Last updated March 29, 2026
This privacy notice for Talkpal, Inc. (“we,” “us,” or “our“) is designed to provide transparency and clarity about our data practices and commitments to protecting your privacy. It describes how and why we might collect, store, use, and/or share (“process“) your information when you use our services (“Services“), such as when you:
Our goal is to ensure you fully understand the scope of how your information is handled and your rights to manage your data when engaging with us. Questions or concerns? Contact us at [email protected].
Your privacy is important to us, and we are committed to addressing any concerns you may have. Reading this privacy notice will help you understand your privacy rights and choices. If you have concerns about how we process your data, please contact us at [email protected]. You may also exercise your rights under applicable law, as described below.
We encourage you to periodically review this notice, as it may be updated to reflect changes in our data practices or applicable laws.
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
13. CONTROLS FOR DO-NOT-TRACK FEATURES
14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO WE MAKE UPDATES TO THIS NOTICE?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
In Short:We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
B2B Platform. The B2B platform available at https://business.talkpal.ai is used by organizational Customers (as defined in our Terms and Conditions) and their designated Administrators to manage subscriptions, invite and remove Authorized Users, view usage data for Organizational Sub-Accounts, and handle billing. Authorized Users invited through the B2B platform access the Services through the same Site (https://app.talkpal.ai) and App used by individual users; the B2B platform itself is used only by Administrators and Customer billing contacts. Personal information collected through the B2B platform may include the Administrator’s name, email address, organizational details, billing information, and aggregated or individual usage data for Authorized Users within the organizational account. This data is processed in accordance with this Privacy Policy, any applicable Order Form, and the Data Processing Agreement available at https://talkpal.ai/data-processing-agreement.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
Sensitive Information. We do not intentionally collect or process Sensitive Personal Information as defined under the CCPA/CPRA, and we do not use or disclose Sensitive Personal Information for purposes that would require providing a ‘Right to Limit’ under the CCPA/CPRA. The classification of certain data as “sensitive” may vary under other applicable privacy laws; where a broader definition applies, we process such data only for the purposes described in this notice and in accordance with applicable legal requirements. While we collect audio recordings of user speech for language learning and speech recognition purposes, this audio is not processed to derive biometric identifiers (such as voiceprints) and is not classified as Sensitive Personal Information under the CCPA/CPRA. The classification of audio data may differ under other applicable laws (such as the Illinois Biometric Information Privacy Act); for details on how we handle audio data, see the “Additional information you provide” and “Note on Category E” sections of this notice.
Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. This data is processed securely and exclusively to fulfill your transactions. All payment data is stored by Stripe, Apple, and Google. For existing users who subscribed using PayPal before it was discontinued for new subscriptions, payment data may also be stored by PayPal. You may find their privacy notice link(s) here: https://stripe.com/privacy, https://www.apple.com/legal/privacy/data/, https://policies.google.com/privacy, and https://www.paypal.com/us/legalhub/privacy-full.
Payment Information: Payments are processed by third-party payment processors (e.g., Stripe, Apple, Google, and PayPal for legacy subscriptions). We do not store full payment card numbers. We may receive limited payment-related information such as billing name, billing country, payment status, and transaction identifiers/receipts.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Google, Apple, Facebook, or other social media account. If you choose to register in this way, you grant us access to basic information as defined by the platform’s privacy settings and we will collect the information described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
Sub-Account Data. If you use the Services through more than one sub-account (as described in our Terms and Conditions), each sub-account maintains its own independent data, including learning progress, conversation history, lesson completion records, proficiency assessments, language selections, and usage statistics (“Sub-Account Data”). Sub-Account Data is stored and processed separately for each sub-account and is not combined across sub-accounts. Only account-level information — such as your email address, password, display name, and general account preferences — is shared across your sub-accounts. For more information about how sub-accounts work, please refer to our Terms and Conditions.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, enhance functionality, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Failure to provide accurate information may limit your access to certain features or Services.
