Your privacy matters to us. This policy explains how Talk Wisely Platforms Private Limited collects, uses, and protects your personal data under GDPR, UK GDPR, India's DPDP Act, CCPA, and PIPEDA.
Talk Wisely Platforms Private Limited ("Talkwisely", "we", "our", "us"), incorporated in Ahmedabad, Gujarat, India, values the privacy of every person who uses our services. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it.
By using our Service you agree to the collection and use of your personal information in accordance with this policy. If you do not agree, you must stop using our Services.
This policy applies to all services available at talkwisely.io and its subdomains — including the Talkwisely business phone platform, AI analytics suite, call recording features, and related applications.
This policy is written in plain English wherever possible. Where legal precision is required, we flag that clearly. Whenever you see 'Talkwisely', 'Talkwisely Services', or 'talkwisely.io', it refers to all services made available by Talk Wisely Platforms Private Limited.
The personal data we collect when you visit our website, sign up for an account, or use any Talkwisely service.
How we process data as a Data Controller (for account, billing, and marketing data) and as a Data Processor acting on behalf of our customers (for call recordings, transcripts, and AI analytics).
Your rights under GDPR (EU/EEA), UK GDPR, CCPA/CPRA (California), India's Digital Personal Data Protection Act 2023 (DPDP Act), and Canada's PIPEDA.
Data Controller: Talkwisely is the Data Controller for account registration data (name, email, phone number), billing records, and marketing data. We determine why and how this data is processed.
Data Processor: Talkwisely is a Data Processor for all communications data generated by your use of the platform — including call recordings, transcripts, AI summaries, and sentiment data. Your organisation (the Customer) is the Data Controller for that data and is responsible for its lawful basis, consent obligations, and regulatory compliance.
This distinction matters for enterprise compliance. Our Data Processing Agreement (DPA) reflects this structure in full (see Section 20).
Customer: an organisation or individual who subscribes to Talkwisely and manages a workspace.
User: an individual who has an account on a Customer's Talkwisely workspace.
It is possible to be both. Data protection responsibilities differ — Customers carry additional obligations as Controllers for their Users' communications data.
Account creation and service delivery: Performance of Contract — processing is necessary to fulfil our service agreement with you.
Call recordings and AI analytics: Performance of Contract (where enabled by the Customer). Consent of call parties is the Customer's responsibility to obtain.
AI transcription and sentiment analysis: Performance of Contract — processing takes place only to deliver contracted AI analytics features.
Marketing communications: Consent or Legitimate Interest, depending on jurisdiction and communication type.
Connection logs and IP addresses: Legitimate Interest — to secure our infrastructure and prevent abuse.
Billing and transaction records: Legal Obligation — retained for 7 years to meet financial reporting requirements.
Where you choose to sign in using Google (via OAuth 2.0), we access a limited set of Google account data strictly to facilitate authentication and account setup.
Name and display name, as provided by your Google account.
Email address associated with your Google account.
Google account profile picture (avatar), if available.
A unique Google account identifier used to link your Google identity to your Talkwisely account.
We do not access your Google Contacts, Google Drive files, Gmail messages, Google Calendar events, or any other Google Workspace data beyond the basic profile information listed above.
To authenticate your identity and allow you to sign in to Talkwisely without creating a separate password.
To create and pre-populate your Talkwisely account profile (name, email, and profile picture) for a smoother onboarding experience.
To identify your account uniquely across sessions and devices.
We do not access Google user data for any purpose beyond what is necessary to provide and improve the Talkwisely service.
Google user data is stored on our secure AWS infrastructure, protected by encryption in transit (TLS) and at rest (AES-256).
Access to stored Google user data is restricted to authorised Talkwisely personnel who require it to operate and support the service.
We retain Google user data only for as long as your Talkwisely account remains active. When you delete your account, your Google user data is permanently deleted within 24 hours.
We do not sell Google user data to any third party under any circumstances.
We do not use Google user data for targeted advertising, retargeting, or the delivery of personalized advertisements.
We do not transfer Google user data to data brokers, information resellers, or any party whose primary business involves data aggregation or resale.
