TalkToDeal is a product of GMIC.AI Inc., a Delaware corporation with its principal place of business in California, United States. Throughout this policy, "we," "us," "our," and "TalkToDeal" refer to GMIC.AI Inc. "You" refers to the individual whose information is described — a registered sales representative, a customer the rep visits, or a website visitor.
This policy covers:
biz.talktodeal.com, b.talktodeal.com).Role under data protection law. When you use TalkToDeal as a registered representative or organization, GMIC.AI Inc. acts as a data controller for your account information and a data processor / service provider for the audio recordings and transcripts you create. Your organization (your employer) is the controller of the customer-facing audio and transcript content. When you visit talktodeal.com as a website visitor, we act as the controller of any analytics or cookie data we collect.
If the recording captures a customer's voice and/or personal information, that data is processed on behalf of the rep's employer (the customer's counterparty in the conversation). The rep is responsible for obtaining any consent required by applicable law for the recording itself; we provide in-product consent tools (e.g., a customer-facing consent modal at point of sale) to help meet two-party-consent requirements in states such as California, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.
Customers also opt in directly when a rep sends them a "customer recap" short-link via SMS. The customer's phone number and the recap content are processed only to deliver and store that recap until either the rep revokes it or the customer self-deletes the recap.
We use information for these purposes only:
We do not sell personal information. We do not share personal information with advertisers, data brokers, or for cross-context behavioral advertising.
By providing your phone number and opting in (either at account signup or at point of sale on a rep's device), you consent to receive transactional SMS messages from TalkToDeal at that number. We use SMS for:
Frequency varies by activity (typically 0–4 per day per opted-in rep). Message and data rates may apply from your wireless carrier.
To opt out, reply STOP to any SMS we send. To request
help, reply HELP. To resubscribe later, reply START.
Opting out of SMS does not opt you out of the underlying service.
We do not share opt-in or phone-number data with third parties for their marketing purposes. SMS opt-in data is held only by TalkToDeal and our SMS carrier sub-processor (currently Twilio Inc.) solely to deliver the messages and meet legal record-keeping obligations.
We share personal information only in these circumstances:
The following providers may process personal information on our behalf, under written data-processing agreements and only for the purposes listed:
| Sub-processor | Purpose | Location |
|---|---|---|
| Twilio Inc. | SMS delivery, A2P 10DLC compliance | United States |
| Cloudflare, Inc. | DNS, CDN, edge security, web hosting | United States / global edge |
| Google Workspace (Google LLC) | Transactional email, calendar, OAuth identity | United States |
| OpenAI, L.L.C. | LLM fallback for transcript analysis (rate-limited fallback only) | United States |
| Volcengine (字节跳动) | Speech-to-text for Chinese-language recordings | United States (account: BIZMIC / g-pipeline) |
| Groq, Inc. | Speech-to-text fallback for long-form audio | United States |
| Self-hosted GPU servers (GMIC.AI Inc.) | Primary speech-to-text, language ID, LLM inference | California, United States |
| Stripe, Inc. | Payment processing (we do not store card numbers) | United States |
We maintain a current sub-processor list and will provide updates with at least 30 days' notice to organization customers under written DPAs before adding a new sub-processor.
| Data category | Retention |
|---|---|
| Account information | For the life of the account + 12 months after closure for audit/security |
| Audio recordings (raw) | 24 hours after processing, then deleted |
| Transcripts and AI-generated reports | Until the user deletes them, or up to 24 months, whichever is sooner (organization-level retention overrides apply) |
| Customer-facing recap pages | Until the customer self-deletes, or 90 days, whichever is sooner |
| SMS opt-in / opt-out records | 4 years (TCR / CTIA compliance) |
| Logs and metrics | 30–90 days |
| Billing and invoices | 7 years (US tax law) |
We use industry-standard safeguards including TLS 1.2+ in transit, AES-256 at rest where supported by the storage layer, role-based access controls, hardware key MFA for administrative access, encrypted off-site backups, network segmentation, and continuous logging. We employ a least-privilege model: only personnel with a documented need can access customer audio or transcripts, and access is audited.
No security control is perfect. If we become aware of a security incident affecting your information, we will notify you and, where required by law, the relevant authorities within applicable deadlines (e.g., GDPR Article 33: 72 hours; California Civil Code § 1798.82: without unreasonable delay).
If you are a California resident, you have the right to:
Categories of personal information we have collected in the past 12 months: identifiers (name, email, phone); commercial information (subscription history); audio and electronic information (recordings, transcripts); internet activity (site analytics); geolocation (approximate, from IP). We collect these for the service purposes described in §4. Sources: directly from you, automatically through use of the service, and your employer (for team plans).
If you are a Texas resident, you have the rights to access, correct, delete, port, and opt out of targeted advertising / sale / profiling. We do not engage in targeted advertising or profiling that has legal or similarly significant effects.
If you are in the EEA, UK, or Switzerland, you have the rights to access, rectification, erasure, restriction of processing, data portability, objection, and to withdraw consent. You have the right to lodge a complaint with your supervisory authority (e.g., the Irish DPC for our EU-resident users, the UK ICO for UK-resident users). Our lawful bases for processing are: (a) performance of a contract with you, (b) our legitimate interests in operating, securing, and improving the service, balanced against your rights, and (c) your consent where we rely on it (e.g., SMS marketing-style messages — which we do not send).
Email privacy@talktodeal.com from the email address on file with your account, or write to the address in §16. We will verify your identity and respond within the timelines required by law (typically 45 days under CCPA, 1 month under GDPR). You may appoint an authorized agent; we will require written proof of the authorization.
GMIC.AI Inc. does not sell personal information, and does not "share" personal information for cross-context behavioral advertising, as those terms are defined under the CCPA / CPRA. We honor the Global Privacy Control (GPC) browser signal as an opt-out preference signal.
Our service is intended for use by individuals 18 years of age or older, and is not directed to children under 13 (under 16 in the EEA / UK). We do not knowingly collect personal information from children under those ages. If you believe we have collected information from a child, please contact us and we will delete it promptly.
On talktodeal.com we set strictly necessary cookies (session, CSRF protection, language preference) and minimal first-party analytics (page views, error counters). We do not use third-party advertising cookies, pixels, or audience-building tools. We honor Do Not Track and GPC signals.
GMIC.AI Inc. operates from California. If you access the service from outside the United States, your information will be transferred to, stored, and processed in the United States. For transfers from the EEA, UK, and Switzerland, we rely on the EU Standard Contractual Clauses (2021) and equivalent UK / Swiss data-transfer mechanisms, with supplemental measures as required by Schrems II.
We will post any material changes here with an updated "Last updated" date. For changes that materially reduce your rights, we will provide advance notice by email (for registered users) and through a banner on talktodeal.com.
GMIC.AI Inc.
Attn: Privacy Officer
Anaheim, California, United States
Email: privacy@talktodeal.com
General: hello@talktodeal.com