Additional information you provide. You may interact with Artificial Intelligence (“AI”) features across different modes and features across our Services, which provides you with AI-powered feedback on and analysis of your answers, or allows you to send text or audio messages to an AI in an open-ended conversational format. We have a legitimate interest in using interactions with AI features to improve our AI models and associated services. Where required by applicable law, we will obtain your consent before using your interactions for this purpose. You may opt out of having your interactions used for AI model improvement at any time by contacting us at [email protected]; opting out will not affect your ability to use the AI features of the Services. When you interact with AI features, your information may be shared with AI processing vendors such as Microsoft Azure, OpenAI, Google Cloud, Google, Apple, Amazon Web Services, and Inworld for the purpose of generating AI-powered responses, feedback, and language assessments. These vendors may retain a copy of your text or audio responses for purposes such as product enhancement, quality assurance, or compliance with applicable laws. We require our AI processing vendors to delete user data within the timeframes specified in our data processing agreements with them, which are aligned with the retention periods described in Sections 9 and 12 of this notice. Where a vendor is required by law to retain data for a longer period, they may do so only to the extent necessary to comply with that legal obligation. We also use performance monitoring and error-tracking services such as Datadog and Sentry, which may receive technical and diagnostic data — including metadata about your interactions (such as timestamps, error codes, and session identifiers) — for the purpose of diagnosing errors, monitoring system performance, and maintaining service reliability. These services do not receive the content of your conversations or audio recordings. We recommend that you avoid sharing highly sensitive personal information – such as financial account numbers, government identification numbers, or medical details – when using AI features, as this information may be processed by third-party AI providers.
Some activities involve you speaking into the Talkpal app. To recognize speech, your audio your audio may be sent to the third-party AI processing providers listed above. Additionally, Talkpal may collect and analyze your speech to help us understand the effectiveness of our lessons and to improve the product. This analysis may include identifying patterns, enhancing lesson personalization, and generating aggregated insights to refine our offerings. If you choose to opt out of certain features, note that it may limit your access to specific functionalities designed to enhance the learning experience. You may skip speaking activities.
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, city, location, information about how and when you use our Services, and other technical information. We may also collect metadata associated with your interactions, such as timestamps and usage frequency, to monitor system performance and improve user experience. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. These technologies allow us to provide you with a seamless experience by remembering your preferences, optimizing content delivery, and personalizing your interactions with our Services. You can find out more about this in our Cookie Notice: https://talkpal.ai/cookie-policy/.
The information we collect includes:
In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.
In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes email addresses, phone numbers, Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Google, Apple, or Facebook), we receive personal information about you such as your name, email address, and gender. This data helps us streamline account creation, improve personalized services, and enhance user engagement. Any personal information that we collect from your social media account depends on your social media account’s privacy settings. We encourage you to review and adjust these settings to align with your privacy preferences.
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests. We ensure that these legal bases are applied consistently, transparently, and in a manner that respects your privacy.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). In either case, we ensure that the consent is consistent with Canadian privacy laws and principles. You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties“) who perform services for us or on our behalf and require access to such information to do that work. Each third party is subject to strict contractual obligations that mandate the safeguarding, confidentiality, and proper use of your personal data. We have contracts in place with our third parties, which are designed to help safeguard your personal information. These agreements explicitly prohibit the unauthorized use, sharing, or retention of your personal data and require third parties to implement robust security measures aligned with industry standards. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
We also may need to share your personal information in the following situations:
In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.
The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. While we strive to link only to reputable third parties, we cannot monitor or control their actions, content, or data practices. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. We encourage you to approach interactions with third-party websites or applications cautiously, especially if providing personal or sensitive data. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Before sharing your personal information, you should investigate how those third parties will handle your data, including reviewing their privacy policies and security measures. Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions. If you suspect misuse or improper handling of your data by a third party linked to our Services, we recommend notifying the third party directly and reporting any concerns to us at [email protected] for review.
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information across our websites, including https://talkpal.ai, https://app.talkpal.ai, and https://business.talkpal.ai. The types of cookies used may vary by domain — for example, our marketing website may use advertising and analytics cookies, while our application and B2B platform primarily use functional and session cookies necessary for the operation of the Services. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://talkpal.ai/cookie-policy/. You can manage or disable cookies through your browser settings; however, please note that certain features of our Services may become limited or unavailable if cookies are blocked.
We are committed to transparency regarding our use of tracking technologies and encourage you to familiarize yourself with our Cookie Notice for detailed guidance.
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.