We do not use Google user data to determine your creditworthiness or for any lending or financial decisioning purpose.
We do not use Google user data to train artificial intelligence or machine learning models.
We do not use Google user data for any purpose that is not directly related to providing, maintaining, or improving the Talkwisely service as described in this policy.
These restrictions are permanent and reflect our core data handling commitments to our users and to Google.
We do not share Google user data with third parties except in the following limited circumstances: (a) with sub-processors who assist us in operating the service (such as our cloud infrastructure provider, AWS), subject to data processing agreements that prohibit them from using the data for any other purpose; or (b) where required by applicable law, regulation, or a valid legal process.
We require all sub-processors who handle Google user data to adhere to the same restrictions described in section 3.4.
Talkwisely offers AI-powered features including call transcription, sentiment analysis, call summaries, agent coaching, call scoring, keyword detection, and customer intent detection. This section explains precisely how your data is used in connection with these features — and what we will never do.
Customer data — including call recordings, transcripts, conversation summaries, and any other communications data — is never used to train, fine-tune, or improve any AI or machine learning model.
Talkwisely does not own proprietary AI models. We use third-party AI APIs from Anthropic, Google (Gemini), OpenAI, and xAI to power our analytics features.
All third-party AI providers we use have signed Data Processing Agreements (DPAs) with Talkwisely under which they are contractually prohibited from using customer data for their own model training. Data training is turned off by default on all provider integrations.
This guarantee is binding and is reflected in our customer DPA (see Section 20).
When a customer enables AI features (e.g. transcription or sentiment analysis), audio or text data is transmitted to the relevant third-party AI API over an encrypted TLS connection, processed, and the result is returned to Talkwisely.
Third-party AI providers do not retain audio or text beyond the duration of the API call, in accordance with our DPAs.
AI-generated outputs (transcripts, summaries, call scores) are stored on our AWS infrastructure in the customer's designated geographic region (see Section 6) for the duration configured by the customer.
AI features are opt-in. Customers may enable or disable transcription, sentiment analysis, and other AI features at the account level.
Granular controls are available per user and per call, allowing customers to exempt specific users or call queues from AI processing.
Retention periods for AI-generated content (transcripts, summaries, call scores) are fully customer-controlled. Customers may set custom retention periods and configure auto-delete schedules.
Anthropic (Claude): bound by Anthropic's commercial DPA — no training on API data by default.
Google (Gemini API): bound by Google Cloud DPA — data not used for Google model improvement by default.
OpenAI: bound by OpenAI's API data processing addendum — data not used for training by default.
xAI (Grok): bound by xAI enterprise DPA — no training on customer data.
Deepgram: used for speech-to-text — bound by Deepgram's DPA — no model training on customer audio.
AssemblyAI: used for speech-to-text and audio intelligence — bound by AssemblyAI's DPA — no model training on customer audio.
Call recording is a platform feature available to customers for their legitimate business purposes. This section explains responsibilities, tools, and compliance commitments related to call recording.
The Customer (the business operating the Talkwisely workspace) is the Data Controller for call recordings and is responsible for ensuring that all applicable consent and notice requirements are met before recording calls.
Talkwisely is the Data Processor for recorded calls — we store and process recordings only as instructed by the Customer.
Customers must comply with all applicable recording laws in the jurisdictions in which they operate, including: US federal wiretapping laws; US state two-party consent laws (e.g. California, Illinois, Florida); EU GDPR; UK GDPR; India's Information Technology Act; and all other relevant local laws.
Talkwisely provides compliance tooling to help customers meet their recording consent obligations, including: configurable consent announcement audio played to callers before recording begins; per-jurisdiction compliance presets for US two-party consent states, EU member states, and India; and the ability to disable recording entirely — per account, per number, or per queue.
Use of these compliance tools is the customer's responsibility. Talkwisely does not guarantee that enabling a preset will satisfy all local legal requirements — customers should seek independent legal advice for their specific jurisdictions.
Recording retention periods are fully customer-controlled. There is no platform-imposed default limit — customers set their own.
