Compliance

GDPR Compliance

How TokTalk protects your data under European law.

The General Data Protection Regulation (GDPR) sets the global standard for data protection. TokTalk is built specifically for European professionals, which means our entire architecture is designed to comply with—and exceed—GDPR requirements. We are not just compliant; we use the GDPR as the blueprint for our product functionality.

1. Our Role

Under the GDPR context:

  • For Individual Users: TokTalk acts as the Data Controller for your account information and preferences.
  • For Business Users: TokTalk acts as the Data Processor when you dictate confidential information through our platform. You retain the role of Data Controller. Our Data Processing Agreement (DPA) governs this relationship.

2. Core GDPR Principles Applied

Here is how TokTalk technically enforces the core principles of the GDPR:

A. Data Minimization & Storage Limitation

We collect only what is necessary to authenticate you and process your payment. Crucially, audio dictation files are processed completely amnesically—they are held in memory only during transcription and are never written to disk. The resulting text transcriptions are stored in your account to provide a searchable history feature. You retain full control and can delete individual transcriptions or your entire account at any time.

B. Purpose Limitation

Your data is processed for one purpose: to convert your speech into text according to your preferred writing style. We vehemently reject "secondary purposes" like using your data to train AI models or selling telemetry to advertisers. Our business model is subscription-based, not data-based.

C. Integrity and Confidentiality

All communication between your device (macOS, iOS, or Web) and our servers is secured using modern TLS 1.3 encryption. Your personal dictionary, text snippets, and writing style preferences are stored in isolated database tenancies securely hosted within the European Union.

3. Processing Infrastructure

Our core data processing infrastructure is designed to operate within the European Union wherever technically possible. Where we use service providers outside the EEA, appropriate safeguards (Standard Contractual Clauses and/or the EU-US Data Privacy Framework) are in place:

  • Inference & Transcription: Processing runs on secure EU clusters managed either internally or through GDPR-compliant European partners (such as Mistral AI, located in Paris, France).
  • Databases & Authentication: Handled securely by our backend, with precise sub-processors listed in our DPA, all constrained by Standard Contractual Clauses (SCCs) if processing occurs near EU borders.
  • Payments: Handled by Mollie (Amsterdam, Netherlands).

4. Submitting a Subject Access Request (SAR)

You have the right to request a copy of all personal data we hold about you, or to request permanent erasure. Because we do not store your dictated audio, an export will contain your account metadata, transcription history, dictionary, and snippets. Audio recordings are never stored. To execute a request, please contact us below. We fulfill all SARs within the mandated 30-day window, typically under 48 hours.

For DPO contact or compliance inquiries:

Email: info@toktalk.co