Our Services offer you the ability to register and log in using your third-party social media account details (like your Google, Apple, or Facebook logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The extent of information shared with us depends on your social media platform’s privacy settings and permissions you grant. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, and profile picture, as well as other information you choose to make public on such a social media platform. We may also collect any other data explicitly shared during the login process, such as preferences or interactions tied to your social media account.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. To ensure transparency, we will never post on your behalf or share your activities without your explicit consent. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We strongly encourage you to regularly review and adjust your social media privacy settings to align with your preferences. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the Netherlands, Sweden, the United States, the United Kingdom, France, Germany, other EU countries, and other countries. If you are accessing our Services from outside Netherlands, Sweden, United States, United Kingdom, France, Germany, and other countries, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?” above), in the Netherlands, Sweden, United States, United Kingdom, France, Germany, other EU countries, and other countries. We take steps to ensure that your information is handled securely and in accordance with this privacy notice, regardless of where it is processed. This includes leveraging industry-standard encryption protocols, secure server configurations, and stringent access controls.
If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.
European Commission’s Standard Contractual Clauses:
We have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses are legally binding safeguards that ensure your data is treated with the same level of protection required by EEA and UK data protection laws. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. We maintain a documented data transfer assessment for these mechanisms to verify compliance and address evolving regulatory requirements. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We periodically review our data retention policies to ensure compliance with changing laws and evolving best practices, minimizing unnecessary data storage. No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us, plus the post-deletion retention periods described in Section 12 below. Following account deletion, personal data is purged from our active systems within thirty (30) days. Data contained in automated backups may persist for up to ninety (90) days before being overwritten in the normal course of our backup rotation. For complete details on post-deletion retention, see Section 12. Organizational Sub-Account Data. When an Organizational Sub-Account is deactivated — whether due to the Customer’s subscription expiring, the Administrator removing the user, or the user voluntarily leaving the organizational account — we will delete the Sub-Account Data associated with that Organizational Sub-Account within thirty (30) days, unless: (a) retention for a longer period is required by applicable law; or (b) the data is subject to an ongoing legal hold, investigation, or dispute. The user’s Account, account-level information, and data associated with other sub-accounts (including the Personal Sub-Account) are not affected by this deletion. However, certain data, such as payment records or transaction details, may be retained for longer durations to comply with legal or regulatory requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We also ensure that any archived information is securely encrypted and inaccessible to unauthorized parties. If you have questions about specific retention periods for your personal information, or if you wish to request deletion, you may contact us at [email protected].
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These measures include, but are not limited to, encryption protocols, secure socket layer (SSL) technology, regular security audits, multi-factor authentication, and strict access controls for sensitive data. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. We strongly recommend that you use strong, unique passwords for your accounts and take additional precautions such as enabling multi-factor authentication when available. You should only access the Services within a secure environment. Avoid using public or unsecured Wi-Fi networks when accessing our Services to minimize potential risks.
In Short: We do not knowingly collect data from or market to anyone under 18 years of age. If we discover that a minor’s data has been collected, we will delete it and deactivate their account. By using the Services, you confirm that all information provided is accurate and truthful, including representations regarding your age.
We do not knowingly collect personal data from, solicit data from, or market to anyone under 18 years of age. The Services are not intended for, and may not be used by, anyone under 18. We do not offer a parental consent mechanism for minors to use the Services. If we become aware that we have collected personal information from a user under the age of 18, we will promptly deactivate the account and delete the associated personal data from our records within thirty (30) days. We may implement age verification measures as required by applicable law. If you become aware that a minor under 18 has registered for or is using the Services, please contact us immediately at [email protected].
In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
We will consider and act upon any request in accordance with applicable data protection laws. We strive to respond promptly, and no later than the timeframes prescribed by applicable law, to ensure your rights are respected.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the legality of any processing conducted prior to your withdrawal. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below or updating your preferences.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications:You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
If you would at any time like to review or change the information in your account or terminate your account, you can:
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. Sub-Account Deactivation vs. Account Deletion. Deactivation of an individual sub-account (for example, when an Organizational Sub-Account is removed) is not the same as termination of your entire Account. When a sub-account is deactivated, only the Sub-Account Data associated with that specific sub-account is deleted (within 30 days, as described in Section 9). Your Account and all other sub-accounts remain active. If you request deletion of your entire Account, all sub-accounts and their associated data will be deleted in accordance with the retention periods described above. We retain your personal data for as long as your account is active and for a period of a maximum 30 days following account deletion, after which it is permanently purged from our active systems. Data contained in automated backups may persist for up to 90 days before being overwritten in the normal course of our backup rotation. Notwithstanding the above, we may retain certain data for longer periods where required by law. This includes financial and billing records in accordance with applicable tax and accounting obligations, and any data we are required to preserve in connection with a legal claim, regulatory investigation, or fraud prevention obligation. Aggregated or anonymized data, which cannot reasonably be used to identify you, may be retained indefinitely for product improvement and analytical purposes.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. However, please note that rejecting cookies may impact your experience on the Services, including certain features or functionality that rely on cookies to operate. You may also opt out of interest-based advertising by advertisers on our Services. For further information, please see our Cookie Notice: https://talkpal.ai/cookie-policy/.