Customers may configure automatic deletion schedules (e.g. delete all recordings older than 90 days) on a per-account or per-queue basis.
Recordings are stored in the customer's designated geographic region (see Section 6). Talkwisely does not access recordings except to deliver the contracted service, provide support (at Customer authorisation), or where required by law.
Talkwisely runs on Amazon Web Services (AWS). We offer region-locked data storage so that your data stays in the geography you choose. This section explains where your data is stored and how we enforce regional boundaries.
All customer data — including call recordings, transcripts, AI-generated content, account data, and logs — is stored on AWS across multiple geographic regions.
Each customer's data is assigned to a region at account creation, based on their declared data residency preference or geographic location.
Region-locked storage is available on all plans at no additional charge.
Data belonging to EU/EEA customers, and all personal data of EU/EEA individuals, is stored in EU AWS regions and is never transferred outside the EU/EEA for storage.
Where operational processes require cross-border data transfer (e.g. AI API calls), we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Chapter V.
SCCs are in place with all sub-processors who may receive EU personal data.
Data belonging to Indian customers, and personal data of Indian residents, is stored in AWS India regions (ap-south-1 or equivalent) and is not transferred outside India for storage.
Our practices for Indian customer data are designed to comply with India's Digital Personal Data Protection Act 2023 (DPDP Act) and the Information Technology Act 2000.
Customers outside the EU/EEA and India may request a specific AWS region for their data at account setup. We support regions across North America, Asia-Pacific, Europe, and the Middle East.
Contact support@talkwisely.io to confirm available regions or request a region change.
The Customer owns and controls all communications data — including call recordings, transcripts, messages, and AI-generated outputs — within their Talkwisely workspace. Talkwisely does not assert any ownership interest in this content.
Talkwisely acts as a Data Processor for communications data. We access this data only as necessary to deliver contracted services, provide support (at Customer request), and meet legal obligations.
We may analyse aggregate and anonymised usage metadata (not content) to improve our platform. We do not profile individual Users or their communications for any purpose unrelated to the contracted service.
We collect information about you when you input it into the Talkwisely Dashboard or applications. Information collected at account registration is kept to a minimum: Email Address, Domain, and Billing Details.
Paying for Talkwisely services is handled entirely by our payment processors — Stripe (for international and EU customers) and Razorpay (for India customers). These processors store your card and billing contact information to process renewals and subscription changes.
We never have access to, nor store, your full card number. Our payment processors may set a browser cookie to remember billing information for future purchases — you can delete or block this cookie at any time without affecting your ability to use the service.
We store billing contact details and the last four digits of your card (provided to us by our payment processor) in our transaction database for financial record-keeping. This information appears on your invoice. Invoice URLs are intentionally long and hard to guess, and we prevent search engine indexing of them. The history of changes to billing contact information is logged in our transaction database.
Transaction data, including Personal Data, is retained for 7 years to meet financial reporting and legal compliance requirements. It is not shared with third parties except as necessary to process payments or resolve payment disputes (e.g. chargebacks).
We may collect information about you through advertisements on LinkedIn, Google, Twitter, or other platforms. When you click an advertisement, you may be asked to provide your name, email, organisation, job title, number of employees, and phone number. The legal basis for processing will be stated within each advertisement.
Marketing data is stored in our CRM system (Pipedrive) and is retained for no longer than 12 months from collection, or deleted immediately upon request — whichever comes first.
We log IP addresses of all connections to Talkwisely services to mitigate abuse, debug operational issues, and monitor traffic patterns.
7 days for Talkwisely Services and Products.
30 days for the Talkwisely application.
We may collect location data if you use the static or live location-sharing features within the Talkwisely app. This includes the GPS coordinates of the location you share and any text included with the location share. This data is encrypted and shared only with the users you specify. We do not use your location data for any other purpose.
We use cookies to operate and provide our Services, including web-based features, session continuity, language preferences, and usage analysis. We do not use third-party advertising cookies. For full details, see our Cookie Policy at talkwisely.io/legal/cookies.
