Talkr Privacy Policy

Last updated: April 24, 2026 · Version 2.0

Talkr ("the App") is developed and operated by PixelPappa ("we", "us", "our"). This policy explains how we collect, use, and protect information when you use the App. It is written to meet the disclosure requirements of the EU General Data Protection Regulation (GDPR) Articles 13-14 and the US Children's Online Privacy Protection Act (COPPA).

1. Data Controller

PixelPappa

Björn Rutholm (sole proprietor)

Båstad, Sweden

Email: info@pixelpappa.com

PixelPappa is established in the EU. No separate EU representative is required under GDPR Art. 27.

2. Summary

Talkr is an AAC (Augmentative and Alternative Communication) app designed for non-verbal users, including children. The account is always created and managed by a parent, guardian, caregiver, or teacher.

We collect only the minimum data needed to provide the service.
We do not sell your data.
We do not use your data for advertising.
We do not run analytics or tracking SDKs.
Photos, voice recordings, and board content belong to you.
You can export and delete your data at any time from inside the App.

3. Data We Process

3.1 Account data

Email address (required for email/password sign-in).
Display name (if provided via Google or Apple sign-in).
Firebase Auth UID (internal identifier).

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) — providing the service you signed up for.

3.2 Board content

Categories and words you create, including labels and organization.
Images attached to words (from our bundled illustrations, your camera, or your photo library).
Voice recordings you make for words.
Custom pronunciation strings.

Legal basis: Performance of a contract (Art. 6(1)(b)).

3.3 Parental consent record

Timestamp of parental/guardian consent confirmation during onboarding.

Legal basis: Legal obligation under GDPR Art. 8 (verifiable parental consent for children's data).

3.4 Workspace & sharing

Email addresses of people you invite to your workspace.
Role (owner / member) and membership timestamps.

Legal basis: Performance of a contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)) in workspace administration.

3.5 Security data

PIN hash (SHA-256, stored on device and optionally backed up to your user document).
Failed-PIN attempt counters.

Legal basis: Legitimate interest (Art. 6(1)(f)) in protecting your account.

3.6 Purchase data

Subscription status and package identifiers (handled by RevenueCat).
Apple / Google receipt data.

Legal basis: Performance of a contract (Art. 6(1)(b)).

3.7 What we do NOT collect

Analytics / usage telemetry
Crash reports containing personal data
Location data
Advertising identifiers
Browsing history
Biometric identifiers (voice recordings are user-managed content, not processed for identification)

4. How We Use Your Data

Your data is used exclusively to:

Provide the Talkr communication tool on your device and in the cloud.
Sync your boards across your own devices.
Share boards with family, caregivers, and school staff you invite.
Process subscription payments via Apple App Store or Google Play (via RevenueCat).
Send invitation emails you initiate (via Resend).

We do not use your data to profile you, build audiences, or train any AI/ML model.

5. Data Storage, Regions, and Security

On-device storage: Board data, settings, and PIN hash are stored locally using platform-native storage (Hive). Android uses the app's private data directory; iOS uses the app's sandbox.
Cloud storage (if you sign in):
- Firestore (board structure & workspace metadata): europe-west10 (Berlin, EU).
- Cloud Storage (voice recordings & images): hosted by Google Firebase on US infrastructure at the time of writing. Transfers outside the EEA rely on the EU Standard Contractual Clauses (SCCs) incorporated into Google's Data Processing Addendum.
Encryption in transit: all network traffic uses TLS 1.2+.
Encryption at rest: provided by Google Firebase / Cloud Storage platform encryption.
Access control: enforced by Firebase Security Rules — only authenticated members of your workspace can read or write your board data.

6. Children's Privacy

Talkr is intended to be used by children (including children under 13/16) but the account and all data handling are controlled by a verifying adult.

Parental consent is required before the App can be used. A consent checkbox during onboarding records the timestamp of that consent. The verifying adult acknowledges this privacy policy on behalf of the user.
We comply with GDPR Art. 8 (child's consent) and COPPA where applicable.
We do not display advertising, enable social features, public profiles, or chat.
We do not share children's data with third parties for marketing purposes.
If you believe a child has created an account without parental consent, contact info@pixelpappa.com and we will delete the data promptly.

7. Sub-Processors (Data Transfers)

We use the following third-party processors. Each has an executed Data Processing Agreement with us. Transfers outside the EEA rely on the EU Standard Contractual Clauses.

