Privacy Policy

Introduction

Word2Talk ("we", "our", or "us") is dedicated to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose information when you use our Chrome Extension, Web Player, and related services (collectively, the "Service").

Information We Collect

Information You Provide

• Email Address: When you create an account, we collect your email address for authentication, billing communication, and account management.
• Payment Information: When you purchase a listening pack, payment is processed by Stripe. We do not store your credit card number. We receive your Stripe Customer ID and transaction metadata (amount, date, plan type) for record-keeping.

Information Collected Automatically

• Article URL and Content: When you use the Service to listen to an article, the URL and extracted text are sent to our servers for processing. Extracted article text is stored in our database to enable your personal reading library, replay functionality, and progress tracking.
• Audio Cache: Synthesized audio is cached on AWS S3 to enable instant replay without re-processing. Audio is associated with article content, not with individual users.
• Usage Data: We track listening duration, article progress, and reading streaks to provide you with personalized statistics and to calculate billing usage.
• Device & Browser Information: Standard HTTP metadata (IP address, browser type) is collected by our hosting provider (AWS) for security and rate-limiting purposes. We do not profile individual users based on this data.
• Waitlist IP Address: When you join the pre-launch waitlist, your IP address is stored alongside your email address. This is used solely for rate-limiting and anti-abuse purposes, and is automatically deleted after your account is activated.
• Cookies: We use essential and analytics cookies:
  • auth_token — An HttpOnly, Secure cookie for session authentication.
  • beta_bypass — An HttpOnly, Secure cookie for early access during beta.
  • Google Analytics (_ga, _ga_*) — Analytics cookies used to understand site usage. These are only set if you accept cookies via our consent banner.

Analytics

We use PostHog to track anonymized product events such as account creation, pack purchases, and feature usage. We also use Google Analytics 4 (GA4) to measure website traffic and user engagement on our marketing pages. GA4 is only active after you provide consent via our cookie banner. Analytics data is used to improve the product and is not sold or shared with third parties for advertising.

How We Use Your Information

• Service Delivery: Article text is processed through OpenAI's API for text cleaning, summarization, translation, and text-to-speech synthesis. Audio is stored for your personal library and replay.
• Billing: Your email and Stripe Customer ID are used to process purchases, send confirmation emails, and manage your subscription status.
• Gifting: When you generate a gift link, we create a unique code associated with your account. The recipient's email is optionally collected when they claim the gift, solely to credit their account.
• Communication: We send transactional emails (purchase confirmations, activation links, login codes) via AWS SES. We do not send marketing emails without your consent.
• Product Improvement: Anonymized usage patterns help us improve features, fix bugs, and optimize performance.

Data Storage and Retention

• Article Content: Stored in our PostgreSQL database for as long as you maintain an active account. You can delete individual articles from your library at any time.
• Audio Cache: Cached on AWS S3. Audio files are content-addressed (shared across users who listen to the same article) and are not personally identifiable.
• Account Data: Retained for as long as your account is active. To request account deletion, contact us at hello@word2talk.com.

Data Security

• Encryption in Transit: All communication is encrypted using HTTPS/TLS.
• Token Security: Authentication tokens are hashed with SHA-256 before storage. Raw tokens are never persisted on our servers.
• Rate Limiting: API endpoints are rate-limited to prevent abuse.
• Access Control: CORS policies restrict API access to authorized origins only.
• Non-Root Container: Our production server runs as a non-root user inside a hardened Docker container.

Third-Party Services

• OpenAI API: Article text is sent to OpenAI for processing. OpenAI's API Data Usage Policy states that API data is not used to train their models.
• Amazon Web Services: Hosting (App Runner), storage (S3), and email (SES). Data is processed within the US-East-1 region.
• Stripe: Payment processing in accordance with PCI DSS standards. See Stripe's Privacy Policy.
• Supabase: Managed PostgreSQL database. See Supabase's Privacy Policy.
• PostHog: Product analytics. See PostHog's Privacy Policy.
• Google Analytics: Website traffic measurement (only with your consent). See Google's Privacy Policy.

Your Rights and Choices

• Access & Export: View all your data (articles, listening history, billing) in your dashboard.
• Deletion: Delete individual articles from your library, or request full account deletion via hello@word2talk.com.
• Opt-Out: The extension only activates when you interact with it. Uninstall at any time.
• Cookie Control: Manage analytics cookies via the consent banner at the bottom of any page. Clear authentication cookies by logging out.

Children's Privacy

Word2Talk is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@word2talk.com.