Privacy Policy

Introduction

Tiny Talking Todos ("Talkies") is committed to protecting your privacy. As a personal knowledge base with voice assistance capabilities, we understand the importance of keeping your data private and secure. This Privacy Policy explains how we collect, use, and protect your information across both our mobile app and web app.

Our Privacy Principles

  • We do not sell your personal information to third parties
  • We do not display advertisements
  • We store your data locally on your device by default
  • We give you control over your data, including the ability to export or delete it at any time
  • We use encryption to protect your data during transmission and storage

Information We Collect

When you use Talkies, we may collect:

  • Voice inputs when you interact with the Operator
  • Todo lists and templates you create
  • Photos you upload for list generation
  • Device information and settings preferences
  • API keys if you choose to provide them
  • Account information (email address, name, and profile image) when you sign up or sign in via our authentication provider

How We Use Your Information

We use your information to:

  • Provide the Talkies service and its features
  • Process voice commands through our Operator
  • Generate and transform todo lists
  • Authenticate your account and enable multi-device sync
  • Improve our services and develop new features
  • Ensure the security and proper functioning of our service

Data Storage and Security

Mobile app: Your data is stored locally on your device using SQLite (via expo-sqlite). If you choose to enable multi-device sync, your data is synchronised via Cloudflare Workers with Durable Objects, with encryption in transit. Synced data is retained on Cloudflare infrastructure for as long as your account is active. When you delete a list, it is removed from both your device and the sync service.

Web app: Your data may be stored locally in your browser using localStorage or synchronised via cloud services when signed in.

Across both platforms, you maintain control over your data and can export or delete it at any time.

Authentication

We use Clerk as our authentication provider. When you create an account or sign in, Clerk collects and manages your email address, name, and profile image. Clerk's privacy practices are governed by their own privacy policy.

AI Data Collection and Sharing

Talkies uses AI features to help you create and manage your lists. This section describes what data is collected for AI processing, who it is shared with, and how you can control it.

What data is collected for AI features

When you use AI-powered features, the following data may be sent for processing:

  • Text input — todo descriptions, natural language commands, and other text you enter when using AI features
  • Voice recordings — audio captured when you use voice input with the Operator
  • Photos — images you provide when using the photo-to-list feature
  • List context — list names, todo content, categories, and notes, which are used as context to provide more relevant AI-generated suggestions

Who the data is shared with

AI data from the mobile app is shared with Google LLC via the Gemini AI API. Data is transmitted through our server-side proxy and is not sent directly from your device to Google.

On the web app, AI data may be shared with Anthropic (Claude API) for voice command processing and OpenAI (GPT-4 Vision) for photo processing.

How the data is used

Data sent to AI services is used to:

  • Generate todo items from text, voice, or photo input
  • Transcribe voice recordings into text
  • Analyse photos and extract actionable items
  • Provide context-aware suggestions based on your existing list content

Data retention and protection

  • Data sent to Google's Gemini API is processed in accordance with Google's AI/ML privacy terms
  • Data is sent through a server-side proxy that strips all user-identifying information — Google does not receive your name, email, or account details
  • Data sent to AI providers is not used to train AI models
  • The app does not store AI request or response data beyond the current session — once your request is fulfilled, the data is discarded

Your control over AI data sharing

  • You must explicitly consent before any data is sent to AI services
  • You can revoke your consent at any time from the profile settings in the app
  • Revoking consent immediately stops all AI data sharing — AI-powered features will be disabled until consent is granted again

Voice Data Processing

When you interact with the Operator, your voice inputs are processed to provide responses and perform actions. Voice data is not stored permanently and is only used to process your immediate requests.

Mobile app: Voice recordings are sent as base64-encoded audio through our server-side proxy to the Google Gemini API (gemini-2.0-flash) for real-time transcription and command interpretation.

Web app: Voice commands are processed using Anthropic's Claude AI models.

Photo Processing

When you use our photo-to-list feature, images are processed by AI to generate todo items. Photos are not stored permanently and are only used for immediate list generation.

Mobile app: Photos are sent through our server-side proxy to the Google Gemini API (gemini-1.5-flash) for analysis.

Web app: Photos are processed using OpenAI's GPT-4 Vision.

Third-Party Services

To provide our service, we share data with the following third-party providers:

  • Google (Gemini API) — receives voice recordings, text input, list context data, and photos from the mobile app for AI processing
  • Anthropic (Claude API) — processes voice commands on the web app
  • OpenAI (GPT-4 Vision) — processes photos on the web app
  • Clerk — manages authentication and account data (email, name, profile image)
  • Cloudflare (Workers & Durable Objects) — provides real-time data synchronisation for multi-device sync on the mobile app

We do not sell your personal information to third parties. All third-party service providers we use are contractually required to provide the same or equivalent level of protection for your data as described in this policy. Google's processing of AI data is governed by their Gemini API Terms of Service, which include data protection commitments consistent with the protections described here.

Your Rights and Choices

You have the right to:

  • Access and export your data
  • Delete your data and your account
  • Choose whether to store data locally or enable sync
  • Control the Operator's voice response settings
  • Opt out of optional features
  • Grant or revoke consent for AI data sharing at any time from your profile settings

If you are located in the European Economic Area (EEA), you also have rights under GDPR including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. To exercise these rights, please contact us using the details below.

Changes to Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes through the service.

Contact Us

For questions about our privacy practices or to exercise your privacy rights, please contact us through our Discord community or email.

Last updated: 15 February 2026