Privacy, in plain English.
What we collect, what we don't, where it goes, and how to remove it.
The short version
We don't collect names. We don't collect government ID. We don't sell data. We don't run third-party advertising trackers. The Service is built privacy-first by design, most of what protects you is structural, not optional. Below is the full detail.
Summary
TalkHereNow is built privacy-first. Most of what makes us privacy-first is structural: we don't collect names, we don't collect government-issued identification, we don't sell data, and we don't run third-party advertising trackers. This document describes everything we do collect, why we collect it, where it goes, and how to remove it.
We do not sell your data.
We do not sell or share your personal information with data brokers, advertisers, or any third party for advertising or commercial profiling. The service providers listed below process data on our behalf, under contracts that prohibit them from using your data for their own purposes. To the best of our knowledge, none of them sell data either, but we cannot warrant their downstream practices. If you have a specific concern about a category of provider, contact legal@talkherenow.com and we'll tell you who that provider is and link to their policy.
What stays on your device
The following never leaves your phone or tablet during a session:
Stays on your device
- Camera feed (continuous). Used by our 6DoF scene-anchoring technology to track the surface you place an AI Friend on. The continuous frames are never uploaded.
- Device motion sensors. Accelerometer and gyroscope data used for spatial tracking. Stays local.
- Recorded video clips. Videos generated in Roast and Object Story modes are composed in your browser from your camera feed plus the AR AI Friend overlay plus the AI Friend's voice. These clips stay in your browser's memory. They are never uploaded to our servers. If you choose to save or share a clip, that happens via your phone's native share sheet; we do not receive a copy.
- Recent conversation history. The last few message turns are kept on your device as short-term context for the AI. We keep only distilled memory facts on our servers, not a transcript of your conversations.
What we store on our servers
- Session identifier, a random opaque string for your browser.
- Conversation memory, encrypted with AES-256-GCM.
- Email, only if you claim an account, encrypted.
- Subscription state, if applicable. No card numbers.
- Truncated IP, network prefix only, for fraud detection.
What we store on our servers
To run the Service, we store the following encrypted, keyed to a server-side identifier rather than to a name or email:
- A session identifier. A random opaque string assigned to your browser the first time you visit. Used to associate conversations and memory with your usage.
- Conversation memory. Facts an AI Friend has learned about you across visits. Stored encrypted at rest using AES-256-GCM. We never train any third-party model on this data.
- Email address (only if you claim an account). Stored encrypted. Used to recover your memory across devices and to contact you for support.
- Subscription state (if applicable). Whether you have an active subscription, when it renews, and your payment processor's customer ID. We do not store card numbers.
- A non-identifying device fingerprint. Browser type, operating system, screen size. Used for hardware-tier detection and abuse prevention.
- IP address (truncated). We retain only the network prefix (the first 24 bits for IPv4, the first 48 bits for IPv6), enough for fraud and abuse detection, not enough to identify an individual.
- Show & Tell audit log. Text of any prompt that produced or attempted an AI-generated image, the outcome (allowed / blocked / quota-limited), and a timestamp. Image bytes themselves are never stored on our servers, they stream directly from our image-generation provider to your device.
- Voice tone signals. While you speak, your browser computes a few low-detail summary signals locally (rough volume, rough pace, pause patterns) and sends those summary values, not your voice, to the chat service so the AI Friend can match your energy. The raw audio of your voice is not sent to any AI provider for tone analysis. Speech recognition for converting your words to text uses the speech-recognition feature built into your browser.
- Vision-feature audit log. When you tap the eye button, or enter Roast or Object Story mode, we keep a short record (provider name, request time, output length) so we can defend against abuse and reconcile billing. The frame bytes themselves are not retained by us or by the scene-analysis provider after the request completes.
