Privacy Policy

Effective: March 20, 2026

Droid ("we", "us", "our") is operated by TurkeyCode. This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

• Account info: Email address and hashed password when you sign up.
• Conversations: Text and voice interactions with your droid, stored in your personal database.
• Camera/vision data: If you enable camera access, frames are processed in real-time for face recognition and scene understanding. We do not store raw images — only extracted context (e.g., "user is smiling").
• Voice data: Audio is streamed to our server for speech-to-text processing. We do not retain raw audio after transcription.
• Face data: If you enroll a face, face descriptor vectors are stored locally in your account. We do not share face data with third parties.
• Memory extractions: Facts, preferences, and relationships your droid learns from conversations are stored in your personal database.
• Usage data: Token counts, API call counts, and feature usage for billing and service operation.
• Device info: Browser user-agent, connection type (browser, mobile, physical device) for service functionality.

2. How We Use Your Data

• To provide the droid companion service — conversation, memory, skills, and voice interaction.
• To process speech-to-text and text-to-speech for voice interactions.
• To remember facts about you so your droid can be a better companion.
• To manage your account, billing, and plan limits.
• To improve the service (aggregated, anonymized usage patterns only).

3. Third-Party Services

• Anthropic (Claude): Conversation text is sent to Anthropic's API for AI responses. Subject to Anthropic's privacy policy.
• Microsoft Azure / Edge TTS: Text is sent for speech synthesis.
• Stripe: Payment processing. We never see or store your full card number.
• SendGrid: Transactional emails (password reset, verification).

We do not sell your data to third parties. Ever.

4. Data Storage & Security

• Your data is stored on servers hosted by DigitalOcean in the United States.
• Each user has an isolated database — your conversations and memories are not shared with other users.
• Each droid has its own separate memory — droids do not access each other's data.
• Passwords are hashed with bcrypt. Connections are encrypted via TLS.
• Backups are performed daily and retained for 7 days.

5. Data Retention

• Conversation history is retained as long as your account is active.
• Memory extractions (facts, people, relationships) are retained permanently unless you delete them.
• If you delete your account, all associated data is permanently deleted within 30 days.
• Raw audio is never retained — it is processed and discarded in real-time.

6. Your Rights

• Access: You can view all your data from the dashboard (conversations, memories, faces, skills).
• Delete: You can request full account deletion by contacting us.
• Export: You can request an export of your data.
• Correct: You can update your account information from the dashboard.

7. Children

Droid is not intended for children under 13. If you are under 13, please do not use the service. If a parent or guardian enrolls a child's face for family use, the parent is responsible for that data.

8. Cookies

We use a session token (JWT) stored in localStorage for authentication. We do not use tracking cookies or third-party analytics.

9. Changes

We may update this policy. Significant changes will be communicated via email or dashboard notification.

10. Contact

Questions? Email support@turkeycode.ai.