SuTalk Privacy Model

Trust by Architecture, Not Policy

Privacy policies can change. Architecture does not. SuTalk's core is designed so that your most critical reminders never leave your device unless you explicitly choose to use AI-enhanced features. This is not a setting. It is the default.

Two Distinct Data Categories

SuTalk separates data into two explicit categories with different storage and processing rules:

Category A: Commander Data — Never Leaves Your Device

Commander data is the structured intent created at reminder setup. It is stored on-device only and never transmitted to SuTalk servers:

• All scheduled alerts, timestamps, and recurrence rules
• The Commander's context and intent attached to each reminder
• Dimension classifications (Daily / Weekly / Monthly / Yearly / Long-term)
• Trusted contact list and escalation rules (Pro)
• Voice style and language preferences

This is the distinction that matters for the offline-first architecture: the Commander's stored intent fires with every alert regardless of network state, because it never needed the network in the first place.

Category B: Companion Processing Data — Requires Connectivity, Zero Retention

Companion data is used only during active AI voice processing sessions:

• AI Companion voice responses — processed via encrypted API call, session-only, deleted immediately after
• Speech-to-text (voice command input) — encrypted in transit, not retained post-processing
• Cross-device sync — optional, manual by default in Standard Free; automatic in Pro with encryption in transit
• Smart Escalation notifications — sent only to contacts pre-approved by the user, only for events flagged as critical by the user

Voice Data: The Specific Commitments

Voice data is the highest-sensitivity data class in SuTalk. Our commitments:

• End-to-end encrypted during all transmission
• Processed in-session only — no persistent storage on SuTalk servers
• Not shared with third parties
• Not used for model training without explicit, separate user consent
• The core alert system functions without voice processing entirely — AI voice is an opt-in enhancement, not a dependency

Compliance

SuTalk's architecture is designed to comply with GDPR (EU), CCPA (California), and PDPA (Thailand and Southeast Asia). Offline-first design reduces the scope of data processing by default — the most effective compliance posture is to minimize collection in the first place.

How This Compares

Most AI assistants process voice in the cloud and may retain recordings for service improvement. SuTalk's core does not require voice processing at all — it is an opt-in enhancement, not a dependency. See the full comparison with other AI assistants →