Third-party services
The following categories of processors handle parts of the Service. Each operates under a contract that limits them to processing on our behalf. They each have their own privacy practices. If you would like to know who a specific provider is, contact legal@talkherenow.com.
| Category of provider | What we send them | Why |
|---|---|---|
| AI-inference providers (multiple) | The current message + recent context + the AI Friend's system prompt | To generate the AI Friend's reply |
| Voice-synthesis providers | The AI Friend's reply text + a voice identifier | To produce the AI Friend's audio |
| Scene-analysis provider | One or more camera frames (up to four), when you tap the eye button or enter Roast or Object Story mode | To describe the scene to the AI Friend |
| Image-generation provider | A short text prompt the AI Friend composed from your conversation (Show & Tell mode only) | To produce a single illustrative image for Show & Tell |
| Content delivery network | Hashed asset paths (no message content) | To deliver 3D AI Friends and audio efficiently |
| Payment processor | Your card details on the checkout page | To process subscription payments. We never see or store your card number. |
| Transactional email provider | The email you provided + a one-time code or support reply | To send sign-in or support emails |
Honest disclosure: conversation messages pass through our AI-inference providers in plaintext over TLS. We do not opt in to any third-party data-training arrangement on conversation content. Where any provider offers a Zero Data Retention option to enterprise customers, we use it.
AI acknowledgement
The AI Friends in the Service are artificial intelligences, not human beings. They are not licensed therapists, doctors, lawyers, or financial advisors. They will state this when sincerely asked.
Every three hours of accumulated session time, an active AI Friend will note in voice that they are an AI and confirm the elapsed time. A persistent visual indicator labeled "AI" appears in the experience.
Children and minors
The Service is for adults eighteen years of age and older. We use date-of-birth self-attestation at first visit. A server-side classifier monitors conversation for self-disclosure of being under eighteen; any such disclosure ends the session immediately and applies an account-level block.
We do not knowingly collect data from anyone under eighteen. If we learn we have, we delete it on identification.
Cookies and local browser storage
We set a single session cookie used to identify your browser to our servers. The cookie is Secure, HttpOnly, and SameSite=Lax.
We do not set advertising or third-party tracking cookies. Local browser storage is used to cache UI preferences and a count of accumulated session time for the AI-disclosure reminder; nothing in local storage identifies you.
Your rights
You may at any time:
- Access the data we hold about you. Email legal@talkherenow.com.
- Correct information you have provided.
- Delete all data associated with your account. Request via legal@talkherenow.com or from the Account menu inside the Service. We honor deletion requests within thirty (30) days, including from server backups within the next backup-rotation cycle.
- Export your memory and account data in a machine-readable format on request.
- Opt out of any non-essential processing.
California residents (CCPA), residents of the European Economic Area, the United Kingdom (GDPR), and other jurisdictions with comparable data-protection laws may have additional rights. We honor those rights for all users regardless of location.
Data retention
| Data type | How long we keep it |
|---|---|
| Conversation memory | Free tier: a rolling 14-day window (older facts auto-archived). Paid: kept while your account is active. Purged on deletion request. |
| Conversation transcripts | Not stored on our servers, recent turns stay on your device; we keep only distilled memory facts |
| Account data | While your account is active; purged on deletion request |
| Payment metadata | Per our payment processor's records-retention requirements (typically 7 years for tax/chargebacks) |
| Server logs | 90 days, then pruned |
| Show & Tell audit log (prompts only, no images) | 30 days, then pruned |
Security
Memory and email are encrypted at rest with AES-256-GCM using industry-standard cryptography. All client-server traffic uses TLS 1.2 or higher.
Encryption keys are isolated from the systems that store your data, so anyone with access to one cannot decrypt the other. Backups are encrypted with a separate key from the live system. We follow the principle of least privilege across our infrastructure.
We do not have multi-factor authentication on user accounts in this version, because we use passkeys, Google sign-in, and one-time email codes, all of which are at least as secure as a password plus a second factor.
International data transfer
Our primary servers and data processing are located in the United States, though we may use infrastructure in other regions to operate the Service reliably. By using the Service from outside the United States, you consent to the transfer and processing of your data in the United States and, where applicable, other countries.
Changes to this policy
We may revise this Privacy Policy. Material changes will be posted on this page with a new effective date. If you have an account on file, we will notify you by email at least fourteen days before material changes take effect.
Contact
For privacy questions, data-access requests, or anything else covered by this policy, please reach out at the appropriate address below.
Three ways to reach us
Choose the address that fits the question. We respond as quickly as we can.
Talk Here Now LLC • 1712 Pioneer Avenue, Ste 135, Cheyenne, WY 82001