Privacy Policy

Talking Back, LLC (“Talking Back,” “we,” “us,” or “our”) operates the Talking Back mobile application (the “App”). This Privacy Notice explains how we collect, use, disclose, and safeguard your information when you use our App. We are committed to protecting your privacy and handling your data in an open and transparent manner.

Please read this Privacy Notice carefully. If you do not agree with the terms of this Privacy Notice, please do not access or use the App. By using the App, you consent to the data practices described in this statement.

We collect information that you voluntarily provide to us when you register on the App, express interest in obtaining information about us or the App, or otherwise when you contact us. The personal information we collect depends on the context of your interactions with us and the App, the choices you make, and the features you use.

2.1 Personal Information Provided by You. We collect the following categories of personal information:

• Account Data: display name, email address, and self-selected role (parent or teen). If you use Sign in with Apple, we receive the unique identifier and, optionally, the email address that Apple provides.
• Onboarding Survey Responses: during onboarding you answer a short survey about your family communication goals, relationship pulse, topic comfort areas, and personal goals. These responses are used solely to personalize the daily questions you receive.
• User-Generated Content: the text answers, messages, photos, and audio recordings you submit within your family group. This content is visible only to members of your family group.
• Family Information: family group name, family member display names, roles, and join dates within your family group.
• Emotion Check-In Data: if you use the Emotion Translator feature, we collect your selected emotion, context category, and any optional text you provide. This data is visible to members of your family group.

2.2 Information Collected Automatically. When you use the App, we automatically collect certain information about your device and usage:

• Device Information: device type, operating system and version, unique device identifiers, and mobile network information.
• Push Notification Tokens: we collect Apple Push Notification service (APNs) device tokens to deliver push notifications about new questions, answers, and family activity.
• Usage Analytics: we collect anonymous analytics data via PostHog, including screen views, feature interactions, session duration, and crash reports. This data is used solely to understand how the App is used and to improve the user experience. We do not sell this data to third parties.

2.3 Information We Do NOT Collect. We do not collect precise geolocation data, contacts or address book data, financial or payment information (all payments are processed by Apple), health data, browsing history, or data from other apps on your device.

We process your personal information for a variety of reasons, depending on how you interact with the App. We use the information we collect or receive:

• To facilitate account creation and authentication and otherwise manage user accounts, including Sign in with Apple integration.
• To deliver personalized daily questions to your family based on survey responses, topic preferences, and engagement patterns.
• To enable family communication by allowing family members to share answers, messages, photos, audio recordings, and emotion check-ins within their family group.
• To send push notifications about new daily questions, when family members submit answers, answer reveals, and other family activity. You can disable notifications at any time in your device settings.
• To manage subscriptions and in-app purchases through our integration with RevenueCat and Apple's App Store.
• To improve and optimize the App by analyzing anonymous usage patterns, identifying bugs, and understanding which features are most valuable to users.
• To respond to user inquiries and provide customer support.
• To protect our services, including fraud monitoring, security enforcement, and abuse prevention.
• To comply with legal obligations including applicable laws, regulations, legal processes, or governmental requests.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we only process your personal information when we have a valid legal reason to do so. Our legal bases include:

• Consent: you have given us permission to process your personal information for a specific purpose. You can withdraw your consent at any time.
• Performance of a Contract: processing is necessary to provide the services you have requested (e.g., delivering daily questions, enabling family communication).
• Legitimate Interests: processing is necessary for our legitimate interests (e.g., app improvement, security) and is not overridden by your data protection interests or fundamental rights.
• Legal Obligation: processing is necessary to comply with a legal obligation.

We do not sell, trade, or rent your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes. We may share information in the following limited circumstances:

5.1 Within Your Family Group. Answers, messages, photos, audio recordings, and emotion check-in data are shared with members of your family group. This is the core function of the App. Only users who have joined your family group via an invite code can see your family's data.

5.2 Service Providers. We use the following third-party services that process data on our behalf under contractual obligations to protect your information:

• Supabase — cloud database and authentication (hosted on AWS infrastructure in the United States)
• Fly.io — backend API hosting and server infrastructure
• RevenueCat — subscription and in-app purchase management (receives anonymized purchase data)
• PostHog — anonymous product analytics and crash reporting
• Apple Push Notification service (APNs) — delivery of push notifications to your device

5.3 Legal Requirements. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process (such as in response to a court order or a subpoena).