Processor	Purpose	Location	Transfer Mechanism
Google LLC (Firebase)	Authentication, Firestore, Cloud Storage, Cloud Functions	EU (Firestore) + US (Cloud Storage, Auth)	Google Cloud SCCs
RevenueCat, Inc.	Subscription management	US	SCCs
Resend (Resend Inc.)	Delivery of invitation emails	US	SCCs
Apple Inc.	Sign in with Apple, App Store payments	US	SCCs
Google LLC	Google Sign-In, Google Play payments	US	SCCs

RevenueCat receives a pseudonymous identifier derived from your Firebase Auth UID, your app version, country, and Apple/Google receipt data.

8. Your Rights (GDPR Articles 15-22)

You have the right to:

Access your data — visible inside the App. Use Settings → Export my data for a machine-readable (JSON) copy (Art. 15 and 20).
Rectification — edit your account email via the identity provider (Google/Apple) or your board content directly in the App (Art. 16).
Erasure ("right to be forgotten") — Settings → Delete Account deletes your user profile, your workspace (if you are the owner), all subcollections, all Cloud Storage files, and your Firebase Auth user (Art. 17).
Restriction of processing — stop using the App and/or contact us (Art. 18).
Data portability — Settings → Export my data produces JSON (Art. 20).
Object to processing based on legitimate interest (Art. 21).
Withdraw consent at any time (Art. 7(3)). Withdrawal does not affect lawful processing before withdrawal.
Lodge a complaint with your EU supervisory authority. Our lead authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) — imy.se.

Requests may be sent to info@pixelpappa.com. We respond within one month (extendable by two months for complex requests, per Art. 12(3)).

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22).

10. Data Retention

Active accounts: retained for the lifetime of the account.
Deleted accounts: all personal data is deleted immediately on account deletion. Residual backups may persist for up to 30 days before Google's platform-level deletion.
Workspace invite records: deleted once the invitee accepts or the owner revokes the invite.
Parental consent timestamps: retained for the lifetime of the account as a legal compliance record.
Offline-only use: no data leaves your device; retention equals whatever you keep installed.

11. Workspace Sharing

When you invite someone to your workspace:

They can see and edit all boards in the workspace.
Their email address is visible to the workspace owner.
They can be removed at any time by the workspace owner.
They can leave the workspace at any time from their own Settings.

12. Contact

PixelPappa

Björn Rutholm

Båstad, Sweden

Email: info@pixelpappa.com

13. Changes to This Policy

Material changes will be notified in-app and take effect 14 days after notice (unless an earlier date is legally required). The "Version" and "Last updated" fields at the top of this document indicate the current revision. Prior versions are available on request.

Talkr Privacy Policy

Last updated: April 24, 2026 · Version 2.0

1. Data Controller

PixelPappa

Björn Rutholm (sole proprietor)

Båstad, Sweden

Email: info@pixelpappa.com

PixelPappa is established in the EU. No separate EU representative is required under GDPR Art. 27.

2. Summary

We collect only the minimum data needed to provide the service.
We do not sell your data.
We do not use your data for advertising.
We do not run analytics or tracking SDKs.
Photos, voice recordings, and board content belong to you.
You can export and delete your data at any time from inside the App.

3. Data We Process

3.1 Account data

Email address (required for email/password sign-in).
Display name (if provided via Google or Apple sign-in).
Firebase Auth UID (internal identifier).

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) — providing the service you signed up for.

3.2 Board content

Categories and words you create, including labels and organization.
Images attached to words (from our bundled illustrations, your camera, or your photo library).
Voice recordings you make for words.
Custom pronunciation strings.

Legal basis: Performance of a contract (Art. 6(1)(b)).

3.3 Parental consent record

Timestamp of parental/guardian consent confirmation during onboarding.

Legal basis: Legal obligation under GDPR Art. 8 (verifiable parental consent for children's data).

3.4 Workspace & sharing

Email addresses of people you invite to your workspace.
Role (owner / member) and membership timestamps.

Legal basis: Performance of a contract (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)) in workspace administration.

3.5 Security data

PIN hash (SHA-256, stored on device and optionally backed up to your user document).
Failed-PIN attempt counters.

Legal basis: Legitimate interest (Art. 6(1)(f)) in protecting your account.

3.6 Purchase data

Subscription status and package identifiers (handled by RevenueCat).
Apple / Google receipt data.

Legal basis: Performance of a contract (Art. 6(1)(b)).

