TingMe — Privacy Policy

Effective: September 11, 2025

Data controller: TingMe (registered company name: TingMe; registered address: TBD).

1. Quick summary

TingMe is a chat web app and Android app. We collect a small set of personal data to provide and improve the service. Messages are stored on our servers and—when you click the Analyze button—your open chat history (including reply timestamps) is shared with Google Gemini for analysis. You control whether analysis runs by clicking the Analyze button. You may request access, rectification, portability, or deletion of your data via [email protected].

2. What we collect

Account data: email, name, profile picture (visible to everyone).
Technical and usage data: IP address, device/browser location (via Location API), session cookies (first-party), logs and timestamps.
Messages and attachments: the full message text and attachments you send or receive inside TingMe (stored on our servers).
Data shared for analysis: when you use the Analyze feature, your currently open chat history (full messages + reply times) is sent to Google Gemini.

3. How we use your data

We use data to:

Provide and operate TingMe (authentication, message routing, notifications).
Enable features (profile display, location-based features, Analyze).
Maintain security, prevent abuse, and debug/monitor availability.
Comply with legal obligations, respond to lawful requests.

Analyze feature: you grant TingMe permission to send the selected chat history to Google Gemini by clicking the Analyze button. Gemini processes that data under its own terms and privacy policies; you should review them.

4. Sharing & third parties

No routine sharing with advertisers or analytics firms.
Google Gemini: if and only if you click Analyze, TingMe transmits the open chat history (including reply timestamps) to Google Gemini for analysis.
We may share data with service providers necessary to operate the service (hosting, email delivery) under contract. Our primary host: cloudfly.vn.
We will not sell your personal data.

5. Cross-border transfers

TingMe does not transfer your personal data outside your country except when you use Analyze (data shared with Google Gemini may be processed by Google in locations outside your country). By using Analyze you consent to such processing.

6. Retention

Messages, account data, logs, and other personal data are retained until you delete your account (indefinitely by default unless you request deletion). If you request deletion we will remove your data subject to any legal retention obligations and technical constraints. (Specific retention windows: TBD.)

7. Security

TingMe implements client-server encryption (TLS in transit and encryption at rest), administrative access controls, and routine security reviews.
We do not provide end-to-end encryption; TingMe can access messages on the server to provide features (including Analyze).
If a data breach occurs, TingMe will follow our breach response procedure (see below) and notify affected users and authorities as required by law.

8. Cookies and trackers

We use strictly first-party session cookies to keep you signed in and store session state. We do not use third-party trackers for analytics or advertising by default.

9. Children

TingMe is for users aged 13+ or the minimum age permitted in their jurisdiction. Age is collected by self-declaration. If we learn that a user is under the permitted age, we will remove their account in accordance with applicable law.

10. Your rights GDPR CCPA

Depending on your jurisdiction, you may have rights including:

Access to personal data we hold about you.
Rectification of inaccurate or incomplete data.
Portability — receive a copy of your data in a commonly used format (e.g., messages and profile).
Deletion — request deletion of your account and personal data.

To exercise these rights, contact [email protected]. We may need verification before fulfilling requests. Some rights may be limited by legal obligations.

11. Data export

You may request and receive an export of your account data and message history in a machine-readable format by emailing [email protected].

12. Breach response (standard procedure)

If we discover a security breach that affects your personal data we will:

Contain and investigate the incident promptly.
Assess the risk to user rights and freedoms.
Notify affected users and relevant supervisory authorities without undue delay where required by law, including a description of the breach, likely consequences, and remediation steps.
Take corrective measures (patches, password resets, additional controls) and update our security practices.

13. Changes to this policy

We may update this policy. Material changes will be posted with an updated Effective date. Non-material edits may be made without notice.

14. Contact

Questions, requests, or complaints: [email protected]