Privacy Policy

Introduction

Welcome to AI Talk Coach. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect your information when you use our speech improvement and communication training platform (the "Service").

AI Talk Coach is operated by Jose Luis Sottomayor, based in Lisboa, Portugal. As a service based in the European Union, we comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

By using AI Talk Coach, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address: Used for account authentication and essential communications
• Name: To personalize your experience
• Password: Securely hashed and stored (we never see your actual password)

Profile Information

During onboarding, you may provide:

• Speaking goals: Such as interview preparation, presentation skills, or conversation practice
• Speaking style preferences: To customize AI feedback
• Age range: To provide age-appropriate content
• Profession: (Optional) To provide relevant practice scenarios
• Preferred pronouns: (Optional) To personalize communication

Audio and Video Recordings

The core of our Service involves analyzing your speech:

• Voice recordings: Audio captured during practice sessions (30-180 seconds)
• Video recordings: (Optional) If you choose to record video for future features
• Transcripts: Text transcriptions of your speech

Important: Your recordings are processed solely to provide you with speech coaching. We do not use your recordings to train AI models. You can delete your recordings at any time, and you can configure automatic deletion in your privacy settings (default: 30 days).

Speech Analysis Data

Our AI analyzes your speech and generates:

• Performance metrics: Words per minute, filler word count, clarity scores
• Detected issues: Categorized speech patterns (pacing, clarity, filler words, confidence)
• Progress tracking: Historical performance data to show improvement over time
• AI-generated feedback: Personalized coaching recommendations

Payment Information

When you subscribe to a paid plan:

• Billing information: Processed securely through Stripe (our payment processor)
• Subscription details: Plan type, billing cycle, subscription status

Note: We do not store your complete credit card information. Payment details are securely stored by Stripe, and we only receive a reference ID to manage your subscription.

Usage Information

To improve our Service, we collect:

• Session data: When you practice, how long each session lasts
• Feature usage: Which features you use (practice, progress tracking, coaching)
• Interaction data: Clicks, navigation patterns within the app

Technical Information

Automatically collected when you use our Service:

• Device information: Device type, operating system, browser type
• IP address: For security and geographic analytics
• Cookies: Session cookies for authentication (see Cookies section)
• Error logs: Crash reports and performance data (via Sentry)

2. How We Use Your Information

We use your information for the following purposes:

Provide the Service

• Process and analyze your speech recordings
• Generate personalized AI-powered feedback
• Track your progress over time
• Provide coaching recommendations
• Enable access to practice scenarios and prompts

Manage Your Account

• Create and maintain your user account
• Authenticate your identity
• Manage your subscription and billing
• Process payments through Stripe

Communicate With You

• Send transactional emails (password resets, welcome messages)
• Notify you about your subscription status
• Respond to your support inquiries
• Send important service updates (with your consent for marketing communications)

Improve Our Service

• Analyze usage patterns to enhance features
• Identify and fix technical issues
• Test and develop new features
• Understand user needs and preferences

Security and Compliance

• Detect and prevent fraud or abuse
• Enforce our Terms of Use
• Comply with legal obligations
• Protect the rights and safety of users

Legal Basis for Processing (GDPR)

For users in the European Union, our legal bases for processing your data are:

• Contract performance: Processing necessary to provide the Service you've signed up for
• Consent: You've given explicit consent for specific processing activities
• Legitimate interests: Processing necessary for our legitimate business interests (improving the Service, security)
• Legal obligation: Processing required to comply with laws and regulations

3. AI Processing and Analysis

AI Talk Coach uses artificial intelligence to analyze your speech and provide feedback. It's important you understand how this works:

How AI Analyzes Your Speech

1. Transcription: Your audio is sent to Deepgram (a speech-to-text service) to create a written transcript
2. Analysis: The transcript and audio metadata are sent to OpenAI's GPT-4 model to analyze speech patterns
3. Feedback Generation: AI identifies areas for improvement and generates personalized coaching advice
4. Results Storage: Analysis results are stored in your account to track progress

What Data Goes to AI Providers

• Your audio recordings (sent to Deepgram for transcription)
• Transcripts of your speech (sent to OpenAI for analysis)
• Session metadata (duration, language, practice scenario)

Your Recordings Are NOT Used for Training

We want to be crystal clear: Your audio recordings and transcripts are NOT used to train AI models. Both Deepgram and OpenAI process your data solely to provide the Service to you, and they do not use your data to improve their models. This is guaranteed through our agreements with these providers.

