Privacy Policy

TalkMie is an AI twin platform that lets you create personalized AI profiles trained on your own content. For questions about this policy, contact us at privacy@talkmie.com.

Account data

When you register, we collect your name, email address, and a hashed password. We never store your password in plain text.

Training data you upload

This includes text you type, voice recordings, photos, and documents. This content is stored in our database and object storage solely to power your AI twin. You retain full ownership and can delete any item at any time.

Conversation data

Conversations between visitors and your public AI twin are stored for up to 20 days, after which they are automatically deleted. You can view these conversations in your Inbox and delete them individually at any time.

Usage and analytics data

We collect aggregate usage statistics (number of conversations, messages per session) to improve the platform. This data is not tied to individual visitor identities.

Cookies and local storage

We use essential cookies and local storage to keep you signed in (access and refresh tokens). We may also use analytics cookies if you consent to them via the cookie banner. You can withdraw consent at any time by clearing your browser storage or adjusting your cookie preferences.

• To provide and operate the TalkMie service
• To process your training data and generate AI responses
• To send transactional emails (password reset links)
• To understand how the platform is used and improve it
• To comply with legal obligations

We do not sell your personal data to third parties. We do not use your training data to train our own AI models or share it with other users.

• Contract performance — processing your account data and training content to provide the service you signed up for
• Legitimate interests — aggregate analytics to improve the platform
• Consent — analytics cookies (can be withdrawn at any time)
• Legal obligation — retaining records required by law

We use the following sub-processors to operate TalkMie:

Data transferred to the USA is covered by Google's Standard Contractual Clauses and its compliance with applicable data transfer mechanisms.

• Account data — retained while your account is active. Deleted on account deletion.
• Training data — retained until you delete it manually, or when your account is deleted.
• Visitor conversations — auto-deleted after 20 days.
• Password reset tokens — expire after 15 minutes and are deleted immediately after use.
• Auth session tokens — expire after 7 days and are deleted on logout.

Under GDPR (and equivalent laws), you have the right to:

• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate personal data
• Erasure — delete your account and all associated data
• Portability — export your training data
• Objection — object to processing based on legitimate interests
• Restriction — request that we limit how we use your data

To exercise any of these rights, email privacy@talkmie.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We protect your data using industry-standard measures: bcrypt password hashing (12 rounds), short-lived JWT access tokens (15 minutes), rotating refresh tokens stored as SHA-256 hashes, HTTPS in production, and strict user-isolation on all data queries. No security measure is 100% foolproof — if you believe your account has been compromised, contact us immediately.

TalkMie is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this policy from time to time. We will notify registered users of material changes by email or by displaying a notice in the platform. The "last updated" date at the top of this page always reflects the most recent version.