signed up for.
• +Consent. Respondents give consent on the study landing page before recording anything. Consent can be withdrawn by closing the tab, and by asking us to delete the recording at hello@talkful.io.
• +Legitimate interest. Security logging, fraud prevention, rate limiting, error monitoring, and basic product analytics.
• +Legal obligation. Financial records are kept for as long as Swiss tax law requires (ten years).

• +To run studies, store recordings, transcribe them, and show insights to the researcher who created the study.
• +To send transactional email (study invites you request, billing receipts, password resets) via Resend.
• +To notify you in Slack when a new response arrives, if you have connected Slack to your workspace.
• +To keep the service reliable (logs, errors, performance) and to stop abuse.

We do not sell personal data. We do not use researcher studies or respondent recordings to train AI models, and our AI subprocessors are contracted on zero-retention or training-excluded terms.

We rely on the following processors to deliver the service. Each one is bound by a data processing agreement. This list is current as of the date at the top of this page.

Some of our processors are based in the United States. When data leaves Switzerland or the EEA, we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. The Swiss equivalents (Swiss SCCs and the Swiss-US Data Privacy Framework) apply to Swiss-origin data.

• +Active accounts. We keep study data, responses, audio, and transcripts for as long as your account exists.
• +Deleted accounts. When you delete your account or ask us to, we remove studies, responses, audio files, transcripts, and derived insights within 90 days. Backups roll over within that window.
• +Billing records. Invoices and tax-relevant records are kept for ten years to comply with Swiss accounting law (CO Art. 958f).
• +Security logs. 30 days.

If you are in the EEA, UK, or Switzerland, you can ask us to do any of the following:

• +Get a copy of the personal data we hold about you.
• +Correct data that is wrong or incomplete.
• +Delete your data (with the exceptions noted in section 08).
• +Receive your data in a portable format.
• +Object to processing based on our legitimate interests.
• +Withdraw consent at any time, which will not affect the lawfulness of earlier processing.

Email hello@talkful.io with your request. We may ask for proof of identity so we do not hand data to the wrong person. If you are unhappy with our response you can complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) or your local EU supervisory authority.

Traffic is encrypted in transit with TLS. Audio files are stored in Cloudflare R2 with per-object access control. Database rows are protected by Postgres row level security so a researcher only ever sees their own studies. We isolate administrative access behind service role credentials that are never exposed to the browser.

If we ever have a breach that affects your data, we will notify the relevant authority within 72 hours and tell you directly if there is meaningful risk to you.

Talkful is intended for professional research. Respondents must be at least 16 years old. Account holders (researchers) must be at least 18. We do not knowingly collect data from children, and researchers are contractually responsible for making sure the people they invite to a study meet the age floor.

We use cookies that are strictly necessary (authentication, CSRF protection) and a small number of first-party analytics cookies via PostHog. We do not run advertising trackers. You can refuse non-essential cookies in your browser without losing access to the service.

When we make material changes to this policy we update the date at the top and, if the change affects how we process data you already gave us, we email account holders with a summary. Minor edits (typos, clearer wording) happen without notice.

Questions, data requests, or breach reports: hello@talkful.io. We reply within one business day.