AI Accuracy and Limitations

• AI feedback is for educational purposes only
• AI may occasionally produce inaccurate results
• AI is not a substitute for professional speech therapy or medical advice
• Always use your judgment when applying AI recommendations

4. How We Share Your Information

We share your information only in the following circumstances:

AI Processing Services

• OpenAI: For speech analysis and feedback generation (receives transcripts and metadata)
• Deepgram: For speech-to-text transcription (receives audio recordings)

Payment Processing

• Stripe: For payment processing and subscription management (receives billing information)

Error Monitoring

• Sentry: For error tracking and performance monitoring (receives anonymized technical data)

Legal Requirements

We may disclose your information if required by law:

• To comply with legal processes (subpoenas, court orders)
• To enforce our Terms of Use
• To protect our rights, property, or safety
• To protect the rights or safety of other users

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your information is transferred.

With Your Consent

We may share your information for other purposes with your explicit consent.

What We DON'T Do

• We do NOT sell your personal data to advertisers or third parties for money
• We do NOT share your recordings with anyone except the AI processing services described above
• We do NOT use your data for advertising

5. Third-Party Services

We work with trusted third-party service providers to operate our Service. These providers have their own privacy policies, and we encourage you to read them:

OpenAI (Speech Analysis)

• What they do: Analyze speech transcripts and generate coaching feedback
• Data shared: Speech transcripts, session metadata
• Location: United States
• Privacy Policy: https://openai.com/privacy
• Data usage: Does NOT train on your data (covered by API agreement)

Deepgram (Speech Transcription)

• What they do: Convert audio recordings to text transcripts
• Data shared: Audio recordings
• Location: United States
• Privacy Policy: https://deepgram.com/privacy
• Data usage: Does NOT store or train on your data

Stripe (Payment Processing)

• What they do: Process payments and manage subscriptions
• Data shared: Billing information, payment methods
• Location: Global infrastructure
• Privacy Policy: https://stripe.com/privacy
• Security: PCI-DSS Level 1 certified (highest security standard for payments)

Sentry (Error Monitoring)

• What they do: Track errors and monitor application performance
• Data shared: Error logs, anonymized user data, technical information
• Location: United States / European Union (configurable)
• Privacy Policy: https://sentry.io/privacy/

6. Data Retention

We retain your information for different periods depending on the type of data:

Audio Recordings

• Default: 30 days after creation
• Configurable: You can change this in Privacy Settings
• Manual deletion: You can delete recordings immediately at any time
• After deletion: Recordings are permanently removed from our servers

Account Data

• Active accounts: Retained while your account is active
• After account deletion: Personal data is deleted within 30 days
• Anonymized data: May be retained for analytics (not linked to you)

Speech Analysis Data

• Retention: Stored to track your progress over time
• After account deletion: Deleted with your account

Payment Records

• Retention: Kept for 7 years for tax and accounting purposes (as required by law)
• Stored by: Stripe (our payment processor)

Technical Logs

• Retention: Typically 90 days for security and debugging
• Anonymized logs: May be retained longer for security analysis

7. Your Privacy Rights

You have control over your personal data. Depending on your location, you have various rights regarding your information:

Access Your Data

You can access most of your personal data by logging into your account. To request a complete copy of all data we hold about you, contact us at zsottomayor@gmail.com.

Correct Your Data

You can update your profile information, email, and preferences in your Account Settings. If you need help correcting your data, contact us.

Delete Your Data

• Individual recordings: Delete from your session history at any time
• Your account: Delete your entire account in Settings > Account > Delete Account
• Complete deletion: All your personal data will be deleted within 30 days

Export Your Data

Request a copy of your data in a portable format (JSON/CSV). Contact us at zsottomayor@gmail.com to request a data export.

Manage Privacy Settings

In your Privacy Settings, you can:

• Configure automatic audio deletion (default: 30 days)
• Enable privacy mode for enhanced protection
• Choose to delete processed audio immediately
• View statistics about your stored audio files

Opt Out of Communications

• Unsubscribe from marketing emails (link in every email)
• You'll still receive essential transactional emails (password resets, billing notices)

Object to Processing

If you're in the EU, you can object to processing based on legitimate interests. Contact us to exercise this right.

Withdraw Consent

If processing is based on your consent, you can withdraw it at any time. This won't affect the lawfulness of processing before withdrawal.

8. Data Security

We implement industry-standard security measures to protect your personal data:

Encryption

• In transit: All data transmitted over HTTPS/TLS encryption
• At rest: Databases and file storage are encrypted
• Passwords: Hashed using bcrypt (we never store plaintext passwords)

Authentication Security

• JWT tokens: Secure token-based authentication
• Token blacklisting: Revoked tokens are tracked and rejected
• Password requirements: Minimum 6 characters (we recommend strong passwords)

Access Controls

• Limited employee access to personal data
• Access logging and monitoring
• Regular security audits

Infrastructure Security

• Hosting: Servers located in the European Union
• DDoS protection: Rate limiting and attack prevention
• Regular updates: Software and security patches applied promptly

No Security is Perfect

While we use reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. If you become aware of any security breach, please contact us immediately.