3.7 What we do NOT collect

Analytics / usage telemetry
Crash reports containing personal data
Location data
Advertising identifiers
Browsing history
Biometric identifiers (voice recordings are user-managed content, not processed for identification)

4. How We Use Your Data

Your data is used exclusively to:

Provide the Talkr communication tool on your device and in the cloud.
Sync your boards across your own devices.
Share boards with family, caregivers, and school staff you invite.
Process subscription payments via Apple App Store or Google Play (via RevenueCat).
Send invitation emails you initiate (via Resend).

We do not use your data to profile you, build audiences, or train any AI/ML model.

5. Data Storage, Regions, and Security

On-device storage: Board data, settings, and PIN hash are stored locally using platform-native storage (Hive). Android uses the app's private data directory; iOS uses the app's sandbox.
Cloud storage (if you sign in):
- Firestore (board structure & workspace metadata): europe-west10 (Berlin, EU).
- Cloud Storage (voice recordings & images): hosted by Google Firebase on US infrastructure at the time of writing. Transfers outside the EEA rely on the EU Standard Contractual Clauses (SCCs) incorporated into Google's Data Processing Addendum.
Encryption in transit: all network traffic uses TLS 1.2+.
Encryption at rest: provided by Google Firebase / Cloud Storage platform encryption.
Access control: enforced by Firebase Security Rules — only authenticated members of your workspace can read or write your board data.

6. Children's Privacy

Talkr is intended to be used by children (including children under 13/16) but the account and all data handling are controlled by a verifying adult.

Parental consent is required before the App can be used. A consent checkbox during onboarding records the timestamp of that consent. The verifying adult acknowledges this privacy policy on behalf of the user.
We comply with GDPR Art. 8 (child's consent) and COPPA where applicable.
We do not display advertising, enable social features, public profiles, or chat.
We do not share children's data with third parties for marketing purposes.
If you believe a child has created an account without parental consent, contact info@pixelpappa.com and we will delete the data promptly.

7. Sub-Processors (Data Transfers)

We use the following third-party processors. Each has an executed Data Processing Agreement with us. Transfers outside the EEA rely on the EU Standard Contractual Clauses.

Processor	Purpose	Location	Transfer Mechanism
Google LLC (Firebase)	Authentication, Firestore, Cloud Storage, Cloud Functions	EU (Firestore) + US (Cloud Storage, Auth)	Google Cloud SCCs
RevenueCat, Inc.	Subscription management	US	SCCs
Resend (Resend Inc.)	Delivery of invitation emails	US	SCCs
Apple Inc.	Sign in with Apple, App Store payments	US	SCCs
Google LLC	Google Sign-In, Google Play payments	US	SCCs

RevenueCat receives a pseudonymous identifier derived from your Firebase Auth UID, your app version, country, and Apple/Google receipt data.

8. Your Rights (GDPR Articles 15-22)

You have the right to:

Access your data — visible inside the App. Use Settings → Export my data for a machine-readable (JSON) copy (Art. 15 and 20).
Rectification — edit your account email via the identity provider (Google/Apple) or your board content directly in the App (Art. 16).
Erasure ("right to be forgotten") — Settings → Delete Account deletes your user profile, your workspace (if you are the owner), all subcollections, all Cloud Storage files, and your Firebase Auth user (Art. 17).
Restriction of processing — stop using the App and/or contact us (Art. 18).
Data portability — Settings → Export my data produces JSON (Art. 20).
Object to processing based on legitimate interest (Art. 21).
Withdraw consent at any time (Art. 7(3)). Withdrawal does not affect lawful processing before withdrawal.
Lodge a complaint with your EU supervisory authority. Our lead authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) — imy.se.

Requests may be sent to info@pixelpappa.com. We respond within one month (extendable by two months for complex requests, per Art. 12(3)).

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22).

10. Data Retention

Active accounts: retained for the lifetime of the account.
Deleted accounts: all personal data is deleted immediately on account deletion. Residual backups may persist for up to 30 days before Google's platform-level deletion.
Workspace invite records: deleted once the invitee accepts or the owner revokes the invite.
Parental consent timestamps: retained for the lifetime of the account as a legal compliance record.
Offline-only use: no data leaves your device; retention equals whatever you keep installed.

11. Workspace Sharing

When you invite someone to your workspace:

They can see and edit all boards in the workspace.
Their email address is visible to the workspace owner.
They can be removed at any time by the workspace owner.
They can leave the workspace at any time from their own Settings.

12. Contact

PixelPappa

Björn Rutholm

Båstad, Sweden

Email: info@pixelpappa.com