BatonoTalk Privacy Policy

Last updated: 2026-05-10

BatonoTalk is an AI assistant that helps you reply to messages faster. A browser extension reads the chat conversation visible on your screen — only when you press the hotkey — and our server suggests a reply for you to send. You can also add your own knowledge (for example, business details or notes) so the suggestions fit your situation.

This policy explains what data we process, why, who we share it with, how long we keep it, and what rights you have. It is written to comply with the EU General Data Protection Regulation (GDPR) and other applicable data-protection laws. We use plain language on purpose, so the policy can be checked against how the product actually works.

1. Who is responsible and how to contact us

The service is operated by Individual Entrepreneur Mikhail Volodin, identification number 305547209, registered in Georgia ("we", "us", "BatonoTalk"). We are the data controller for your account.

For any privacy question, or to exercise your rights (including access or deletion), contact us at support@batonotalk.com.

2. The data we process

We process the following, and nothing more:

• Account data — your email address (including when you sign in with Google), and the authentication, security, and basic usage records needed to run and protect your account.
• Knowledge and settings you provide — the profile details and the context notes you choose to add in the dashboard (for example, business information, reply-style preferences, and free-text "context blocks" you write yourself). You decide what to put here. If you choose to include personal data in this content, you are responsible for it; we store it and use it only to generate suggestions for you. To make it usable for retrieval, this content is indexed and converted into numerical representations (embeddings) by our AI sub-processor (see section 5), and relevant parts may be included in the prompt sent to generate a reply.
• Chat message text — when, and only when, you press the hotkey, the extension reads the message text of the conversation visible on the supported page you chose. It reads only the message text. It does not read the other person's name, phone number, email address, reservation number, or any other structured personal-identification field. The extension never reads any chat automatically — only on your explicit trigger.
• Feedback — if you rate a suggested reply, we store that rating to improve quality.

3. Our role for each kind of data

• For account data, we are the controller — we decide how your email and account data are processed in order to provide the service.
• For the content you provide or let the extension read — the knowledge and settings you enter, and the chat message text you trigger us to read — you decide what to include and you are responsible for it. You, the user (of any account type), are the responsible party for that content; we act as your processor and use it only on your instruction, to generate the suggestions you asked for.

4. How we use your data

• To generate AI reply suggestions, using your knowledge/settings and the chat text you trigger.
• To create, secure, and support your account.
• To improve the quality of suggestions (including from your feedback).

We do not sell your data, and we do not use it for advertising or for any purpose unrelated to the service.

5. Who else processes your data (sub-processor)

To generate suggestions, the chat message text and the relevant parts of the knowledge you provide are sent to our AI sub-processor, OpenAI (located in the United States). OpenAI processes this data on our behalf to create embeddings and to produce the suggested reply, under its own data-processing terms.

6. How long we keep your data

• Account data and the knowledge/settings you provide — kept while your account is active. You can edit or delete your context notes at any time in the dashboard, and we delete your account data when you ask us to delete your account.
• AI processing logs — records of the AI calls (which contain the chat message text and context sent for generation) are deleted automatically after up to 90 days.

7. International data transfers

Because OpenAI processes data on infrastructure in the United States, the data described in section 5 is transferred outside the European Economic Area. This transfer relies on OpenAI's Standard Contractual Clauses / Data Processing Addendum as the safeguard required by the GDPR. You can review OpenAI's data-processing terms at openai.com/policies/data-processing-addendum.

8. Your rights

Under the GDPR and other applicable laws, you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected (rectification);
• have your data deleted (erasure);
• restrict or object to certain processing;
• receive your data in a portable format.

To exercise any of these rights, email support@batonotalk.com. You also have the right to lodge a complaint with a data-protection authority.

9. Legal bases for processing

• Account data — performance of our contract with you (GDPR Art. 6(1)(b)); your account is necessary to provide the service.
• Knowledge/settings and chat message text — processed on your instruction, where you are the responsible party and we act as your processor (an Art. 28 relationship).
• AI processing logs and feedback — our legitimate interest in operating, securing, and improving the service (GDPR Art. 6(1)(f)), balanced by the limited retention period in section 6.

10. How we protect your data

All data is transmitted over encrypted HTTPS connections. We restrict access to personal data, and we do not sell it or use it for advertising.

11. Limited Use disclosure

BatonoTalk's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

• We use the data we receive only to provide and improve BatonoTalk's single purpose (generating reply suggestions).
• We do not transfer this data to advertising platforms, data brokers, or information resellers.
• We do not use this data to determine credit-worthiness or for lending purposes.
• We do not allow humans to read this data, except with your explicit consent, where necessary for security, to comply with applicable law, or where the data has been aggregated and anonymized.

12. Changes to this policy

We may update this policy from time to time. Material changes are reflected by the "Last updated" date at the top of this page.