Privacy Policy
Last updated: March 2, 2026
This Privacy Policy explains how we collect, use, and protect information when you use Talk2Desk, our voice-first invoicing and customer management app for small businesses and freelancers (the "App"). If you have questions, contact us at m.budziat@gmx.de.
1. Who is responsible?
Data controller / responsible party:
Maximilian Budziat
Georgia, Tbilisi City, Zakaria Paliashvili Street, N 41
m.budziat@gmx.de
2. What the App does
Talk2Desk lets small business owners, freelancers, and service providers create professional, tax-compliant invoices and manage customer records — by voice or manually. Users describe an invoice by speaking; AI transcribes the recording and extracts structured data (customer details, line items, prices, quantities). The App supports 195 countries with automatic VAT, GST, and sales tax calculation, and 52 currencies. Users can sign up and log in using email/password, Sign in with Apple, or Google Sign-In.
3. What information we collect
Account & authentication
- Email address (if you register with email)
- Authentication identifiers (Firebase user ID; Apple/Google identifiers as provided during sign-in)
- Account metadata (account creation time, last sign-in time)
Company profile
- Business information (company name, trading name, business address, country, currency)
- Contact details (business email, phone number)
- Tax identifiers (VAT number, tax ID, and country-specific formats such as German Steuernummer, French SIREN, US EIN, UK CRN, Indian PAN, and others)
- Banking details (IBAN, BIC/SWIFT code, bank name) — used to populate invoice payment information
Customer data
- Customer profiles (names, addresses, contact details, tax IDs) that you create and store in the App
Invoice data
- Invoice records (line items, quantities, prices, discounts, tax calculations, invoice status, invoice numbers)
Voice recordings
- Audio recordings you make when using the voice dictation feature. Recordings are limited to 25 MB and are transmitted to our secure server-side processing pipeline for transcription and data extraction via OpenAI. Recordings are not stored permanently — they are discarded after processing is complete.
Subscription data
- Purchase history (subscription status, transaction identifiers)
- Usage data related to in-app purchases
We use RevenueCat to manage subscriptions. RevenueCat processes purchase data to verify entitlements and provide subscription management.
Error and crash data
- Crash reports and error logs (collected via Sentry for troubleshooting)
- Device information (device type, OS version, app version)
Sentry may collect IP addresses and technical data to help us identify and fix issues.
Local data (stored on your device only)
- Theme preference (Light, Dark, or System)
- Onboarding state
This data is stored locally via AsyncStorage and is not uploaded to our servers.
What we do NOT collect
- Location data (beyond the country you provide in your profile)
- Device contacts
- Browsing history
- Advertising identifiers or third-party tracking data
- Permanent copies of voice recordings
We do not send marketing emails. You may receive only necessary service emails related to authentication (for example, password reset or login/security emails).
4. How we use your information
- To create and manage your account and authenticate logins
- To store and sync your company profile, customer records, and invoices
- To process voice recordings and extract structured invoice and customer data via AI (OpenAI)
- To calculate taxes automatically based on your country's tax regime (GOBL standard)
- To populate invoices with your company profile and banking details
- To provide core functionality (e.g., password resets, account recovery)
- To diagnose errors and improve App stability (via Sentry)
- To maintain security, prevent abuse, and troubleshoot issues
5. Voice processing and AI
When you use the voice dictation feature, your audio recording is transmitted securely to our backend (Google Cloud Functions), where it is processed using OpenAI's API for transcription and structured data extraction. The recording is used solely to generate your invoice or customer record and is not retained or used for AI model training by us. Please review OpenAI's privacy policy for details on how OpenAI handles API inputs.
- Audio is only recorded when you actively trigger the dictation feature
- The App requires microphone permission for this feature only
- Recordings are processed server-side and then discarded
- Maximum recording size: 25 MB
6. Legal bases (EEA/UK users)
If you are in the EEA/UK, we process personal data under these legal bases:
- Contract (to provide the App's features to you)
- Legitimate interests (security, fraud prevention, error tracking, service reliability)
- Consent (only when required by law for specific processing, such as microphone access)
7. Services and processors we use
We use the following third-party services to operate Talk2Desk:
- Firebase Authentication (Google) — for email, Apple, and Google sign-in
- Cloud Firestore (Google) — to store your company profile, customer records, invoices, and preferences
- Cloud Functions (Google) — to securely process voice recordings and handle sensitive operations server-side
- OpenAI — for voice transcription and AI-based data extraction from your recordings
- RevenueCat — to manage subscriptions and in-app purchases
- Sentry — for error tracking and crash reporting
When you use Google Sign-In or Sign in with Apple, those providers process authentication as part of the login flow. These providers may process personal data on our behalf as "processors" and/or as independent controllers for their own services. Please review their privacy policies for details.
8. Banking and sensitive business data
Your banking details (IBAN, BIC, bank name) and tax identifiers are stored in Cloud Firestore with strict user-isolation security rules — only you can access your own data. This information is used solely to populate your invoices. We do not share or sell this data to any third party.
9. Data retention
We retain your data while your account is active. If you delete your account, we delete or anonymize your personal data associated with the account, including your company profile, customer records, and invoices, unless we must keep certain data to comply with legal obligations, resolve disputes, or enforce our agreements.
Voice recordings are not retained — they are discarded immediately after processing is complete.
10. Account deletion
You can delete your account directly in the App under Settings > Account. Account deletion requires reauthentication for security. When you request deletion, we remove your account and all associated data stored in our Firebase backend, including your company profile, customer records, and invoices. If you need help, contact m.budziat@gmx.de.
11. Your rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Object to or restrict certain processing
- Data portability
- Withdraw consent (where applicable)
To exercise rights, email m.budziat@gmx.de. We may ask you to verify your identity.
12. Security
We use reasonable technical and organizational measures to protect your data. All data is stored in Google Cloud Firestore with strict user-isolation rules — each user can only access their own data. Sensitive operations, including voice processing, are handled server-side via Cloud Functions. No method of transmission or storage is 100% secure, but we aim to protect information against unauthorized access or disclosure.
13. Children
Talk2Desk is a business tool intended for adults. We do not knowingly collect personal information from children under the age required by local law to consent to data processing. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.
14. Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date above. Continued use of the App means you accept the updated policy.