Policy doesn't have to be confusing or difficult, so we've made it simple to read our Privacy Policy, easy to grasp, or if you get stuck, copy it and put it into Tell Sid.

Last Updated: 15 May 2025

1. Who we are

INSINTO LTD (company 14500807) operates the free, browser-based voice assistant Tell Sid.Registered address: BPE Solicitors LLP, St James House, St James Square, Cheltenham GL50 3PR, United Kingdom.Contact: hello@insinto.ai

2. The data we handle & why

Voice stream data: We process live microphone audio frames to convert your speech to text. This is essential to provide the service under our contract with you. Your voice audio is not stored – it's forwarded to Google in real time for speech-to-text conversion and then discarded.

Transcripts and prompts: We handle interim and final text from your speech, plus any text you type directly. This is used to generate the conversation responses you see. This data is processed under our contract to provide the service and is held only in your browser tab – it's deleted when you close the tab.

Session metadata: We collect anonymous session identifiers (UUID-v4), timestamps, and error codes to keep your voice stream linked to your browser tab and for debugging and anti-abuse purposes. We process this under our legitimate interests in security and reliability, and retain it for 30 days.

Access logs: We log your IP address and browser User-Agent to detect misuse and rate-limit traffic. This is processed under our legitimate interests in service security and is retained for 7 days only.

Optional newsletter email: If you submit your email address under "Updates", we use it solely to send Tell Sid product news. This is based on your consent and we retain your email until you unsubscribe or after 24 months of inactivity.

We do not rely on "legitimate interests" for anything that materially affects your privacy.

3. Special-category data

We do not ask for biometric, health, or other special-category data. If you mention such information it is processed incidentally and erased as set out above.

4. International transfers

Your voice audio is sent to our processor Google LLC (USA) for real-time speech-to-text conversion, while your text messages are sent to OpenAI, LLC (USA) for chat generation.

Google LLC transfers are governed by Google Cloud Data Processing Addendum with Standard Contractual Clauses and EU-US Data Privacy Framework compliance.

OpenAI, LLC transfers are governed by UK Addendum to the 2021 EU Standard Contractual Clauses, incorporated in our signed Data-Processing Agreement with OpenAI (copy available on request).

5. Who else sees your data

Google LLC provides our speech-to-text API service from the United States, protected by Standard Contractual Clauses and Data Privacy Framework compliance.

OpenAI, LLC provides our chat API service from the United States, protected by Standard Contractual Clauses and UK Addendum.

Vercel, Inc. provides hosting and CDN services from EU, UK, and US locations, protected by Standard Contractual Clauses and UK Addendum.

Cloudflare UK Ltd provides edge network and DDoS protection from EU and UK locations, protected by UK adequacy decisions.

Functional Software Inc. (Sentry) provides error logging from EU and US locations, protected by Standard Contractual Clauses and UK Addendum.

ActiveCampaign, LLC (Postmark) provides transactional email services from the United States, protected by Standard Contractual Clauses and UK Addendum.

We never sell your data and we do not use it to train or improve any machine-learning models.

6. Your rights

You have the right to:

•Access a copy of your personal data.

•Correct or erase data we hold about you.

•Restrict or object to certain processing.

•Port data to another provider.

•Complain to the UK Information Commissioner (ico.org.uk).

To exercise any right, e-mail hello@insinto.ai – we'll respond within one month.

7. Data security & retention

All traffic is encrypted in transit using TLS 1.2 or higher. Google and OpenAI encrypt data at rest using AES-256 encryption. Vercel also encrypts data at rest using AES-256.

We retain data only for the minimal periods specified above:

•Voice streams: Not stored (real-time processing only)

•Transcripts and prompts: Browser session only

•Session metadata: 30 days

•Access logs: 7 days

•Newsletter emails: Until unsubscribe or 24 months of inactivity

After these periods, data is securely deleted or anonymised.

8. Changes to this notice

We'll post any material change here and, for major updates, alert you in-app or by e-mail at least 30 days in advance.

Questions?E-mail hello@insinto.ai – we're always happy to help.