Privacy Policy

1. Overview

TalkTree ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our Service at talktree.ai.

By using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account information. When you register, we collect your name, email address, and a hashed password. You may optionally provide additional profile details.

Conversation data. We store the conversations, branches, messages, and tree structures you create within the Service. This data is associated with your account and stored in our database.

Usage data. We collect anonymized usage analytics (page views, feature interactions, events) to understand how the Service is used and to improve it. Analytics data does not include the content of your conversations.

Technical data. We automatically collect IP addresses, browser type, device type, and access timestamps for security and operational purposes.

3. How We Use Your Information

• To provide, maintain, and improve the Service.
• To authenticate your account and protect it from unauthorized access.
• To process and display your conversation trees and branches.
• To send transactional emails (password resets, account notifications).
• To analyze usage patterns and improve the product experience.
• To respond to your support requests and contact form submissions.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your conversation content to train AI models.

4. AI Processing

When you send a message in the Service, the content of that message (along with the conversation context) is transmitted to an AI language model to generate a response. This processing happens in real time and is necessary to deliver the core functionality of the Service.

AI responses are generated by the underlying model and are not reviewed by TalkTree employees. You should not submit sensitive personal information, confidential business data, or regulated information (e.g., health records, financial data) through the AI chat interface.

5. Data Storage and Security

Your data is stored using Supabase, a managed database platform. Supabase uses industry-standard encryption at rest and in transit (TLS). Access to your data is restricted to your account only.

We implement technical safeguards including authentication, rate limiting, request signing, and same-origin enforcement to protect against unauthorized access. No security measure is 100% effective, and we cannot guarantee absolute security.

6. Cookies and Tracking

We use session cookies to maintain your authenticated state. These are HttpOnly, SameSite cookies and are necessary for the Service to function. We do not use third-party advertising cookies or tracking pixels.

We use Google Analytics (or a privacy-friendly equivalent) to collect anonymized usage metrics. You can opt out of analytics tracking by enabling Do Not Track in your browser settings.

7. Sharing of Information

We do not share your personal data with third parties except in the following circumstances:

• Service providers. We share data with infrastructure providers (Supabase for database, Vercel for hosting, Resend for email delivery) strictly to operate the Service.
• Legal requirements. We may disclose data if required by law, court order, or governmental authority.
• Public share links. If you choose to share a conversation tree via a public link, the contents of that tree become accessible to anyone with the link. You control this setting and can revoke it at any time.

8. Data Retention

We retain your account data and conversation content for as long as your account is active. If you delete your account, your data will be permanently removed within 30 days, except where retention is required by law or for fraud prevention.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data ("right to be forgotten").
• Export your data in a portable format.
• Object to or restrict certain processing of your data.

To exercise any of these rights, use our contact page. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date and notify you by email or in-app notice for material changes. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have questions or concerns about this Privacy Policy, use our contact page.