# Privacy Policy — boTalks **Last Updated: February 28, 2026** *If this Privacy Policy is translated into other languages, the English version shall prevail in case of any discrepancies.* This Privacy Policy explains how boTalks (the "Service", "we", "us"), operated by Gilad Nativ, a sole proprietor based in Israel, collects, uses, shares, and protects your personal information when you use our service. We are committed to processing data transparently and in compliance with Israeli Privacy Law (5741-1981) and the principles of the EU General Data Protection Regulation (GDPR). --- ## 1. Data We Collect We collect only the minimum data necessary to provide the Service: - **Registration & Contact Data:** Full name, email address, and WhatsApp phone number provided during sign-up. - **Subscription & Usage Data:** Your active subscription plan, number of messages processed within your current billing period, and subscription status. - **Payment Information:** All payments are processed securely by our third-party payment provider, Stripe. We do not collect, process, or store your full credit card numbers or financial details on our servers. Stripe handles this data directly in accordance with their own Privacy Policy. We only receive billing tokens, invoice history, and subscription status to manage your account. - **Service Content (Transient):** Audio recordings and voice messages you send via WhatsApp are transmitted to our servers solely for real-time processing. They are not stored permanently — see Section 3 (Data Retention). - **Infrastructure Security Logs (Third-Party):** Your IP address and basic browser data may be automatically logged by our cloud hosting provider (Hostinger), authentication provider (Supabase), and payment processor (Stripe) for fraud prevention, server health, and account security. This data is not used by us for marketing or analytics. --- ## 2. No Marketing Cookies & Cookieless Approach We do not use any third-party marketing, tracking, or analytical cookies (such as Google Analytics, Facebook Pixel, or Mixpanel). We only use strictly necessary session and authentication cookies required for the Service to function (e.g., maintaining your secure login session). Because only strictly necessary cookies are used, no cookie consent banner is required or displayed. --- ## 3. Data Retention - **Audio Recordings:** Original audio files sent via WhatsApp are processed in real-time and are permanently deleted from our servers immediately after the conversion to text and dispatch of the generated email. We do not retain audio data. - **Account Data:** Your profile data (name, email, phone number) is retained for the duration of your account. It is permanently deleted upon account deletion. - **Legal Exceptions:** Certain billing records (e.g., invoices, payment history) may be retained longer as required by Israeli accounting and tax law, even after account deletion. --- ## 4. AI & Third-Party LLM Model Training — Critical Clause The boTalks service uses third-party AI/LLM APIs (specifically, Groq for Whisper speech-to-text processing and Google Gemini for email drafting) to process your audio and generate emails. We explicitly confirm the following: - Your audio recordings and generated text content transmitted through these third-party APIs are NOT stored by those providers beyond the immediate API call. - Your data is NOT used by any third-party AI provider to train, fine-tune, or improve their models. - We contractually select API providers that offer explicit data-use opt-outs or data processing agreements that prohibit model training on user data. --- ## 5. Purpose of Collection - **Providing the Service:** Enabling account creation, subscription management, WhatsApp-to-email conversion, and delivery. - **Service Improvement:** Analyzing aggregate usage patterns (not individual content) to improve reliability and features. - **Payment Processing:** Managing billing, upgrades, and usage quota tracking securely via Stripe. - **Service Communications:** Sending critical service notifications, billing alerts, and responding to support inquiries. - **Marketing Communications:** If you have opted in, we may send you promotional emails and updates. You have the right to withdraw your consent and opt out of marketing communications at any time by sending an email to noamn@botalks.co or by using the unsubscribe link provided in the emails. --- ## 6. Third-Party Services We rely on a small number of trusted vendors to operate the Service. At no point do we sell, rent, or trade your personal data to data brokers or any third parties for profit. Our key service providers are: - **Hostinger:** Web and cloud hosting infrastructure. Hostinger may process basic network data (such as IP addresses) at the server level solely to ensure the security, stability, and performance of the Service. - **Stripe:** Secure online payment processing. Stripe handles all credit card and payment data directly and is PCI-DSS compliant. - **Supabase:** Cloud database, authentication infrastructure, and serverless Edge Functions. Your account and profile data is stored securely in Supabase's managed PostgreSQL database. - **WhatsApp (Meta):** Used to receive your incoming voice messages, send system replies, and authenticate your phone number via the WhatsApp Cloud API. - **Azure Communication Services (Microsoft):** Used securely to dispatch the final generated emails to your registered email address. - **Third-Party AI/LLM API Providers (Groq and Google Gemini):** Used solely for real-time audio transcription and natural language email generation. Subject to the model training restrictions described in Section 4. --- ## 7. Your Rights (Right to Access, Correction & Deletion) Under Israeli Privacy Law and GDPR principles, you have the following rights regarding your personal data: - **Right of Access:** You may request a copy of all personal data we hold about you. - **Right of Correction:** You may request that we correct any inaccurate or incomplete data. - **Right to be Forgotten (Deletion):** You may permanently delete your account and all associated personal data at any time by using the "Delete Account" button located in your Account Settings. Upon deletion, we perform a hard delete of your profile, contact details, and all linked service data. - **Right of Portability:** You may request an export of your personal data in a structured, machine-readable format. To exercise any of these rights or for any privacy-related inquiries, please contact us at: noamn@botalks.co. We will respond within the timeframe required by applicable law. --- ## 8. Data Security We implement industry-standard security measures — including encrypted data transmission (HTTPS/TLS), secure database access controls, and API key management — to protect your personal data against unauthorized access, disclosure, alteration, or destruction. However, no internet system or computing infrastructure can be guaranteed as 100% secure. We cannot provide an absolute guarantee that the Service is immune from all possible cyberattacks or data breaches. In the event of a data breach that is likely to result in a risk to your rights, we will notify you as required by applicable law. --- ## 9. Children's Privacy (Age Limitation) The Service is intended strictly for users who are at least 18 years of age. We do not knowingly collect personal data from anyone under the age of 18. By registering and using the Service, you represent and warrant that you are 18 or older. If we become aware that we have collected personal data from a minor, we will take immediate steps to delete such information. --- *boTalks · Operated by Gilad Nativ · noamn@botalks.co · Governed by the laws of the State of Israel* [Back to Home](https://botalks.co) | [Terms of Service](https://botalks.co/terms)