Privacy Policy

Last updated: April 17, 2026

This policy explains what information Talioop collects when you use the cognitive offloading platform (the “Service”), why we collect it, and the choices you have. It applies to the web app at app.talioop.com, the Talioop iOS app (com.talioop.app), and any successor domain or app bundle.

1. Information we collect

We collect only what is needed to run the Service:

  • Account identity. When you sign in, our authentication provider (Clerk) stores your email address, name, any profile image you provide, the sign-in factors you configure (password, passkey, social provider), and audit metadata such as IP and device fingerprints for security.
  • Loop content. Every task, worry, or idea you capture (“loops”) is stored in our database alongside your user ID, along with triage metadata (type, valence, parent loop, due date, resolution, close time, snooze state) and timestamps.
  • Preferences. Notification settings, stale-loop thresholds, and UI preferences you set inside the app.
  • Diagnostic data. Crash reports and performance traces captured by Sentry (EU region) when something goes wrong. We scrub known sensitive fields (loop text, auth headers, session tokens) from these events before they leave our servers. See GUIDE.md § Error reporting (Sentry) for the scrubber spec.
  • Server logs. Standard HTTP access logs kept by Cloudflare and our application servers (timestamp, path, status code, user agent, IP). Used for debugging and abuse prevention.

We do not use third-party analytics SDKs (no Google Analytics, PostHog, Mixpanel, Amplitude, or Segment) and we do not run advertising trackers.

2. How we use the information

  • To authenticate you and enforce per-user data isolation.
  • To store and display your loops, run AI triage on loop text (see §3), send optional daily reminder notifications, and power real-time sync across your devices.
  • To diagnose and fix bugs, monitor service health, and investigate abuse.
  • To communicate service-critical notices (outages, security issues, material changes to this policy) to the email on your account. We do not send marketing email.

3. Third parties we share data with

Talioop is built on a small number of service providers. We only share what each provider needs to do its job, and we do not sell or rent your data to anyone.

  • Clerk (authentication) — stores your account credentials, profile, and session tokens. Privacy: clerk.com/legal/privacy.
  • Supabase (managed Postgres, US East) — stores your loops, preferences, and derived triage data. Privacy: supabase.com/privacy.
  • Sentry (EU region) — receives scrubbed crash reports and performance traces. Privacy: sentry.io/privacy.
  • Cloudflare — serves traffic through a Cloudflare Tunnel and protects the origin. May see request metadata and headers. Privacy: cloudflare.com/privacypolicy.
  • Anthropic (Claude API) — loop text you capture is sent to Anthropic to classify type, estimate valence, and suggest a parent loop. Anthropic’s API terms forbid training on API inputs by default. Privacy: anthropic.com/legal/privacy.

We may also disclose information if required by law, to enforce our Terms of Service, or to protect the rights, safety, and property of Talioop and its users.

4. Data retention

Loops and preferences are retained while your account is active. If you delete your account (see §5), we delete your loops, preferences, and account record from our primary database within 30 days. Scrubbed diagnostic events in Sentry expire on Sentry’s standard retention (90 days). Cloudflare and provider logs follow each provider’s retention defaults.

5. Your rights

You can exercise the following rights at any time. Depending on where you live, local law may give you additional rights (for example the GDPR, UK GDPR, or CCPA).

  • Access and export. Email privacy@talioop.com from the address on your account and we will send a JSON export of your loops and preferences within 30 days.
  • Correction. Edit any loop or profile field directly in the app, or email us if a field is not editable.
  • Deletion. Email privacy@talioop.com and we will delete your account, loops, and preferences within 30 days. (A self-service delete button is on the roadmap; see §10.)
  • Opt out of AI triage. Email us and we will flag your account so new loops skip the Anthropic call. Triage accuracy will be reduced.

6. Security

All traffic is served over HTTPS. Session tokens are issued by Clerk and rotated automatically. Our database enforces row-level scoping on every query so you can only read and write your own data — a missing user filter returns 404, not cross-tenant results. We log and alert on unauthorized access attempts. No system is perfectly secure; please report suspected vulnerabilities to privacy@talioop.com.

7. Children

Talioop is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child has created an account, email us and we will delete it.

8. International transfers

Talioop is operated from the United States. Our Postgres database is hosted in AWS us-east-1. Sentry is hosted in the EU. Cloudflare operates a global network. By using the Service you consent to the transfer of your information to these regions.

9. Changes to this policy

If we make a material change we will post the new policy here and update the “Last updated” date above. For significant changes we will also send a notice to the email on your account.

10. Contact

Questions, requests, or complaints: privacy@talioop.com.