Privacy Policy

Last updated 12 July 2026

This is a prototype template for the Stage One design and must be reviewed by a qualified legal adviser before launch. Feature presence does not equal legal compliance.

This policy explains what personal data Taloa processes, why, the legal bases we rely on, and the rights you have under UK GDPR. Taloa is a product of Empyr Agency, operated in the United Kingdom.

Who we are

Taloa ("we", "us") is operated by Empyr Agency, the data controller for your account data. For the content and audience data you manage through the platform, you are the controller and we act as your processor.

For any privacy question, contact privacy@taloa.co.uk.

Data we process

Account and business details you provide during onboarding (name, email, business name, town, industry).

Media you upload or connect, and the metadata our analysis produces (subjects, tags, quality and Reel signals).

Social connection tokens, encrypted at rest and never exposed to your browser.

Usage, device, billing and support data.

We do not use facial recognition and do not attempt to identify individuals in your media.

Why we process it, and our lawful bases

To provide the service — analysing media, generating content, scheduling and publishing to your connected accounts (basis: performance of our contract with you).

To run billing, security, fraud prevention, support and product improvement (basis: our legitimate interests, balanced against your rights).

For optional analytics and marketing (basis: your consent, which you can withdraw at any time).

To meet legal and regulatory obligations (basis: legal obligation).

We do not use your media to train third-party AI models, and we do not carry out automated decision-making that produces legal or similarly significant effects on you.

Sharing & subprocessors

We share data only with the subprocessors needed to run the service (hosting, storage, AI, payments, email, monitoring, and the platforms you connect). Each is bound by written terms. The current list is on the Subprocessors page.

International transfers

Some subprocessors process data outside the UK/EEA. Where they do, we rely on appropriate safeguards — UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses.

Retention

We keep data for as long as your account is active and as required by law, then delete or anonymise it. You control media-retention settings, and can delete content, connections or your whole account from Settings.

Your rights

Under UK GDPR you may access, export, rectify, erase, restrict or object to the processing of your personal data, and withdraw consent where we rely on it. Exercise any right from Settings or by emailing privacy@taloa.co.uk; we respond within one month.

You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk) — though we'd appreciate the chance to help first.

Cookies

We use essential cookies to run the service and, with your consent, functional and analytics cookies. See our Cookie Policy for the detail and controls.

Children

Taloa is a business tool and is not intended for children. We do not knowingly collect data from anyone under 18.

Changes & contact

We may update this policy; material changes will be notified in-app or by email, and the date above will change. Questions: privacy@taloa.co.uk.