We use the information we collect solely to provide, operate, maintain, and improve our Services. We do not use your data — including any Google user data — for any purpose beyond those described in this policy. Data minimisation is a core principle: we collect only the minimum data strictly necessary.
Providing the Service: authenticating your identity, operating your account, and delivering the core functionality of Talkwisely.
Customer support: responding to questions, diagnosing technical issues, and resolving disputes.
Service improvement: analysing aggregate and anonymised usage patterns to improve reliability, performance, and features. We do not profile individual users for purposes unrelated to the service.
Communications: sending service-related notices, security alerts, and policy updates. Marketing communications are sent only where you have opted in or where permitted by applicable law.
Legal compliance: meeting our obligations under applicable laws and regulations.
We do not sell your personal information or Google user data to any third party.
We do not use your data for targeted advertising, retargeting, or personalized advertising by third parties.
We do not transfer your data to data brokers or information resellers.
We do not use your data to assess creditworthiness or for any lending or financial decisioning purpose.
We do not use your data to train artificial intelligence or machine learning models.
We do not use your data for any purpose beyond operating and improving the Talkwisely service as described in this policy.
We implement comprehensive technical and organisational security measures to protect your data. Below is our current security posture.
Encryption in transit: all data between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at rest: all personal data stored on our servers is encrypted at rest using AES-256.
Role-based access control (RBAC): access to personal data is restricted by role. Only personnel with a business need are authorised to access specific data.
Multi-factor authentication (MFA): required for all Talkwisely staff who access systems containing customer data.
Audit logging: all access to customer data is logged and retained for audit purposes.
Infrastructure security: our AWS infrastructure is maintained with regular security patching, vulnerability scanning (SAST/DAST), DDoS mitigation, and intrusion detection systems.
Penetration testing: we conduct regular penetration testing of our platform.
Background checks are conducted for all employees and contractors with access to systems containing customer data.
Security awareness training is provided to all staff.
Access to production systems is governed by the principle of least privilege and reviewed regularly.
ISO 27001:2022: actively pursuing certification — our primary compliance target.
SOC 2 Type I & Type II: planned as part of our compliance programme.
HIPAA: planned for customers in healthcare-adjacent industries.
Achieved certifications will be published at talkwisely.io/security.
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify affected customers within 72 hours of discovery.
We will notify relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR).
Breach notifications will include: the nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed to address it.
We keep your data only as long as strictly necessary.
Account data (name, email, phone, profile picture): deleted immediately upon account deletion (within 24 hours).
Google user data: permanently deleted within 24 hours of account deletion.
Call recordings and transcripts: customer-controlled. Customers set their own retention period and auto-delete schedule. No platform-imposed limit.
AI-generated content (summaries, scores, sentiment): customer-controlled, same as recordings.
Messages and files: deleted immediately upon account deletion, unless the Customer has a separate legal obligation to retain them.
Billing and transaction records: retained for 7 years to meet financial reporting and legal compliance requirements.
Connection logs and IP addresses: 7 days for Talkwisely Services and Products; 30 days for the Talkwisely application.
Lead generation and CRM data: no longer than 12 months from collection, or deleted immediately upon request.
When a Customer cancels their Talkwisely subscription, workspace data (recordings, transcripts, messages, AI content) is retained for 30 days to allow data export.
After 30 days, all workspace data is permanently deleted. Customers are notified before deletion and may use the built-in data export feature.
Billing records are the sole exception — retained for 7 years as required by law.
You may request deletion of your personal data at any time by using the in-app account deletion feature or by contacting privacy@talkwisely.io.
We action deletion requests within 24 hours and aim to complete deletion within 72 hours. Billing records are the sole exception.
You will receive a confirmation email once your data has been deleted.
We work with third-party sub-processors who process personal data on our behalf. All sub-processors are bound by data processing agreements that: restrict data use to the specific contracted purpose; require security standards equivalent to those described in Section 13; and prohibit selling, disclosing, or further processing beyond the contracted purpose.
A full, current sub-processor list is available at talkwisely.io/legal/subprocessors. Key sub-processors are summarised below.