9. Children's Privacy

AI Talk Coach is not intended for children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at zsottomayor@gmail.com. We will delete the information promptly.

If we discover we have collected personal information from a child without parental consent, we will take steps to delete that information as quickly as possible.

10. International Data Transfers

AI Talk Coach is based in the European Union (Portugal), and our servers are located in the EU. However, some of our service providers are located in the United States:

EU to US Transfers

• OpenAI: US-based (speech analysis service)
• Deepgram: US-based (transcription service)
• Stripe: Global service with US operations (payment processing)

Safeguards for EU Users

When your data is transferred to the US, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Contractual commitments: Our agreements with US providers include data protection obligations
• Minimal data: We only transfer data necessary to provide the Service
• Encryption: All transfers are encrypted

Your Consent

By using AI Talk Coach, you consent to the transfer of your data to these third-party services for the purposes described in this policy. If you're in the EU and do not consent to these transfers, unfortunately you will not be able to use our Service, as these providers are essential to our AI-powered analysis.

11. Cookies and Tracking

We use cookies and similar technologies to provide and improve our Service.

Essential Cookies

Required for the Service to function:

• Session cookies: To keep you logged in
• Authentication tokens: To verify your identity
• Security cookies: To protect against fraud and abuse

What We DON'T Use

• No advertising cookies: We don't use cookies for targeted advertising
• No third-party tracking: We don't allow third parties to track you on our site
• No cross-site tracking: We don't track you across other websites

Managing Cookies

You can configure your browser to refuse cookies, but this may limit your ability to use the Service. Essential cookies are required for core functionality (login, security).

12. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know

You have the right to request:

• Categories of personal information we collect
• Specific pieces of personal information we hold about you
• Categories of sources from which we collect data
• Business purposes for collecting data
• Categories of third parties with whom we share data

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, legal compliance).

Right to Opt-Out of "Sale"

We do NOT sell your personal information in the traditional sense (we don't sell data to advertisers for money). However, under CCPA's broad definition, sharing data with third parties like OpenAI and Deepgram might be considered a "sale."

If you wish to opt out of this data sharing, please note that you will not be able to use our Service, as these AI providers are essential for speech analysis. If you still wish to opt out, contact us at zsottomayor@gmail.com.

Right to Correct

You have the right to request correction of inaccurate personal information. You can update most information in your Account Settings, or contact us for assistance.

Right to Limit Use of Sensitive Personal Information

Voice recordings may be considered "sensitive personal information" under CCPA. We use voice recordings solely to provide the Service you requested (speech analysis and coaching). You can delete recordings at any time or configure automatic deletion in Privacy Settings.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will receive the same service and pricing regardless of whether you exercise these rights.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: zsottomayor@gmail.com
• Subject line: "CCPA Request"

We will verify your identity and respond within 45 days (may be extended by another 45 days if needed).

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly with us.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

Data Controller

The data controller for your personal data is:

Your GDPR Rights

Right of Access (Article 15)

Request confirmation of whether we process your data and obtain a copy.

Right to Rectification (Article 16)

Correct inaccurate personal data and complete incomplete data.

Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data in certain circumstances.

Right to Restriction of Processing (Article 18)

Request that we limit how we use your data in certain situations.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

We use AI to analyze your speech and provide feedback. This is not automated decision-making that produces legal or similarly significant effects. However, if you have concerns about AI analysis, please contact us.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time (doesn't affect lawfulness of past processing).

How to Exercise Your Rights

To exercise your GDPR rights, contact us at:

• Email: zsottomayor@gmail.com
• Subject line: "GDPR Request"
• Response time: We will respond within 1 month (may be extended by 2 more months for complex requests)

Right to Lodge a Complaint

If you're unhappy with how we handle your data, you have the right to lodge a complaint with your local supervisory authority:

For residents of Portugal: Comissão Nacional de Proteção de Dados (CNPD)
Website: www.cnpd.pt

You can also contact the supervisory authority in your EU member state. Find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

Legal Bases for Processing

We process your personal data based on:

• Contract (Article 6(1)(b)): Necessary to provide the Service
• Consent (Article 6(1)(a)): For optional features and communications
• Legitimate interests (Article 6(1)(f)): Improving the Service, security, fraud prevention
• Legal obligation (Article 6(1)(c)): Tax records, legal compliance

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

• Minor changes: Updated "Last Updated" date at the top of this policy
• Material changes: Email notification to your registered email address and/or prominent notice on our website

Your Continued Use

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy. If you don't agree with the changes, please stop using the Service and delete your account.

Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: