Legal
Privacy Policy
Last updated: March 13, 2026 — Effective date: March 13, 2026
Smalltalk is built with privacy as a core principle. We collect only what we need, we never sell your data, and we give you full control to delete everything at any time.
1. Overview
This Privacy Policy explains how Smalltalk Inc. ("Smalltalk", "we", "us", or "our") collects, uses, and shares information about you when you use the Smalltalk mobile application and website (collectively, the "Services"). By using our Services you agree to the practices described in this policy.
Smalltalk is operated by Smalltalk Inc. For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, Smalltalk Inc. acts as the data controller under the General Data Protection Regulation (GDPR) and applicable national data protection laws.
2. What We Collect
2.1 Account and Profile Information
When you create an account, we collect:
- Email address (used for authentication only)
- Display name and profile photo (optional)
- Short biography and listed interests (optional)
- Gender identity, sexual orientation, and visibility preferences (all optional, never required)
2.2 Location and Proximity Data
Smalltalk uses GPS-based location data to show you people nearby. Here is exactly how this works:
- Your precise GPS coordinates are transmitted to our servers only while you have the "Available" status enabled.
- Proximity matching is computed in real time using a bounding-box geographic query. We do not retain a history of your past locations.
- Once you switch to "Invisible" or close the app, your location is no longer transmitted or stored.
- We do not share your precise location with other users. Other users see only an approximate distance (e.g., "200 m away").
2.3 Chat and Messaging Data
Messages sent between users are stored in Firebase Firestore to deliver them in real time and enable conversation history within the app. Messages are end-to-end encrypted using industry-standard encryption. Smalltalk does not read your messages. You may delete conversations at any time from within the app.
2.4 Usage and Analytics Data
We collect basic analytics to improve the service, including:
- App crash reports and error logs (no personal data included)
- Feature usage patterns (anonymised and aggregated)
- Device type, operating system version, and app version
We do not use third-party advertising SDKs or tracking pixels.
2.5 Cookies and Web Technologies
Our website uses essential cookies only:
- Language preference: We store your selected display language (EN/DE) in localStorage. This is functional, not tracking.
- We do not use advertising cookies, analytics cookies from third parties (e.g., Google Analytics), or cross-site tracking technologies on this website.
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the Smalltalk service (proximity matching, messaging, profile display)
- Authenticate your identity and secure your account
- Enforce our Terms of Service and prevent abuse
- Improve the reliability and performance of the app
- Respond to support requests
- Comply with legal obligations
We do not sell your personal data. We do not use your data for advertising purposes. We do not share your data with data brokers.
4. Legal Basis for Processing (GDPR)
For users in the EEA, UK, and Switzerland, we process your personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing your account data, location data, and messages is necessary to provide the Smalltalk service you have agreed to use.
- Legitimate interests (Art. 6(1)(f) GDPR): We process anonymised analytics data to improve service reliability and security. Our legitimate interest in maintaining a safe, functioning service overrides your interest in not having this data processed.
- Consent (Art. 6(1)(a) GDPR): Where we ask for your consent (e.g., access to your device location), you may withdraw that consent at any time through your device settings. Withdrawal of consent will not affect the lawfulness of processing before withdrawal.
- Legal obligation (Art. 6(1)(c) GDPR): We may process and retain data where required by applicable law.
5. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Location data: Not stored historically. Current location is overwritten each time you update availability. Deleted immediately upon switching to "Invisible" or account deletion.
- Chat messages: Retained until you delete the conversation or your account. After account deletion, messages are removed within 30 days.
- Analytics data: Retained in anonymised, aggregated form for up to 24 months.
- Backup data: Encrypted backups may retain data for up to 90 days after deletion for disaster recovery purposes.
6. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
For EEA, UK, and Swiss users (GDPR and applicable national law)
- Right of access (Art. 15): You may request a copy of all personal data we hold about you.
- Right to rectification (Art. 16): You may correct inaccurate data directly in the app or by contacting us.
- Right to erasure / "right to be forgotten" (Art. 17): You may delete your account and all associated data at any time from within the app (Profile > Delete my account and data).
- Right to data portability (Art. 20): You may request an export of your personal data in a machine-readable format.
- Right to restriction of processing (Art. 18): You may request that we restrict processing of your data in certain circumstances.
- Right to object (Art. 21): You may object to processing based on legitimate interests.
- Right to lodge a complaint: You have the right to lodge a complaint with your national supervisory authority. In Germany, this is the relevant Landesbeauftragter für den Datenschutz.
Exercising your rights
The fastest way to exercise your rights is through the Smalltalk app (Profile > Legal). For requests that cannot be fulfilled in-app, contact us at hello@getsmalltalk.com. We will respond within 30 days.
7. California Users (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of your personal information.
- Right to correct: You may request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share personal information as defined by the CCPA. No opt-out is required.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To submit a CCPA request, contact us at hello@getsmalltalk.com with the subject line "CCPA Request".
Smalltalk does not sell personal information to third parties. We do not share personal information with third parties for cross-context behavioral advertising.
8. Data Security
We implement industry-standard security measures, including:
- TLS encryption for all data in transit
- Firebase security rules restricting data access to authorised users only
- End-to-end encryption for all messages
- Regular security reviews
No method of transmission over the internet or electronic storage is 100% secure. We strive to protect your data but cannot guarantee absolute security.
9. International Data Transfers
Smalltalk uses Firebase (Google LLC), which may process data on servers located in the United States and other countries. For transfers from the EEA to the US, we rely on Google's Standard Contractual Clauses (SCCs) as a transfer mechanism under GDPR Art. 46.
10. Children's Privacy
Smalltalk is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal data, we will delete it promptly.
11. Third-Party Services
We use the following third-party services:
- Firebase / Google LLC: Authentication, database, and storage. Google's privacy policy applies: policies.google.com/privacy.
- Apple App Store / Google Play Store: App distribution. Their respective privacy policies apply to the download process.
We do not integrate social media trackers, advertising networks, or analytics platforms that profile you across sites.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app or by email at least 14 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
13. Contact
For privacy-related questions, data access requests, or complaints, contact us at:
Smalltalk Inc.
Email: hello@getsmalltalk.com
Address: [Address to be completed before launch]
For EU-specific data protection matters, you may also contact us at the same address marked "Data Protection Inquiry".
Related: Terms of Service · Impressum