Privacy Policy

Last updated: February 2026

1. Introduction

PyTalk ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our video conferencing platform.

This policy complies with the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and other applicable data protection laws.

2. Data We Collect

  • Account Information: Username, email address, password (hashed)
  • Meeting Data: Meeting names, schedules, room IDs, participant lists
  • Recordings & Transcripts: Only when explicitly initiated by the meeting host
  • Usage Data: Connection logs, session duration, feature usage
  • Technical Data: IP address, browser type, device information

3. Legal Basis for Processing (GDPR Article 6)

  • Consent: Cookie preferences, marketing communications, recording consent
  • Contract: Account creation, meeting services, billing
  • Legitimate Interest: Security monitoring, service improvement
  • Legal Obligation: Audit logging, compliance record-keeping

4. Your Rights (GDPR Articles 15-22)

You have the right to:

  • Access your personal data (Article 15)
  • Rectify inaccurate data (Article 16)
  • Erase your data - "Right to be Forgotten" (Article 17)
  • Restrict processing (Article 18)
  • Data Portability - export your data (Article 20)
  • Object to processing (Article 21)
  • Withdraw consent at any time (Article 7)

5. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • Account data: Until account deletion is requested
  • Meeting recordings: Per your organization's retention policy
  • Audit logs: Minimum 1 year (SOC 2 / HIPAA requirement)
  • Session data: Automatically cleared after expiry

6. Data Security

  • All data transmitted over HTTPS/TLS 1.2+
  • WebRTC media encrypted with SRTP/DTLS
  • Passwords hashed using PBKDF2-SHA256
  • Database encrypted at rest (AWS RDS)
  • File storage encrypted at rest (AWS S3 SSE)
  • Regular security audits and access logging

7. HIPAA Compliance

For healthcare organizations using PyTalk:

  • We offer Business Associate Agreements (BAAs)
  • All access to Protected Health Information (PHI) is logged
  • Data encryption in transit and at rest
  • Minimum necessary access controls
  • Breach notification procedures in place

8. Cookies

We use the following categories of cookies:

  • Essential: Required for the platform to function (session, CSRF protection)
  • Analytics: Help us understand how the platform is used (optional)
  • Marketing: Used for relevant communications (optional)

You can manage your cookie preferences at any time using the cookie settings banner or through your privacy settings.

9. Third-Party Services

  • AWS (Amazon Web Services): Cloud hosting, storage, database
  • PayU: Payment processing (PCI DSS Level 1 compliant - we never store card data)
  • PeerJS: WebRTC signaling (no user data stored)

10. Contact Us

For privacy inquiries or to exercise your data rights: