Privacy Policy
Last updated 12 July 2026
This is a prototype template for the Stage One design and must be reviewed by a qualified legal adviser before launch. Feature presence does not equal legal compliance.
This policy explains what personal data Taloa processes, why, the legal bases we rely on, and the rights you have under UK GDPR. Taloa is a product of Empyr Agency, operated in the United Kingdom.
Who we are
Taloa ("we", "us") is operated by Empyr Agency, the data controller for your account data. For the content and audience data you manage through the platform, you are the controller and we act as your processor.
For any privacy question, contact privacy@taloa.co.uk.
Data we process
Account and business details you provide during onboarding (name, email, business name, town, industry).
Media you upload or connect, and the metadata our analysis produces (subjects, tags, quality and Reel signals).
Social connection tokens, encrypted at rest and never exposed to your browser.
Usage, device, billing and support data.
We do not use facial recognition and do not attempt to identify individuals in your media.
Why we process it, and our lawful bases
To provide the service — analysing media, generating content, scheduling and publishing to your connected accounts (basis: performance of our contract with you).
To run billing, security, fraud prevention, support and product improvement (basis: our legitimate interests, balanced against your rights).
For optional analytics and marketing (basis: your consent, which you can withdraw at any time).
To meet legal and regulatory obligations (basis: legal obligation).
We do not use your media to train third-party AI models, and we do not carry out automated decision-making that produces legal or similarly significant effects on you.
Sharing & subprocessors
We share data only with the subprocessors needed to run the service (hosting, storage, AI, payments, email, monitoring, and the platforms you connect). Each is bound by written terms. The current list is on the Subprocessors page.
International transfers
Some subprocessors process data outside the UK/EEA. Where they do, we rely on appropriate safeguards — UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses.
Retention
We keep data for as long as your account is active and as required by law, then delete or anonymise it. You control media-retention settings, and can delete content, connections or your whole account from Settings.
Your rights
Under UK GDPR you may access, export, rectify, erase, restrict or object to the processing of your personal data, and withdraw consent where we rely on it. Exercise any right from Settings or by emailing privacy@taloa.co.uk; we respond within one month.
You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk) — though we'd appreciate the chance to help first.
Cookies
We use essential cookies to run the service and, with your consent, functional and analytics cookies. See our Cookie Policy for the detail and controls.
Children
Taloa is a business tool and is not intended for children. We do not knowingly collect data from anyone under 18.
Changes & contact
We may update this policy; material changes will be notified in-app or by email, and the date above will change. Questions: privacy@taloa.co.uk.
