Privacy Policy
Last updated: 14 July 2026
This policy explains what the BackTalk.sh service at https://backtalk.sh collects and how we use it.
What we collect
We keep the data collection deliberately small:
- Account: your email address and basic profile from the identity provider you sign in with.
- Workspace content: the keywords you track, your settings, and the signals (public posts and their excerpts) matched for those keywords.
- Team and presence: if you share a workspace, the members you invite, their roles and invitations, and coarse presence such as whether a member is currently online and when they were last active, so your team can see who is on the workspace.
- API keys you add: stored encrypted at rest and used only to operate the features you enabled.
- Operational data: billing status, usage counts, and basic logs needed to run and secure the Service.
How we use it
We use your data to operate the Service: to find and filter mentions, send the digests you configure, provide the API and MCP access you enable, provide support, process payments, and keep the Service secure. We do not sell your data, and we do not use your workspace content to train AI models.
Third-party content
Signals originate from public platforms (for example Hacker News, Reddit, GitHub, Stack Overflow, dev.to, YouTube and Bluesky), plus public posts on Medium, Substack and LinkedIn surfaced through a web search index. We store limited excerpts and links so your inbox is useful; that content belongs to its authors and the platforms it came from. Where a source’s terms require it, we treat its results as pointers and re-fetch display details from the publisher rather than caching them.
Service providers
We share data only with the processors needed to run the Service, each under their own terms: cloud database and authentication hosting, a payment processor for subscriptions, the identity provider you sign in with (currently Google), and the search or AI providers whose keys you supply. If you connect the Service to your own tools through our API or MCP server, those tools receive the data you request. We don’t share your data with anyone else.
Security
API keys are encrypted at rest (AES-256-GCM), each workspace’s data is isolated from other workspaces at the database level, and within a workspace access is scoped to its members and their roles. No system is perfectly secure, but we design to keep the sensitive surface (your keys and your data) small and contained.
Retention
Signals are retained according to your workspace’s retention window and pruned automatically after it. If you delete your workspace or account, we delete the associated data, except where we must retain limited records (for example billing history) to meet legal obligations.
Your rights
You can access and edit your data in the app, export it, and delete your workspace at any time. In a shared workspace, your basic profile (name, email, and avatar) and presence are visible to the other members. Depending on where you live you may have additional rights to access, correct, or erase your personal data. Email us and we’ll help.
Contact
Privacy questions or requests? Email eddie@jaoudestudios.com.
See also our Terms and Privacy Policy.