Your product data. Your control.

Who owns what

You own all of it. In the language of the regulations, we're a processor and you're the controller. That means we only do things with your data that you've told us to do.

• Your product data. Descriptions, attributes, pricing, DPP fields, any catalogue you connect. It stays your intellectual property. We hold a copy so we can embed it and serve the pods, and we delete it when your contract ends.
• Embeddings and anything derived from your data. Ours to hold, yours to own. Deleted when the source data is.
• Conversation logs. Every question your customers ask a pod, and every answer it gives back, is yours. We process it on your behalf under the DPA.
• End-customer identifiers. Session IDs, WhatsApp sender phone numbers if that's a channel you've turned on, any personal details a visitor happens to share in a conversation. All of it sits under your control as the data controller.
• Account metadata. Billing, admin logins, configuration of the platform. That's a shared responsibility and it's covered by our privacy policy.

What we won't do

The "won't" list tends to matter more than the "will" list.

• We won't train any AI model on your data. Not ours, not our subprocessors'. It's written into our contracts with Anthropic and Voyage AI. If we ever wanted to do something different, it would need a new clause in your contract, not a quiet policy update.
• We won't sell your data. Not to anyone.
• We won't use one customer's questions to improve another customer's pod. There's no anonymised benchmark programme sitting in the background that could tempt us to. If we ever build one, it'll be opt-in and you'll sign for it.
• We won't share conversations between tenants. Isolation is enforced at the database on every query. Automated tests verify it on every change we merge, and a failing test blocks a merge.
• We won't keep your data once the contract ends. Product data, embeddings, logs, all of it gone within 30 days, at us and at our subprocessors.

Who processes data alongside us

These are the third parties who touch your data as part of delivering the service. If this list changes, customers hear about it 30 days before it does.

• Anthropic. Claude model inference. No training on API data. Zero Data Retention available on the Enterprise plan.
• Voyage AI. Text embeddings. No training on API data.
• Neon. Postgres and pgvector hosting. EU region available. Encryption at rest (AES-256), in transit (TLS 1.3).
• Netlify. Hosting and edge compute. SOC 2 Type II, ISO 27001.
• Clerk. Authentication and organisation management. SOC 2 Type II.
• Fathom Analytics. Cookieless analytics for this marketing site. No personal data, no cross-site tracking.

Where data lives

Your product data sits in our primary region. EU residency is an option on Scale and Enterprise contracts, and on Enterprise we can route Anthropic inference through EU regions too.

Where data crosses a border, it does so under UK-EU adequacy and the Standard Contractual Clauses that sit inside our DPA.

Retention and deletion

• Product data. Held for the life of the contract. Refreshed when you sync. Deleted when the contract ends.
• Conversation logs. Kept for 90 days by default, anywhere from 30 to 365 if your contract sets a different number. Deleted when the contract ends.
• Operational backups. Up to 30 days past deletion for disaster recovery, which is standard across our infrastructure providers.
• Right to erasure. Available any time you ask. Propagates to every subprocessor. Written confirmation on request.

Security

• Encryption. At rest (AES-256) and in transit (TLS 1.3).
• Per-tenant isolation. Enforced at the database, on every read and every write.
• Authentication. Clerk Organizations. SSO available on Scale and Enterprise.
• Rate limiting. Layered per-IP and per-tenant, to protect against abuse and runaway cost.
• Audit logs. Admin actions are logged. End-customer conversation audit trails available for DPP provenance on request.
• Answer attribution. The source records the pod drew an answer from are held alongside the conversation. If you need the trace for a specific answer, we can produce it on request.

Compliance roadmap

This is where we are, not where we'd like to look like we are.

• Today. GDPR and UK DPA 2018 compliance. Data Processing Agreement available on request. Subprocessor list published. Privacy policy in place.
• Next six months. Cyber Essentials Plus certification. First external penetration test. PII detection and redaction in conversation logs.
• Year two. SOC 2 Type I, then Type II. Scoped for Enterprise procurement requirements. Timing depends on the first Enterprise contract landing.
• Ongoing. Quarterly review of access controls, subprocessor posture, and incident response readiness.

If something goes wrong

If there's a security incident, customers affected hear from us within 72 hours, as GDPR Article 33 requires. You'll get what happened, what data was involved, what we've done to contain it, and what we need you to do next. No silent fixes.

Digital Product Passport accuracy

When your pod answers a question about a DPP field, the record it drew the answer from is held alongside the conversation. If your compliance team needs the trace for a regulated answer, we can produce it message by message. You stand behind the data, we stand behind the answer being drawn from it rather than invented. The public passport record works the same way.

A quote-only mode for regulated fields, where the pod returns the source line rather than paraphrasing, is a configuration we'll build for any customer who needs it. Tell us in the pilot conversation and we'll have it ready before live traffic.

Where to go next

If you'd like the bigger picture on the platform, the how-it-works page covers the four-stage loop the platform runs on. If you've got a DPP deadline in 2027, the DPP page covers what each category needs and when. If you want to start a conversation, the contact form is the fastest way.

For procurement, compliance, legal or security, email hello@talkpod.ai for the DPA, subprocessor list, or a completed security questionnaire. We reply inside two working days.