Privacy Policy

Your Privacy Matters

We built TalkToDia to help you learn languages through natural conversation. Here's exactly what we do with your data, in plain English.

Effective: November 22, 2025 • Last updated: February 26, 2026

The Simple Version

  • Your conversations are stored to help you learn and improve the experience
  • We use trusted providers (our own models, Google, Anthropic, ElevenLabs) to power AI features
  • You can delete your account and all data anytime
  • You control whether anonymized data can be used for product improvement and/or academic research

What We Collect

To make TalkToDia work, we need to store some information. Here's exactly what:

When you sign in

Your email and basic profile from Google or Apple Sign-In. We use Supabase Auth, a trusted and secure authentication provider.

Your conversations

Messages you send and Dia's responses. This helps Dia remember your progress and personalize future conversations. You can delete everything from your account settings anytime.

Your preferences

Language choices, voice preferences, formality settings. Basically the settings that make Dia work the way you want.

Technical stuff (automatic)

Basic technical info like your timezone (to show correct times), error logs (to fix bugs), and rate limits (to prevent abuse). No tracking and no ads.

How We Use Your Data

Everything we collect has a purpose. Here's what we do with your information:

  • Make Dia smarter: Your conversations help Dia learn your style, remember context, and personalize responses
  • Generate audio: We create voice messages for your learning experience (stored securely with private URLs)
  • Keep things secure: Monitor for abuse, fix bugs, prevent spam (standard security stuff)
  • Legal compliance: We follow the law and protect both you and us

Important: Dia is AI, Not a Human

Dia is a generative AI that creates responses in real-time. Sometimes it might say things that sound insightful about you, but these are AI-generated patterns, not facts. Dia can be wrong.

Don't share sensitive info you wouldn't share with any other AI chatbot. Dia is not a therapist, doctor, or professional advisor. If you're in crisis, please contact emergency services or a qualified professional.

Use common sense. Dia is here to help you learn languages and have interesting conversations. Treat it like you would any AI tool.

Dia may use third-party services for AI processing. These include OpenAI, Anthropic, Google Gemini, ElevenLabs, Deepgram, and OpenAI Whisper. These are the same services that power other popular AI chatbots like ChatGPT and Claude. Your data has the potential to be sent to these services and processed by them, abiding by their privacy policies and terms of service. These partners help us run the service. That's it. If required by law, we may disclose information to authorities.

Who We Share With (And Why)

We work with trusted companies to make TalkToDia work. Here's the complete list:

Authentication & Database

Supabase (industry-standard secure infrastructure)

AI Conversation

Anthropic Claude, Google Gemini, OpenAI: your messages are sent to these services to generate responses

Voice & Audio

ElevenLabs (text-to-speech), Deepgram & OpenAI Whisper (speech-to-text)

Payments

Stripe (we never see your full card number)

Hosting

Vercel (fast, global infrastructure)

Payments & Billing

All payments go through Stripe, one of the most secure payment processors in the world. We never see or store your full credit card number. Stripe handles everything and gives us only basic info like "payment successful" or "subscription active."

You can manage or cancel your subscription anytime through your account settings or the Stripe customer portal.

How We Protect Your Data

  • 🔐Encryption everywhere: All data is encrypted in transit (TLS) and at rest
  • 🔑Private audio URLs: Your generated voice messages use signed URLs that expire
  • 🛡️Rate limiting: We prevent abuse and spam automatically
  • 👁️Minimal access: Only essential services have access to your data, and only what they need

Your Control & Rights

You're in control. Depending on where you live, you have rights including:

  • Access your data: See what we have about you
  • Delete everything: Remove your account and all conversations (Account Settings → Delete Account)
  • Correct mistakes: Update your info if something's wrong
  • Export your data: Take your conversations with you
  • Lodge a complaint: Contact your local data protection authority if you have concerns

How Long We Keep Your Data

  • Conversations: Kept as long as you have an account (helps Dia remember you). Deleted when you delete your account.
  • Audio files: Cached for faster playback, automatically cleaned up over time
  • Error logs: Kept briefly for debugging, then deleted

Research & Model Improvement

TalkToDia is built by educational technology researchers. We take a research-first approach to user data, which means:

  • Product improvement: When you make language errors that Dia corrects (for example, "Hola, me llamo es Sarah" → "Hola, me llamo Sarah"), we may use those anonymized corrections to improve our language models. Your name, location, and any personal details are automatically removed before any data is analyzed. For example, "Hello, my name bist James" becomes "Hello, my name ist [redacted]" (only the grammatical pattern is kept). We apply differential privacy techniques to further protect your identity. This is opted in by default, but you can opt out anytime from Preferences.
  • Academic research publication: We are researchers studying how people learn languages with AI. We may want to include anonymized examples from TalkToDia in academic publications at conferences like CHI, ACL, or EMNLP. This data would never be publicly released in any identifiable form. Only aggregated findings or fully anonymized examples would appear in papers. This is opted in by default, but you can opt out anytime from Preferences.
  • Your control: You can change your consent preferences at any time from Preferences. Every consent decision is logged with a timestamp and policy version, and you can view your consent history at any time. We store these logs to comply with GDPR Article 7 (evidence of consent).
  • Legal basis: For both product improvement and academic research publication, we rely on explicit consent (GDPR Article 6(1)(a)). Both are opted in by default when you first use TalkToDia, but you can withdraw consent anytime.

Other Important Details

  • International transfers: Your info may be processed in other countries where our service partners are based. We use Standard Contractual Clauses and take legal steps to safeguard your data. TalkToDia has a signed Data Processing Agreement (DPA) with Supabase, our database provider, which includes Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data transfers to the United States.
  • Children's privacy: TalkToDia isn't for children under 13. We never knowingly collect info from kids.
  • Your rights (GDPR, CCPA, etc.): We honor privacy laws like GDPR/CCPA. Our legal bases: contract (running the app), legitimate interest (security & improvements), and consent (optional features).

Updates to This Policy

We may update this policy occasionally. If we make big changes, we'll update the "Last updated" date at the top. We recommend checking back periodically.

Contact

For questions, concerns, or notices regarding these Terms, please contact: contact@talktodia.com