Amazon Web Services (AWS) — Cloud infrastructure, database (RDS), file storage (S3), transactional email, and analytics. Regions: multiple, customer-designated. AWS DPA in place.
Anthropic — AI inference for call summaries and conversational analytics. Data training disabled. DPA in place.
Google (Gemini API) — AI inference for analytics features. Data training disabled. Google Cloud DPA in place.
OpenAI — AI inference for analytics features. Data training disabled. OpenAI API DPA in place.
xAI (Grok) — AI inference for analytics features. Data training disabled. xAI DPA in place.
Deepgram — Speech-to-text transcription. No model training on customer audio. DPA in place.
AssemblyAI — Speech-to-text and audio intelligence. No model training on customer audio. DPA in place.
Stripe — Payment processing (international/EU customers). PCI DSS Level 1 certified. DPA in place.
Razorpay — Payment processing (India customers). PCI DSS compliant. DPA in place.
Customer-owned SIP/PSTN carriers — Telephony connectivity selected and contracted directly by the Customer. Not a Talkwisely sub-processor.
We do not permit any sub-processor to sell your personal data or Google user data.
We do not permit any sub-processor to use your data for advertising, retargeting, or personalized advertising.
We do not permit any sub-processor to transfer your data to data brokers or information resellers.
We do not permit any sub-processor to use your data to train AI or machine learning models.
When you use third-party services integrated with our platform, those services may receive information about what you share with them. When you interact with a third-party integration, you may be providing information directly to that third party — their own privacy policies and terms govern that data. Talkwisely is not responsible for the data practices of third-party integrations you choose to enable.
We do not allow third-party banner advertisements on Talkwisely. We have no intention to introduce them, but if we ever do, we will update this policy and notify you.
Depending on where you are located, you have specific privacy rights under applicable law. We honour all the rights described below regardless of your jurisdiction.
Right of access (Article 15): request a copy of the personal data we hold about you.
Right to rectification (Article 16): ask us to correct inaccurate or incomplete data.
Right to erasure (Article 17): request immediate deletion of your personal data — we action this within 24 hours.
Right to restriction (Article 18): ask us to pause processing while you contest its accuracy or lawfulness.
Right to data portability (Article 20): receive your data in a structured, machine-readable format.
Right to object (Article 21): object to processing based on legitimate interest.
Right to withdraw consent: withdraw consent at any time where processing is consent-based.
Right to lodge a complaint (Article 77): lodge a complaint with your local supervisory authority — ICO (UK), your EU member state DPA, or equivalent.
Right to know: request disclosure of the personal information we collect, use, and disclose about you.
Right to deletion: request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale: we do not sell personal information — no opt-out is needed.
Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.
Right to correct: request correction of inaccurate personal information.
To exercise CCPA rights, contact privacy@talkwisely.io. We will verify your identity before processing the request.
Right of access: obtain information about the personal data we process about you.
Right to correction and erasure: request correction of inaccurate data, or erasure of data no longer necessary for its original purpose.
Right to grievance redressal: raise a complaint with our Grievance Officer at dpo@talkwisely.io. We will acknowledge within 48 hours and resolve within 30 days.
Right to nominate: nominate another individual to exercise your rights in the event of death or incapacity.
Right to withdraw consent: withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.
Right to access: request access to your personal information and how it has been used or disclosed.
Right to correction: request correction of inaccuracies in your personal information.
Right to withdraw consent: withdraw consent to collection, use, or disclosure, subject to legal or contractual restrictions.
To exercise rights under PIPEDA, contact privacy@talkwisely.io.
To exercise any of the rights described above, contact us at privacy@talkwisely.io or dpo@talkwisely.io.
We will acknowledge your request within 24 hours and complete it within the applicable statutory timeframe: within 24 hours for deletion requests; within one month for GDPR access and portability requests; within 45 days for CCPA requests.
We will never charge a fee for exercising your rights, and we will never require you to justify your request.
Talkwisely is designed to be used by organisations operating across multiple jurisdictions. Below is a summary of how we approach compliance in the key regulatory environments relevant to our customers.
EU and UK personal data is processed in accordance with GDPR and UK GDPR. Lawful bases are described in Section 2.4.
