Introduction
Empatalk ("we", "our", "us") operates the empatalk.app platform. We are committed to protecting your privacy and handling your data transparently. This Privacy Policy explains what personal data we collect, why we collect it, how we process and store it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable privacy laws.
By creating an account or using our services, you acknowledge that you have read and understood this policy.
Data Controller
Empatalk is the data controller responsible for your personal data. If you have questions about this policy or how we handle your data, contact us at privacy@empatalk.app.
Information We Collect
We collect different categories of personal data depending on how you interact with our platform.
Account Data
• Name and email address (provided during registration or via social login)
• Profile URL slug (your public identifier on empatalk.app/u/your-slug)
• Profile photo or avatar
• Authentication provider details (Google, GitHub, or email/password)
Communication DNA Survey Data
• Your responses to the Communication DNA survey, including directness preferences, feedback style, signal processing preferences, boundaries, triggers, and glimmers
• Visibility settings you choose for each answer (public, team, or private)
• AI-generated guidelines, compatibility analyses, and communication suggestions derived from your answers
Usage Data
• Pages visited, features used, and actions taken within the platform
• Session duration and frequency of visits
• Referral source (how you found Empatalk)
Technical Data
• Browser type and version, operating system, and device type
• IP address (anonymized for analytics)
• Cookies and similar technologies (see our Cookie Policy for details)
Legal Basis for Processing
We process your personal data under the following legal bases as defined by GDPR:
• Contract performance: to provide the Empatalk service you signed up for, including your profile, survey results, and AI-generated guidelines
• Legitimate interest: to improve our platform, prevent fraud, and ensure security
• Consent: for optional analytics cookies and marketing communications (you can withdraw consent at any time)
How We Use Your Information
• To create and maintain your Empatalk account and public profile
• To process your Communication DNA survey and generate personalized AI guidelines
• To generate compatibility reports when you or a team member request a comparison
• To power the team compatibility dashboard for organisation administrators
• To provide real-time AI assistance during mediated conversations
• To improve our services through aggregated and anonymized analytics
• To send essential service notifications (account security, terms updates)
• To send optional product updates and feature announcements (with your consent)
Data Visibility and Your Control
Empatalk gives you granular control over who sees your data:
• Public: visible on your profile page (empatalk.app/u/your-slug) to anyone with the link
• Team: visible only to members of your organisation on Empatalk
• Private: used exclusively by the AI engine to personalize your experience and never displayed to other users
You can change the visibility of any survey answer at any time from your account settings.
Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We share data with the following categories of third-party processors solely to operate our service:
• OpenAI: your survey answers and conversation messages are sent to OpenAI APIs to generate AI guidelines, compatibility analyses, and mediation suggestions. OpenAI processes this data under their data processing agreement and does not use it to train their models.
• Firebase (Google): authentication services, including social login and session management.
• MongoDB Atlas: database hosting with encryption at rest and in transit.
• Vercel: application hosting and edge network delivery.
• Stripe: payment processing for paid subscriptions. We never store your full card number.
• Google Analytics: anonymized usage analytics (only with your cookie consent).
All third-party processors are bound by data processing agreements that comply with GDPR requirements.
International Data Transfers
Some of our third-party processors operate outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Storage and Security
We implement appropriate technical and organisational measures to protect your data:
• All data is stored in MongoDB Atlas databases with encryption at rest (AES-256) and encryption in transit (TLS 1.2+)
• Authentication is handled via Firebase with HTTP-only, secure cookie sessions
• All connections to empatalk.app use HTTPS encryption
• Access to production systems is restricted to authorized personnel with multi-factor authentication
• We conduct regular security reviews of our codebase and infrastructure
Data Retention
• Active accounts: we retain your data for as long as your account is active
• Deleted accounts: when you delete your account, all personal data is permanently removed within 30 days
• Anonymized analytics: aggregated, non-identifiable data may be retained indefinitely for service improvement
• Legal obligations: we may retain certain data longer if required by law (e.g., billing records)
Your Rights Under GDPR
You have the following rights regarding your personal data:
• Right of access: request a copy of all personal data we hold about you
• Right to rectification: correct any inaccurate or incomplete personal data
• Right to erasure: request deletion of your personal data (the "right to be forgotten")
• Right to data portability: receive your data in a structured, machine-readable format (JSON export)
• Right to restrict processing: request that we limit how we use your data
• Right to object: object to processing based on legitimate interest
• Right to withdraw consent: withdraw any previously given consent at any time
• Right to lodge a complaint: file a complaint with your local data protection supervisory authority
To exercise any of these rights, email us at privacy@empatalk.app. We will respond within 30 days.
Children
Empatalk is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child under 16 has provided us with personal data, we will delete it promptly.
Cookies
We use essential cookies for authentication and session management, and optional analytics cookies with your consent. For full details, see our Cookie Policy.
Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. For significant changes, we will notify you via email or an in-app notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.
Contact
For privacy-related questions, requests, or complaints:
• Email: privacy@empatalk.app
• Response time: within 30 days of receipt