5.4 Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

5.5 Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice in the App of any change in ownership or uses of your personal information.

Our servers are located in the United States. If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in the United States and by third-party service providers in countries where data protection laws may differ from those in your jurisdiction.

If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), we ensure that your personal data receives an adequate level of protection through appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or by relying on an adequacy decision by the European Commission.

We retain your personal data for as long as your account is active or as needed to provide you the App's services, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

Specifically:

• Account data is retained for the lifetime of your account.
• User-generated content (answers, messages, photos, audio) is retained for the lifetime of your account and is deleted when your account is deleted.
• Analytics data is retained in anonymized form and cannot be linked back to individual users.
• Push notification tokens are deleted when you uninstall the App or disable notifications.

You may request deletion of your account and all associated data at any time by contacting us at contact@talkingback.app. We will process your deletion request within 30 days.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including:

• Encryption in transit using TLS/SSL for all data transmitted between your device and our servers
• Row-level security (RLS) policies in our database that ensure users can only access data belonging to their own family group
• Secure authentication via Supabase Auth with support for Sign in with Apple
• Regular security reviews and updates to our infrastructure

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

Talking Back is designed for families, including teenagers. However, the App is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.

The App is designed to be set up by a parent or guardian who invites family members (including teens aged 13 and older) to join their family group. Parents are responsible for overseeing their children's use of the App.

If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 13, please contact us at contact@talkingback.app.

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws. These may include:

10.1 Rights Under GDPR (EEA/UK Residents). If you are a resident of the European Economic Area or the United Kingdom, you have the following rights:

• Right of access — the right to request copies of your personal data
• Right to rectification — the right to request correction of inaccurate data
• Right to erasure — the right to request deletion of your personal data
• Right to restrict processing — the right to request restriction of processing of your data
• Right to data portability — the right to receive your data in a structured, machine-readable format
• Right to object — the right to object to processing of your data based on legitimate interests
• Right to withdraw consent — the right to withdraw consent where we rely on consent to process your data

10.2 Rights Under CCPA (California Residents). If you are a California resident, you have the right to:

• Know what personal information is being collected about you
• Know whether your personal information is sold or disclosed and to whom
• Say no to the sale of personal information (we do not sell your data)
• Request deletion of your personal information
• Not be discriminated against for exercising your privacy rights

10.3 Rights Under Canadian Privacy Laws. If you are a Canadian resident, you have the right to access your personal information, request correction of inaccurate data, and withdraw consent to the processing of your information.

10.4 Exercising Your Rights. To exercise any of these rights, please contact us at contact@talkingback.app. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

Talking Back offers optional paid subscriptions (“Talking Back Pro”) managed through Apple's App Store and RevenueCat. Subscription options include monthly and yearly plans with a free trial period.

• All payment processing is handled entirely by Apple through the App Store. We do not collect, store, or have access to your payment card details or financial information.
• RevenueCat receives anonymized purchase and subscription status data to manage entitlements. RevenueCat does not receive your name, email, or other identifying information.
• Subscriptions automatically renew unless auto-renew is turned off at least 24 hours before the end of the current period. Subscriptions may be managed and auto-renewal turned off in your Apple ID Account Settings.

We may send you push notifications through the Apple Push Notification service (APNs) to alert you about new daily questions, when family members have submitted answers, answer reveals, and other family activity. You can opt out of receiving push notifications at any time by adjusting notification permissions in your device's Settings app. Opting out of notifications will not affect other functionality of the App.

The App may integrate with or contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We strongly encourage you to review the privacy policy of every third-party service you interact with.

Our use of third-party service providers is limited to the services listed in Section 5.2 above, each of which processes data on our behalf under contractual obligations to protect your information.

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting. At this time, there is no uniform technology standard for recognizing and implementing DNT signals. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this Privacy Notice. If we make material changes, we will notify you either through the App, by email, or by posting a notice prior to the change becoming effective. We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.

If you have questions or comments about this Privacy Notice, your privacy rights, or would like to exercise your rights described above, please contact us at:

If you are a resident of the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.