If you have questions or comments about your privacy rights, you may email us at [email protected].
In Short: Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized, and we do not currently respond to DNT browser signals. However, we do recognize the Global Privacy Control (“GPC”) signal as a valid opt-out-of-sale/sharing request where required by applicable law (including the CCPA/CPRA and the Colorado Privacy Act). If your browser or device transmits a GPC signal, we will treat it as a request to opt out of the “sharing” of your personal information for cross-context behavioral advertising as described in Section 14. You may also opt out manually by contacting us at [email protected]. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice. If a standard for online tracking is adopted that we must follow in the future, or if we update our practices to align with evolving technology standards or legal requirements, we will inform you about that practice in a revised version of this privacy notice.
In Short: If you are a resident of California or Virginia, you are granted specific rights regarding access to your personal information.
What categories of personal information do we collect?
We have collected the following categories of personal information in the past twelve (12) months:
| Category | Examples | Collected |
| A. Identifiers | Contact details, such as real name, alias, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | YES |
| B. Personal information as defined in the California Customer Records statute | Name, contact information | YES |
| C. Protected classification characteristics under state or federal law Gender (collected via social media logins where provided by the user or the social media platform) | Gender and date of birth | YES |
| D. Commercial information | Transaction information, purchase history, financial details, and payment information | YES |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements | YES |
| G. Geolocation data | Approximate location derived from IP address | YES |
| H. Audio, electronic, visual, thermal, olfactory, or similar information | Images and audio, video or call recordings created in connection with our business activities | YES |
| I. Professional or employment-related information | Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | NO |
| J. Education Information | Student records and directory information | NO |
| K. Inferences drawn from collected personal information | Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | YES |
| L. Sensitive personal Information | NO |
Note on Category E: We collect audio recordings of user speech for speech recognition and language assessment purposes (see Category H). This audio is not processed to generate biometric identifiers such as voiceprints and is therefore not classified as biometric information under Category E. Illinois Residents: If you are an Illinois resident, we provide this additional disclosure under the Illinois Biometric Information Privacy Act (BIPA). We collect audio recordings of your speech when you use voice-based features of the Services. This audio is processed by third-party speech recognition providers (listed above) solely for the purpose of providing language learning and speech assessment functionality. We do not use this audio to create voiceprints or other biometric identifiers. Audio recordings are retained for the periods described in Sections 9 and 12 of this notice and are destroyed in accordance with those timelines. For questions about our audio data practices, contact us at [email protected].
We will use and retain the collected personal information as needed to provide the Services or for:
For personal information associated with an Organizational Sub-Account (as described in our Terms and Conditions), the retention period is the duration of the Organizational Sub-Account plus thirty (30) days following deactivation, rather than the duration of the user’s overall Account. See Section 9 for details.
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
How do we use and share your personal information?
Learn about how we use your personal information in the section, “HOW DO WE PROCESS YOUR INFORMATION?”
We collect and share your personal information through:
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.
We do not sell personal information for money. However, we may ‘share’ certain identifiers and online activity with advertising partners for cross-context behavioral advertising (targeted advertising) as defined under the CCPA/CPRA. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
In addition to the above disclosures for business purposes, we “share” (as defined under the CCPA/CPRA) the following categories of personal information with advertising partners for cross-context behavioral advertising:
You have the right to opt out of this sharing. To exercise this right, please contact us at [email protected].
