Privacy Policy
This Privacy Policy explains how Talk to your brand (“Brandtalk”, “we”, “us”) collects, uses and protects personal data when you use our service. We are based in Sweden and process personal data in accordance with the EU General Data Protection Regulation (GDPR).
Our two roles
Brandtalk is a business-to-business service. Our customers are the organizations that set up a workspace. For the brand material a customer uploads and the questions their employees ask, the customer is the data controller and Brandtalk acts as a data processor— we process that content only to provide the service, on the customer's instructions. For account administration and the operation of our platform, Brandtalk is the controller.
What we process
- Account data — the email address used to sign in, and the role assigned within a workspace.
- Brand material— the documents, images and design content a customer uploads to ground the assistant's answers.
- Conversations — the questions asked of the assistant and the answers returned, retained so administrators can understand what their teams need.
- Technical data — limited operational information such as timestamps and request metadata used to keep the service secure and reliable.
Why we process it
We process personal data to provide and secure the service (performance of our contract with the customer), to prevent abuse and protect the platform (our legitimate interest), and where required to comply with legal obligations.
Where your data is stored
Brand material, accounts and conversations are stored within the European Union (EU/EEA). Each workspace's data is logically isolated so one customer's content is never accessible to another.
Service providers
We rely on a small number of trusted infrastructure providers — for cloud storage and databases, application hosting, and the AI language and embedding models that generate answers. These providers process data only to deliver their part of the service and are bound by data-processing agreements. Your brand data is never used to train public AI models. Where a provider might process data outside the EU/EEA, that transfer is covered by appropriate safeguards such as the EU Standard Contractual Clauses.
Retention
We keep customer content for as long as the workspace is active. When a document is deleted, its stored copy and derived data are removed. When a workspace is closed, its content is deleted within a reasonable period, except where we must retain limited records to meet legal obligations.
Security
Data is encrypted in transit. Access is governed by per-workspace isolation and role-based permissions, and administrative access to production systems is restricted. No system is perfectly secure, but we take reasonable technical and organizational measures to protect your data.
Cookies
We use only the essential cookies required to keep you signed in and to operate the service securely. We do not use advertising or third-party tracking cookies.
Your rights
Under the GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. As most content is controlled by the customer organization, please direct requests to your workspace administrator; you can also contact us and we will help route your request. You may also lodge a complaint with your local supervisory authority (in Sweden, the Integritetsskyddsmyndigheten, IMY).
Changes
We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.
Contact
Questions about privacy? Reach us at hello@talktoyourbrand.com.