Privacy Policy

Last updated: March 2026

1. Data Controller

Talk Sages is operated by Eugenio Gotti, based in Bergamo, Italy. For privacy inquiries, contact privacy@talksages.com.

2. Data We Collect

Account Data

• Email address (required)
• Name (optional)
• Password (stored as a one-way hash, never in plain text)

Dialogue Data

• Messages you send and AI-generated responses
• Session summaries (generated automatically)
• Cumulative profiles (generated from your dialogues)
• Token usage counts

Payment Data

• Subscription status and plan type
• Lemon Squeezy customer ID (payment details are stored by Lemon Squeezy, not by us)

Technical Data

• IP address (for rate limiting, not stored persistently)
• Session cookies (JWT-based authentication)

3. How We Use Your Data

• To provide and personalize the dialogue experience
• To generate session summaries and cumulative profiles
• To process payments via Lemon Squeezy (Merchant of Record)
• To send transactional emails (verification, password reset)
• To enforce rate limits and prevent abuse

We do not use your dialogue content for training AI models. We do not sell your data to third parties. We do not show advertising.

4. Third-Party Services

• Google Gemini API — processes your messages to generate responses. Subject to Google's API terms.
• Lemon Squeezy — processes payments as Merchant of Record. Subject to Lemon Squeezy's Privacy Policy.
• Resend — sends transactional emails. Subject to Resend's privacy policy.

5. Data Retention

Your data is retained as long as your account is active. You can delete individual sessions or all your data at any time from the History page. Account deletion removes all associated data permanently.

6. Your Rights (GDPR)

Under EU data protection law, you have the right to:

• Access — view all your data within the Service
• Rectification — update your account information
• Erasure — delete all your data with one click
• Data portability — export your dialogues and profiles as Markdown or PDF
• Object — contact us to object to specific processing

7. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and JWT-based authentication. Access to the database is restricted to the application server.

8. Cookies

We use only functional cookies required for authentication (session JWT). We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Children

The Service is not intended for children under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be notified via email. Continued use after changes constitutes acceptance.

11. Contact

For privacy questions or to exercise your rights, contact privacy@talksages.com.