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”
California Civil Code Section 1798.83, also known as the “Shine The Light” law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
California law (Business and Professions Code Section 22581) provides that California residents under 18 who are registered users of online services may request removal of content they have publicly posted. Although our Services are not intended for users under 18, if such a user has obtained an account, they (or their parent or guardian) may request removal of publicly posted content by contacting us at [email protected] with the email address associated with the account and a statement of California residency. We will remove or anonymize publicly visible content as required by law, though the data may not be completely removed from all systems (e.g., backups). Upon identification of the account, we will also deactivate it in accordance with our Terms and Conditions. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
CCPA Privacy Notice
This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.
The California Code of Regulations defines a “residents” as:
(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as “non-residents.”
If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information. We collect, use, and share the same categories of personal data described in the California section above. For the categories of personal data we process, the purposes for processing, and the categories of third parties with whom we share personal data, please refer to the tables and disclosures in the California Residents section of this notice, which apply equally to Virginia residents. We do not sell personal data for monetary consideration. We do process personal data for targeted advertising as described above; you have the right to opt out of this processing.
Your rights with respect to your personal data
Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, This includes exceptions such as (but not limited to):
Right to be informed — Request to know
Depending on the circumstances, you have a right to know:
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not process consumer’s sensitive personal information.
Verification process
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. Verification is essential to protect your data and prevent unauthorized access or misuse. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may:
In some cases, we may rely on third-party identity verification services to enhance the security and efficiency of the verification process.
We will only use personal information provided in your request to verify your identity or authority to make the request. This information will not be used for any other purpose unless required by law. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may:
We take your privacy seriously and have implemented strict security measures to protect any additional information provided during the verification process. We will delete such additionally provided information as soon as we finish verifying you. If we cannot complete the verification process after reasonable efforts, we may decline the request and inform you of your options, including how to appeal the decision.
Other privacy rights
To exercise these rights, you can contact us by email at [email protected], or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.
Under the Virginia Consumer Data Protection Act (VCDPA):
“Consumer” means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information.
“Sale of personal data” means the exchange of personal data for monetary consideration.
If this definition of “consumer” applies to you, we must adhere to certain rights and obligations regarding your personal data.
Your rights with respect to your personal data
Exercise your rights provided under the Virginia VCDPA
You may contact us by email at [email protected].
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer’s request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request. Authorized agents must provide verifiable documentation, such as a signed authorization letter or a valid power of attorney, to act on your behalf.
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. If an extension is required, we will inform you in writing and provide a detailed explanation for the delay, as well as an expected completion date. In cases where we are unable to verify your identity with the information provided, we will notify you promptly and explain what additional steps are required to complete the verification process. If you fail to provide sufficient information for verification within a reasonable timeframe, your request may be denied, and we will inform you of the reasons for denial. We will maintain a record of verification requests and responses for legal compliance purposes, ensuring that we process all requests in accordance with applicable privacy regulations.
Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at [email protected]. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.
Residents of other U.S. states with applicable comprehensive consumer privacy laws may have similar rights to those described in the California and Virginia sections above, including the right to access, correct, delete, and port their personal data, and the right to opt out of targeted advertising, the sale of personal data, and certain profiling. To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by your state’s applicable law. If we decline your request, you may appeal by contacting us at [email protected]. If your appeal is denied, you may contact your state’s Attorney General.
For information about the categories of personal information we collect, the purposes for processing, and the categories of third parties with whom we share or disclose information, please refer to the tables and disclosures in the California Residents section of this notice, which apply to all U.S. residents.
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. For significant changes that materially affect how we process your personal information, we will provide more prominent notice, such as a banner on our website, an in-app alert, or direct communication via email or other contact methods you have provided.
In some cases, where legally required, we will seek your explicit consent before implementing changes to how we process your personal information. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information. Your continued use of our Services following the posting of updated versions of this privacy notice will constitute your acknowledgment of the updates and your agreement to comply with the latest version.
If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:
Talkpal, Inc.
2810 N Church St,
PMB 54222,
Wilmington, DE 19802-4447,
United States
Representative
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/talkpal
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please email us at [email protected].
Talkpal is an AI-powered language tutor available on web and mobile platforms. Accelerate your language fluency, chat about interesting topics by writing or speaking, and receive realistic voice messages wherever and whenever you want.
Talkpal, Inc., 2810 N Church St, Wilmington, Delaware 19802, US
© 2026 All Rights Reserved.
