TalkWithData ("we", "us", "our") operates the TalkWithData browser extension (the "Extension") and the TalkWithData platform. This policy describes how we collect, use, and protect your information.
1. What data we collect
Account data
Email address and name — used for authentication and displayed in the Extension.
Organization name — used to associate your account with your team.
Usage data
Compliance check logs — when the Extension performs an EU AI Act compliance check on your prompt, we log: the compliance score (green/yellow/orange/red), the AI platform used (e.g. ChatGPT, Claude), triggered warning categories, and whether the prompt was blocked or sent. In "full monitoring" mode, a 200-character preview of the prompt is also stored. Organizations can set monitoring to "basic" (no text previews) or "off" (no logging).
Knowledge retrieval queries — when you use knowledge sources, your query is sent to our server to retrieve relevant context. Queries are not stored beyond the server request lifecycle.
Data we do NOT collect
We do not read, store, or transmit the full content of your prompts or AI responses, except for the optional 200-character preview described above.
We do not collect browsing history, keystrokes, or activity outside of supported AI platforms.
We do not use cookies or tracking pixels.
We do not sell or share your data with third parties for advertising purposes.
2. How we store data
Locally (your browser): Your authentication token, preferences (enabled/disabled toggles, selected templates, active knowledge sources) are stored in chrome.storage.local. This data never leaves your device unless you explicitly trigger an action.
On our servers: Account data and compliance logs are stored in a database hosted in the EU (Netherlands). Data is encrypted in transit (TLS) and at rest.
3. Third-party services
OpenAI / Azure OpenAI — If your organization has configured a custom API key, compliance checks may be routed through OpenAI or Azure OpenAI. We send only the prompt text (max 4,000 characters) for classification. No personal data is included.
We do not send organization knowledge or documents to any third-party service other than the LLM provider configured by your organization's administrator.
4. Data retention
Compliance logs are retained for 90 days, then automatically deleted.
Account data is retained as long as your account is active. Upon deletion of your account, all associated data is removed within 30 days.
Local storage is cleared when you log out or uninstall the Extension.
Authentication tokens are stored securely in the browser's extension storage (not accessible to web pages).
All API communication uses HTTPS encryption.
Server infrastructure is hosted in the EU with industry-standard security measures.
7. Changes to this policy
We may update this policy from time to time. Significant changes will be communicated through the Extension or via email. Continued use of the Extension after changes constitutes acceptance.