Your privacy comes first

FadeTalk started from "what can we avoid collecting?" — not "what can we collect?". Here's how that principle actually works in the product.

Fading by design

Expired chats fade from your list and are queued for cleanup on our servers. Honestly stated: snapshots of reported messages, legal holds, and screenshots on the other person's device are the exceptions.

We don't ask for your contacts

Sign up with an email — no phone number, and no contact syncing at all. The only ways to find you are the 5-character code and invite links you hand out yourself.

Your email stays private

Your email is for signing in, nothing else. Others only ever see your nickname and 5-character code.

Safety tools, close at hand

Block and report live two taps away in every chat. Reported content is preserved for review — fading should never be a hiding place for abuse.

We collect less

Product analytics are event-based and content-free — we measure that a message was sent, not what it said. No profiling for ads.

AI only suggests

Reply drafts are suggestions, nothing more. You review and you send — and AI consent is a choice you make explicitly at sign-up.

The full privacy policy

The legally binding document lives below.

Privacy Policy

Foo AI Corp. (“the Company,” “we,” “us”) operates FadeTalk (the “Service”) and treats users’ personal data with care in compliance with applicable data-protection laws. · Effective: 2026-06-15 · Contact: support@fadetalk.app

1. Personal Data We Collect and How

  • Account — your email address (used to sign in; kept private and never shown publicly), a hashed password or a Google sign-in identifier, and a 5-character public ID.
  • Chat content — the body of the messages you send (in timed rooms, messages are deleted when they expire).
  • Tone profile — non-identifying style settings used to personalize AI reply suggestions.
  • Push token — a device token used to deliver notifications (one per device, up to 10).
  • Report evidence — a portion of the relevant messages captured at the moment a report is made, for safety and dispute handling.
  • Usage analytics — anonymous product-usage events (no message content, email addresses, or other users’ public IDs).
  • Age confirmation — a self-declared confirmation at sign-up that you are 14 or older.
  • What we do not collect — no location data, no tracking or behavioral advertising, no ads, no phone numbers, and no social-graph or contacts mining.

2. Purposes of Processing

  • Providing the Service (authentication, sending/receiving messages, notifications), generating AI reply suggestions where you opt in, receiving and acting on abuse reports and keeping the Service safe, and producing anonymous statistics to improve the Service.

3. Legal Basis for Processing

Where the EU/UK GDPR applies, we rely on:

  • Performance of a contract — account creation/authentication and sending, displaying, and receiving your messages (Art. 6(1)(b)).
  • Consent — AI reply suggestions and the related international transfer of message content, and push notifications; you may withdraw at any time, affecting only that feature (Art. 6(1)(a)).
  • Legitimate interests — handling abuse reports, safety, misuse prevention, and anonymous statistics (Art. 6(1)(f)).
  • Legal obligation — retaining safety/dispute evidence and notifying breaches where required (Art. 6(1)(c)).

4. AI Reply Suggestions (Opt-In)

AI reply suggestions are strictly opt-in. If you do not turn them on, your messages are not sent to any AI provider for this purpose. When you opt in, an AI provider drafts suggested replies — the AI only proposes draft text; you always decide whether to send, and nothing is ever sent automatically on your behalf. Message content processed for this purpose is not used to train the provider’s models and is not retained by the provider (zero-retention).

5. Retention and Deletion

  • Timed-room messages — deleted automatically at the expiry you set (purged in batches roughly every 5 minutes); point-in-time backups purged within 7 days.
  • Permanent-room messages — retained until you delete them or delete your account.
  • Report evidence snapshots — retained for 1 year from receipt, then anonymized or destroyed (preserved until conclusion where an investigation or legal proceeding is underway).
  • Usage analytics — destroyed after about 90 days.
  • On account deletion — your account, messages, tone profile, and push tokens are destroyed without undue delay; separately-held report evidence may be retained for the 1-year period above with identifiers removed.

6. Processors (Subprocessors)

ProcessorFunction
Fly.ioAPI & real-time gateway hosting
VercelWeb hosting · anonymous visit statistics
NeonDatabase operation
CloudflareInbound email routing
Expo · Apple (APNs) · Google (FCM)Push notification delivery
OpenAI or AnthropicAI reply suggestions (only where you opt in)

Our contracts prohibit use beyond the assigned task, restrict onward sub-processing, and require appropriate security and oversight.

7. International Transfers

Some processing takes place outside the Republic of Korea. Your message content is transferred abroad only where you have opted in to AI reply suggestions.

RecipientCountryDataPurpose · timing
OpenAI / AnthropicUnited StatesChat message contentReply suggestions, real-time via API (opt-in). Not used for training (zero-retention).
Neon · Fly.ioSingaporeService dataDatabase/server operation · ongoing
Expo / Apple / GoogleUnited StatesPush tokenNotification delivery · when sent

To avoid these transfers, decline AI reply suggestions or turn off notifications; only the affected feature is limited. Refusal or questions: support@fadetalk.app.

8. Your Rights

  • You may request access, correction, deletion, or a halt to processing of your personal data via support@fadetalk.app or in-app Profile → Delete Account.
  • Where the EU/UK GDPR applies, these include the rights of access, rectification, erasure, and restriction of processing.

9. Children’s Privacy (14+)

The Service is intended only for users aged 14 or older; we do not knowingly accept registrations from anyone under 14. If we determine an account belongs to a person under 14, we delete it.

10. Data Protection Officer

Title: FadeTalk Data Protection Officer · Contact: support@fadetalk.app

11. Raising a Concern

Users in Korea may contact the authorities below; users elsewhere may contact us directly and may have the right to complain to their local data-protection authority.

  • Personal Information Dispute Mediation Committee — 1833-6972, kopico.go.kr
  • Privacy Infringement Report Center / KISA — 118, privacy.kisa.or.kr
  • Supreme Prosecutors’ Office Cybercrime — 1301 · National Police Cyber Bureau — 182

12. Security and Breach Response

We store passwords as hashes, apply least-privilege access, and encrypt data in transit. In the event of a breach, we notify affected data subjects without undue delay and report to the relevant authorities as required by law.

13. Changes

If we change this Policy, we will announce it on this page.

This English text is provided for a global audience; the Korean version is the authoritative text and prevails in case of any conflict.

Terms of Service