Legal

GDPR Compliance

Last Updated: 17th March 2026

Our Commitment to GDPR

Talktaro is committed to ensuring the privacy and protection of all personal data we process. We comply with the General Data Protection Regulation (GDPR) for users and customers in the European Economic Area (EEA) and apply equivalent standards globally.

Data Controller

Talktaro acts as the data controller for personal data collected through our platform and website. For data processed on behalf of our business customers via the voice agent service, Talktaro acts as a data processor under the customer's instruction.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. This includes: (1) Performance of a contract — to deliver our services; (2) Legitimate interests — for security, fraud prevention, and product improvement; (3) Consent — for marketing communications and optional features; (4) Legal obligation — to comply with applicable laws.

Data We Process

Through our platform, we may process: account and contact information (name, email, phone), call recordings and transcripts generated by AI agents, usage and analytics data, payment and billing details, and any data you or your customers provide during voice interactions. We process only what is necessary for the specified purpose.

Data Subject Rights

Under GDPR, you have the right to: access the personal data we hold about you; correct inaccurate or incomplete data; request erasure ('right to be forgotten') where applicable; restrict or object to processing; receive your data in a portable format; withdraw consent at any time without affecting prior processing. To exercise any of these rights, contact us at [email protected].

Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by law. Call recordings and transcripts are retained for a default period agreed in your service contract and deleted upon request or contract termination.

International Data Transfers

Talktaro is headquartered in India. If we transfer personal data outside your jurisdiction, we ensure adequate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to protect your data to GDPR standards.

Data Processor Agreements (DPA)

Business and Enterprise plan customers can request a Data Processing Agreement (DPA) that formalises our obligations as a data processor under GDPR Article 28. Contact us at [email protected] to request a DPA.

Security Measures

We implement technical and organisational measures to protect personal data: all data is encrypted in transit (TLS 1.2+) and at rest; access to production systems is role-based and logged; we conduct regular security assessments; and we have an incident response plan in place for data breaches.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and affected individuals without undue delay, in accordance with GDPR Articles 33 and 34.

Cookies and Tracking

Our website uses strictly necessary cookies for functionality and, with your consent, analytics cookies to improve the site experience. You can manage cookie preferences at any time via the cookie banner or your browser settings. We do not use cookies for targeted advertising.

Contact & Supervisory Authority

For any GDPR-related queries or to lodge a complaint, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have not been upheld.

Need a Data Processing Agreement or have a GDPR query?