Privacy Policy
Our privacy policy and how we use your data
Last updated: 5 March 2026
1. Who We Are
Gossipy ("we", "our", "us") is a real-time voice AI companion service. This privacy policy explains how we collect, use, and protect your personal data when you use our service.
For questions about this policy, contact us at privacy@gossipy.ai.
2. What Data We Collect
Account Data
When you sign up, we collect your email address and basic account information through our authentication provider (Supabase). If you subscribe to a paid plan, payment details are processed by Stripe — we do not store your card details.
Voice Data
When you have a conversation with Gossipy, your voice is streamed in real time to our speech-to-text provider for transcription. We do not store audio recordings. Voice data is processed in real time and discarded after transcription. We recognise that voice data may constitute biometric data and treat it accordingly under GDPR.
Conversation Memories
After each conversation, we extract key facts and observations (e.g. your name, preferences, topics you discussed) and store them as text-based memories. These memories allow Gossipy to remember you across sessions. Memories are stored as text — not as audio.
Usage Data
We collect basic usage data such as session timestamps and duration to operate and improve the service. We do not use tracking or analytics cookies.
3. How We Use Your Data
- Providing the service: processing your voice in real time, generating AI responses, and storing memories for personalised conversations.
- Account management: authentication, billing, and customer support.
- Service improvement: understanding usage patterns to improve reliability and quality.
4. Legal Basis (GDPR)
We process your personal data based on your explicit consent (GDPR Article 6(1)(a)). You give this consent when you create an account and initiate a voice conversation. You can withdraw consent at any time by deleting your account.
Because voice data may qualify as special category data (biometric data) under GDPR Article 9, we rely on your explicit consent under Article 9(2)(a) for processing it.
5. Third-Party Processors
We use the following third-party services to operate Gossipy. Each processes data only as necessary for their specific function:
| Provider | Purpose | Data Processed |
|---|---|---|
| Deepgram | Speech-to-text (voice transcription) | Voice audio stream (real-time, not stored) |
| Google (Gemini) | AI language model (generating responses) | Conversation text |
| ElevenLabs | Text-to-speech (voice generation) | AI response text |
| OpenAI | Text embeddings and memory compression | Conversation text, memory summaries |
| Qdrant Cloud | Vector database (memory storage and retrieval) | Conversation memories (text embeddings) |
| Supabase | Authentication and database | Email, account data |
| LiveKit | Real-time voice communication | Voice audio stream (real-time, not stored) |
| Vercel | Web hosting | Standard web request data |
| Stripe | Payment processing | Payment and billing data |
6. Data Transfers
Some of our processors are based in the United States. Where data is transferred outside the EU/EEA, it is protected by the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent safeguards as required by GDPR.
7. Data Retention
- Voice audio: processed in real time and immediately discarded. Never stored.
- Conversation memories: stored until you delete your account.
- Account data: stored for the duration of your account. Deleted upon account deletion.
8. Your Rights
Under GDPR, you have the right to:
- Access: request a copy of your personal data, including all stored memories.
- Erasure: delete your account and all associated data, including memories.
- Portability: receive your data in a structured, machine-readable format.
- Rectification: correct inaccurate personal data.
- Withdraw consent: stop processing at any time by deleting your account.
- Lodge a complaint: contact your local data protection authority.
To exercise any of these rights, contact us at privacy@gossipy.ai.
9. Children
Gossipy is not intended for anyone under 16 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or through the service. Continued use after changes constitutes acceptance of the updated policy.