Standard Contractual Clauses (SCCs) govern international data transfers involving EU/UK personal data.
EU and UK personal data is stored in EU AWS regions and is never transferred outside the EU/EEA for storage.
Our DPA reflects the GDPR processor/controller structure and is available on request (see Section 20).
Personal data of Indian residents is processed in accordance with India's Digital Personal Data Protection Act 2023 and the Information Technology Act 2000.
Indian customer data is stored in AWS India regions and not transferred outside India.
Our Grievance Officer for Indian residents is reachable at dpo@talkwisely.io.
Talk Wisely Platforms Private Limited is incorporated in Ahmedabad, Gujarat, India and is subject to Indian law.
We do not sell personal information of California residents.
California residents may exercise their rights as described in Section 18.2.
We do not discriminate against users for exercising their CCPA rights.
We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
We collect, use, and disclose personal information of Canadian residents only with knowledge and consent.
Canadians may request access to and correction of their personal information at any time.
Healthcare: Customers processing health-related data should contact dpo@talkwisely.io to discuss HIPAA Business Associate Agreement (BAA) requirements. We are building towards full HIPAA compliance.
Financial services: our data residency, encryption, RBAC, and audit logging are designed to support financial services compliance requirements including FCA (UK), SEBI (India), and related frameworks.
Legal and recruitment: our DPA includes provisions for sensitive personal data categories relevant to legal advice and candidate data. Contact dpo@talkwisely.io for specific guidance.
Enterprise customers, and customers who need to comply with GDPR, UK GDPR, DPDP, or other data protection frameworks, may require a signed Data Processing Agreement (DPA) with Talkwisely.
Our DPA is currently available on request while we finalise the self-service version. To request a DPA, email dpo@talkwisely.io with the subject line 'DPA Request — [Your Organisation Name]'.
Include your organisation's name, jurisdiction, and any specific compliance framework requirements. We will provide a draft DPA within 5 business days.
Once agreed, the DPA is executed electronically and forms part of your service agreement with Talkwisely.
Controller / Processor roles and processing purposes.
Sub-processor authorisation and the current sub-processor list (talkwisely.io/legal/subprocessors).
Technical and organisational security measures (Section 13).
Data residency and international transfer mechanisms (Standard Contractual Clauses).
Contractual guarantee that customer data is never used to train AI models.
72-hour breach notification commitment.
Data return and deletion obligations on contract termination.
Compliance with GDPR, UK GDPR, and India DPDP Act.
We consider customer-provided DPAs on a case-by-case basis for enterprise contracts.
Contact dpo@talkwisely.io to initiate a DPA review.
You may delete your Talkwisely account at any time using the in-app delete account feature, or by contacting privacy@talkwisely.io. When you delete your account, your personal data is deleted within 24 hours.
If you are a Customer cancelling a subscription, workspace data is retained for 30 days to allow for data export, then permanently deleted. See Section 14.2 for full details.
Please note: uninstalling our app without using the in-app account deletion feature does not remove your server-side data. Use the in-app feature or contact us directly to ensure complete deletion.
Deleting your account does not affect copies of messages already received by other users — those belong to the recipients.
We may collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond to legal process or government requests; (b) enforce our Terms and policies, including investigating potential violations; (c) detect, investigate, prevent, and address fraud, illegal activity, or security issues; or (d) protect the rights, property, and safety of our users, Talkwisely, or others.
We may amend or update this Privacy Policy. We will provide notice of material changes — for example, by email or in-app notification — and update the "Last Modified" date below. Your continued use of our Services after the effective date of any amendment constitutes acceptance. If you do not agree to the amended policy, you must stop using our Services.
For privacy questions, data subject requests, DPA enquiries, or to exercise your rights under applicable law:
Data Protection Officer: dpo@talkwisely.io
Privacy team: privacy@talkwisely.io
Talk Wisely Platforms Private Limited, Ahmedabad, Gujarat, India.
This Privacy Policy was last modified on 24th May 2026.
Have questions about this document?
Contact us at privacy@talkwisely.io