Privacy policy
Last updated: 2026-04-29
What this is
TalkHQ is a voice-receptionist platform. Business owners give us a link or a business name; we crawl public sources, build a knowledge base, generate a voice agent, and answer the phone for them. To do that, we collect and process data from the owner, from people who call the business, and from public sources.
What we collect
- Owner account data: email address, a scrypt-hashed password (never the plaintext) or Google account identifier, last-login timestamps, and any tenants (businesses) bound to the account.
- Business knowledge base: data crawled from public sources you point us at — your website, Google Maps profile, Yelp listing, etc. — plus any edits or corrections you make in the dashboard.
- Call data: for each call your receptionist handles, we keep the audio, the transcript, the structured outcome (what the caller wanted, what was promised), and the duration for billing.
- Billing data: we store a Stripe Customer ID on your account so we can charge subscription fees and usage. Your card and billing address live with Stripe; we never store them.
- Operational logs: request logs, audit-log entries (e.g. "owner changed password"), and security events. IPs are stored as one-way hashes, not raw.
How we use it
- To run the receptionist for your business.
- To bill you and process payments.
- To improve your specific knowledge base over time, and to debug issues across the platform when they affect you.
- To detect abuse and prevent fraud (rate-limiting, audit trails, account-recovery flows).
We do not use your call recordings or transcripts to train general-purpose AI models. Your data stays bound to your business.
Who we share it with
TalkHQ is built on a small set of sub-processors. We share only what each one needs to do its job:
- Stripe — payments and subscription billing.
- Telnyx — phone-number provisioning and PSTN voice transport.
- Google Cloud (Vertex AI / Gemini) — language model that powers the receptionist's voice agent.
- LiveKit — real-time media transport for browser-side voice testing.
- Cloudflare — transactional email delivery (account verification, password reset, change-email).
- DigitalOcean — server hosting.
We don't sell your data. We don't share it with advertisers. We don't share it with anyone outside this list except when required by law.
Your rights
- Access: sign in to /dashboard/account to see your account fields, your bound businesses, and your billing status.
- Correction: the same page lets you change your email or password. Knowledge-base edits live on the tenant settings panel.
- Deletion: /dashboard/account has a "Delete account" flow — type your email, confirm with your password, and we tombstone the account immediately. Audit-log entries are retained as required for compliance.
- Export: email privacy@talkhq.com and we'll send you everything we have on file in a machine-readable format within 30 days.
- Questions / complaints: same address — privacy@talkhq.com.
Cookies
We use a small number of HMAC-signed session cookies —
owner_session for owner login,
pwd_reset_session for the password-reset
short-window cookie, and a few short-lived cookies for the
OAuth and email-change flows. None of them are used for
tracking or advertising.
Retention
- Active accounts: kept while the account is open.
- Deleted accounts: the row is tombstoned and unbound from your businesses; audit-log entries are retained for one year for security and compliance.
- Call audio + transcripts: retained while your account is active; on account deletion they become ownerless and are subject to the same one-year audit retention.
Changes
We'll update this page when the substance changes and bump the "Last updated" date at the top. Material changes will also be emailed to active account holders.