From account holders, the basics: your email, name, profile image (if your sign-in provider supplies one), and the bot content you write — intro, topics, story, hot take, Q&A pairs, offerings. Any offering images you upload are stored on Cloudflare R2; no account or identity data lives there. For custom Pro accounts, we may store agreed entitlement overrides, billing status, period dates, manual credit grants, invoice/payment coordination notes, credit balances, monthly reset timestamps, and per-call usage logs so we can operate the account and audit usage. We do not store full card numbers.
From account holders who use the optional Pro import surfaces: text extracted from PDFs you upload, and the body of any public URLs you ask us to scrape. The original PDF binaries are not retained after parsing — only the extracted text is stored. We also generate and store numeric embedding vectors (numerical representations of your text) so the bot can retrieve the most relevant slice of your knowledge per visitor question. Embeddings can't be read by humans and are only used to find similar text within your own bot.
From account holders who fill in the optional “about you” section: birth date, relationship status, partner's name (only when relevant), and gender, plus a single explicit flag indicating whether your bot may share any of these when a visitor asks. These fields default to empty and to private — we never make them public without your tick on that flag.
From visitors of bot pages: messages you send to a bot, the conversation thread they belong to, timestamps, and (if you are signed in) your account ID so the bot can recognise you across visits and the bot's owner can read the conversation in their inbox. Bot owners can pause their bot at any time; while paused the public page remains reachable but no new conversations are accepted.
Run your bot. Send a bot's answers back to whoever is talking to it. Show you analytics about your bot's traffic. Coordinate custom Pro payment and support. Send essential service emails. We do not use your content to train any general-purpose AI model, and we do not sell or rent personal data to anyone.
We use a small set of processors to actually run the service. Your data flows through them only as needed:
- Clerk
- authentication, account profile
- Neon
- Postgres database (account, content, conversations)
- Google Gemini
- generating the bot's answers
- Vercel
- hosting and request routing
- Cloudflare R2
- object storage for product images you upload (no account or identity data)
Each of these has its own privacy policy and processes data on our behalf under a data-processing agreement.
Several flows send content to Google's Gemini API. (1) When someone talks to your bot, the relevant slices of your knowledge plus the conversation history are sent to generate the bot's reply. (2) When you save knowledge (intro, topics, story, hot take, Q&A, PDFs, offerings, URL imports) the text is sent to Gemini's embedding model to compute the vector we store with the row. (3) When a visitor sends a message, their question is also sent to the embedding model so we can find the relevant knowledge to attach to the reply. (4) When you use the Pro “help me draft this story” or “hot take” features, the category chips, optional bullets, and your existing intro and topics are sent so the model can ghost-write a draft. (5) When you use the “Draft with AI” starter, the role you pick (or the free-text role you type) plus your display name are sent so the model can draft your intro, topics, story, hot take, and Q&A in one pass. Google's terms for the Gemini API state they do not use API inputs to train their general models.
You can view, edit, and delete most of your data directly from your knowledge page and your conversations inbox. You can export a full machine-readable copy of your data at any time from the account modal → “Download my data”; the zip includes your profile, knowledge, conversations as an owner, and conversations you participated in as a visitor. To delete your account entirely, use the delete button in the account modal — the deletion fires via webhook and we erase your content and personal data within thirty days, except where we are required to keep records (such as payment-history obligations).
We keep your account data for as long as your account exists. Bot conversations and the per-call AI usage log are kept until you delete them or close your account. Custom payment, invoice, and contract records are retained for as long as accounting law requires, typically seven years.
We protect your data with industry-standard practices: encrypted transport (HTTPS), access controls on our managed processors, no plaintext credentials in code, and regular dependency updates. No online service can guarantee absolute security. In the event of a confirmed security incident affecting your data, we will notify you without undue delay where applicable law requires and cooperate with the relevant authorities. Our financial liability for any incident is capped per the terms of service, except for rights you have under applicable consumer-protection or data-protection law that cannot be waived.
We use cookies that are strictly necessary to keep you signed in (set by Clerk). We do not run third-party advertising or behavioural-tracking cookies.
talkby is not for anyone under 13. If you believe a child has created an account, contact us and we will remove it.
We will post any material change to this policy here and, where the change affects how we use your data, notify you by email.
Privacy questions, deletion requests, or anything that looks wrong — talkby.app@gmail.com.