Privacy Policy

Last updated: April 19, 2026

This Privacy Policy explains what information Talven Tech, Inc. ("we", "us", "Talven Tech") collects, how we use it, who we share it with, and the choices you have. It applies to the Talven Chat service, including the landing pages at /b/{business-slug}, the embeddable chat widget, and any related dashboards or APIs (the "Service").

1. Information We Collect

From business owners

• Account information: email address, business name, optional contact details you provide when claiming a business or signing up.
• Public business information: name, address, phone, category, website URL, public reviews, opening hours — sourced from public listings such as Google Business Profile and your own published website.
• Website content: pages crawled from your publicly accessible website (text, headings, menus, FAQ content) and processed into a vector index used by the chatbot.
• Payment information: billing details are collected and stored by Stripe, our payment processor. We do not store full card numbers ourselves; we receive only the metadata required to manage your subscription (subscription ID, period dates, payment status).
• Authentication tokens: short-lived JWTs issued after a passwordless magic link login.

From end users of a chatbot

Anyone can use a deployed chatbot — no account or login is required. When a visitor chats with a Talven Chat chatbot we collect:

• Conversation messages — both the questions sent by the visitor and the chatbot's responses.
• A truncated hash of the visitor's IP address — used solely for rate limiting and abuse prevention. We do not store the raw IP.
• User-agent string and basic device characteristics — used for analytics and debugging.
• A randomly-generated session identifier stored in the visitor's browser for the duration of the chat session.

We do not ask end users for their name, email, or any personal identifier; we do not require login; and we do not deploy third-party advertising or behavioral tracking pixels on chatbot-served pages.

2. How We Use the Information

• Provide, operate, and improve the Service.
• Train no general-purpose model on your data. Customer Content is used only to power your chatbot's retrieval and to compute prompt context at request time.
• Send transactional email — magic links, billing receipts, expiration notices, and outreach related to a specific business.
• Detect, prevent, and respond to abuse, fraud, or security incidents.
• Comply with legal obligations.

3. Sharing With Third Parties

We share data with the following sub-processors, only to the extent necessary to provide the Service:

• OpenAI — chat messages and retrieved context are sent to OpenAI's API for response generation. See OpenAI's privacy policy.
• Stripe — for payment processing. See Stripe's privacy policy.
• Resend — for sending transactional email (magic links, outreach, notifications). See Resend's privacy policy.
• Google Maps Platform / Places API — for city and business discovery.
• Cloud hosting providers used to operate our infrastructure.

We do not sell personal information.

4. Data Retention

• Active subscriptions: we retain Customer Content and end-user conversations for as long as the subscription is active.
• Cancelled subscriptions: data is retained for thirty (30) days after the end of the paid period to allow reactivation, then permanently deleted from our active systems.
• Backups: backup snapshots may persist for up to an additional thirty (30) days before being purged.
• Support tickets: retained for up to two (2) years for record-keeping.

5. Your Rights

You may request access to, correction of, or deletion of personal information about you by emailing [email protected]. We will respond within 30 days. Business owners can also delete their entire chatbot and all associated data on request.

6. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you, among other things, the right to:

• Know what personal information we collect about you and how it is used and shared.
• Request deletion of personal information we hold about you.
• Correct inaccurate personal information.
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising — Talven Tech does not engage in either.
• Be free from discrimination for exercising any of these rights.

To exercise any of these rights, email [email protected]. We may need to verify your identity before fulfilling your request.

7. Cookies and Local Storage

Talven Chat uses minimal browser storage:

• JWT auth cookie (HttpOnly, SameSite=Lax) — only set after you sign in to a dashboard.
• Preview-access cookie — only set when you visit a preview chatbot via a signed link.
• localStorage on chatbot widget pages — used to persist the chat session identifier so a conversation survives a page refresh.

We do not use third-party cookies, advertising trackers, or analytics tools that profile you across sites.

8. Security

We use TLS for all network traffic, store secrets in a managed secret store, hash magic-link tokens at rest, and apply rate limits to authentication and chat endpoints. No system is perfectly secure; please report any vulnerabilities to [email protected].

9. International Transfers

Our infrastructure and sub-processors are located primarily in the United States and the European Union. By using the Service you consent to the transfer of your information to countries that may have different data-protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced by email to business owners on file.

11. Contact

Questions, requests, or complaints about this Privacy Policy?
Email [email protected].