Back to Home

Privacy Policy

Operator: Talkie Tech Co., Ltd. (hereinafter referred to as "we") This Privacy Policy explains how we collect, use, store, and share data when you use Signalsurf (hereinafter referred to as "the Service").

1. Types of Data We Collect/Access

To provide the Service, we may collect or access the following data:

(A) Account and Authorization Data

  • Access tokens, refresh tokens, and expiration times generated from Threads/Meta authorization (stored only on the server side, used to call Threads API on your behalf).
  • Your Threads user identification information (e.g., Threads user ID / username and other necessary fields).

(B) Configuration Data You Provide

Keywords you create, tracking lists (e.g., competitor account username lists), preference settings (language, notification settings, etc.).

(C) Content Data Retrieved from Threads (Subject to Your Authorization and Permissions)

After your authorization, we retrieve data related to the Service's functionality through the Threads API, including but not limited to:

  • Public posts obtained through threads_keyword_search (e.g., text, links, timestamps, etc.) for monitoring and filtering.
  • Public account profile information and public posts queried through threads_profile_discovery for tracking public activities of accounts on your tracking list.
  • Replies you created obtained through threads_read_replies and necessary conversation relationships (e.g., root/replied-to relationships) to analyze your interaction preferences (e.g., types of posts you prefer to engage with).
  • Basic access capabilities related to threads_basic.

Note: We cannot guarantee access to all public content; data may be unavailable or incomplete if content is deleted, the author switches to a private account, or platform access is restricted.

(D) Analysis and Tagging Data (Generated by the Service)

  • We may store classifications, summaries, highlights, and "worth replying / not worth replying" determinations and their reasons for posts (to help you browse and make decisions faster).
  • We will not post comments on your behalf; the Service only provides filtering and organization.

(E) Device and Usage Data (As Operationally Necessary)

E.g., App version, error logs, IP/connection information, push tokens (for notifications).

2. How We Use Data

We use data for the following purposes:

  • Providing and maintaining the Service (e.g., periodically fetching updates for your specified keywords/tracking lists, displaying posts of interest).
  • Using AI/rule-based models for organization, summarization, classification, and filtering to help you decide whether to interact.
  • Preventing abuse, fraud, illegal activities, and maintaining system security.
  • Improving product experience, debugging, and statistical analysis (for service quality purposes).

3. AI / Third-Party Processing (OpenRouter)

To perform summarization, classification, and filtering, we may send "necessary text content" to a third-party AI service: OpenRouter.

Content sent typically includes: public post text, your own reply text (for preference analysis), keywords, and minimal context needed for output generation.

We take reasonable measures to mitigate risks, such as data minimization, avoiding sending unnecessary personal information, and avoiding including tokens/keys or other sensitive information in prompts.

4. Data Retention Period

Unless required by law for a longer period or with your separate consent, our default retention period for data processed by the Service is: up to 5 years (from the date of data generation or last interaction/use).

You may request deletion of your data at any time (see Section 6).

5. Data Sharing and Disclosure

We do not sell your personal data. Data may be shared/disclosed in the following circumstances:

  • Service Providers: E.g., cloud hosting, databases, push notification services, OpenRouter (limited to the scope necessary to provide services).
  • Legal Obligations: As legally required by competent authorities or to protect rights and safety.
  • Preventing Abuse: As necessary to investigate violations or security incidents.

Google User Data (Meeting Recorder)

If you connect your Google Calendar to enable the Meeting Recorder, we request only the following Google scopes and use the data solely to provide that feature:

  • calendar.events (read and write): to read your upcoming events and detect meetings that have a video-conferencing link so we can send an AI notetaker bot to join, record, and transcribe them for you, and to create or update calendar events (including a Google Meet link and the attendees you specify) when you ask the in-app assistant to schedule a meeting.
  • calendar.freebusy: to check your availability before proposing meeting times.
  • userinfo.email: to identify the Google account you connected.

To record and transcribe your meetings, the meeting audio/video and the resulting transcript are processed by our sub-processor Recall.ai. We do not use Google user data for advertising, we do not sell it, and we do not use it to train generalized AI/ML models.

You can disconnect Google Calendar at any time from the app's Connections settings; on disconnect we stop accessing your calendar. Meeting recordings and transcripts are deleted on request (see Section 6) and when you delete the associated records.

SignalSurf's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Your Rights and Data Deletion

You can request data deletion through the following method:

Email to: neon@talabase.com

Subject: Signalsurf Data Deletion Request

And provide your identification information used in the App (e.g., registered email/user ID).

After verification, we will complete deletion or anonymization within a reasonable timeframe (unless retention is required by law).

7. Security Measures

We take reasonable technical and organizational measures to protect data, such as:

  • Tokens and sensitive information are stored only on the server side (not in iOS plaintext)
  • Access control, encryption/hashing, access logs, and data processing minimization

8. Contact Us

Talkie Tech Co., Ltd.

Email: neon@talabase.com

Last updated: December 20, 2025