Last updated: March 17, 2026
parles is the data controller for personal data processed through this Service. For any questions regarding your data, contact us at: privacy@parles.app.
We collect and process the following categories of personal data: • Account data: email address, display name, authentication provider (Google/Apple), profile preferences. • Memory data: text and voice messages you send to the bot, including transcriptions, categories, tags, and semantic embeddings. • Subscription data: Stripe customer ID, subscription status, plan type, payment history. • Usage data: message counts, bot connection status, Telegram chat ID. • Technical data: IP address, browser type, and device information collected through server logs.
We process your personal data on the following legal bases under the GDPR: • Contract performance (Art. 6(1)(b)): to provide the Service, manage your account, process subscriptions, and store/retrieve your memories. • Legitimate interest (Art. 6(1)(f)): to improve the Service, prevent abuse, and ensure security. • Consent (Art. 6(1)(a)): for optional analytics and marketing communications, which you may withdraw at any time. • Legal obligation (Art. 6(1)(c)): to comply with tax, billing, and legal requirements.
Your data is used to: • Provide the core Service: save memories, perform semantic search, and deliver bot responses. • Process voice messages: transcribe audio via OpenAI Whisper, then store the transcription. • Classify intent: analyze messages via Claude API to determine if you want to save, recall, or converse. • Generate embeddings: create semantic vectors via OpenAI to enable meaning-based search. • Manage subscriptions: process payments and enforce plan limits via Stripe. • Communicate: send transactional emails related to your account or subscription.
We share data with the following processors, all of which are contractually bound to protect your data: • Supabase (database & authentication): stores your account, memories, and authentication data. Hosted in the EU. • Stripe (payments): processes subscription payments. Stripe is certified under the EU-US Data Privacy Framework. • OpenAI (embeddings & transcription): receives message text for embedding generation and voice audio for transcription. We do not send your account details to OpenAI. • Anthropic (intent classification): receives message text for intent analysis. No account data is shared. • Telegram (messaging platform): delivers and receives bot messages. Subject to Telegram's own privacy policy.
Some of our processors (OpenAI, Anthropic, Stripe) are based in the United States. These transfers are protected by: • EU-US Data Privacy Framework certifications where applicable. • Standard Contractual Clauses (SCCs) approved by the European Commission. We ensure that all transfers provide an adequate level of data protection as required by the GDPR.
We retain your data as follows: • Account data: retained while your account is active, deleted within 30 days of account deletion. • Memory data: retained while your account is active, deleted within 30 days of account deletion. • Subscription data: retained for 7 years after the last transaction for tax and legal compliance. • Usage logs: retained for 90 days for debugging and abuse prevention. • Voice audio: not stored. Audio is sent to OpenAI for transcription and immediately discarded.
As a data subject, you have the following rights: • Right of access (Art. 15): request a copy of your personal data. • Right to rectification (Art. 16): correct inaccurate data via your dashboard or by contacting us. • Right to erasure (Art. 17): request deletion of your data by deleting your account or contacting us. • Right to restriction (Art. 18): request that we limit processing of your data. • Right to data portability (Art. 20): receive your data in a structured, machine-readable format (CSV export available on Premium). • Right to object (Art. 21): object to processing based on legitimate interest. • Right to withdraw consent (Art. 7): withdraw consent for optional processing at any time. To exercise these rights, contact us at privacy@parles.app. We will respond within 30 days.
We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising pixels, or third-party analytics that track you across websites.
We implement appropriate technical and organizational measures to protect your data, including: • Encryption in transit (TLS/HTTPS) and at rest. • Row-level security (RLS) ensuring users can only access their own data. • API key authentication for bot access. • Regular security reviews of our infrastructure.
The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with your local data protection authority. In France, the supervisory authority is the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr.