01Introduction
Talky is a walkie-talkie and internet-radio app for iPhone, iPad and Apple Silicon Mac, designed and developed in Italy by Andrea Piani for Andrea Piani. This Privacy Policy explains what personal data we process, why, and what choices you have — under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended by the CPRA.
This policy applies to two distinct surfaces that behave very differently:
- The Talky app on the App Store (iOS, iPadOS, macOS on Apple Silicon). The app may show advertising via Google AdMob to free users and uses Firebase for anonymous analytics and crash reports, behind your consent.
- The marketing website at walkie-talky.vercel.app. The site currently sets no tracking cookies, runs no analytics, embeds no ad pixels and stores a single technical preference in your browser to remember your cookie-banner choice.
02Data controller
The data controller responsible for the processing of personal data described in this policy is:
- Andrea Piani — Italy
- Point of contact: Andrea Piani
- Email: andreapiani.dev@gmail.com
We have not designated a formal Data Protection Officer because the scale and nature of our processing do not require one under Article 37 GDPR. The contact email above is the canonical channel for any privacy request.
03What we collect on the marketing website
The site at walkie-talky.vercel.app is a single-page static brochure. We do not run server-side application code, we do not maintain a user database, and we do not process payments on the site itself.
Local browser storage
When you make a choice on our cookie banner, we store one item in your browser's localStorage with the key talky_consent_v1. It contains the timestamp of your choice and which categories you accepted. This entry never leaves your device and is not readable by any third party. You can erase it at any time from your browser's site-data controls or by clicking Cookie preferences in the footer.
Cookies and trackers
At the time of the "Last updated" date above, the site sets zero cookies, loads no analytics (Google Analytics, Plausible, Fathom, etc.), embeds no advertising pixels (Meta Pixel, TikTok Pixel, X Pixel, etc.), and runs no fingerprinting. Should we ever add any optional tracker in the future, the cookie banner will be re-shown and your fresh consent collected.
Hosting access logs (Vercel)
Like every site on the public internet, our pages are served by infrastructure that records standard HTTP access metadata. Our host, Vercel Inc., retains short-lived access logs containing your IP address, user agent, the requested URL, and a timestamp, used for security, abuse mitigation and infrastructure billing. Vercel retains these logs for approximately 30 days. We do not aggregate, sell, or correlate these logs with any other identifier.
Google Fonts
The site loads display fonts (Bricolage Grotesque, IBM Plex Mono, Fraunces, VT323) from Google Fonts. Since 2022 Google Fonts no longer sets cookies for stylesheet and font requests; only standard HTTP request logs apply on Google's side. If you prefer to avoid these requests entirely, you can block Google Fonts at the browser or network level — the site degrades gracefully to system fonts.
04What the Talky iOS app collects
The Talky app is built on the principle of data minimisation. No account, no phone number, no email, no password, no profile. Below is the complete inventory.
Walkie-talkie audio (the core feature)
- Push-to-talk audio is transmitted device-to-device using Apple Multipeer Connectivity over Wi-Fi Direct, the local Wi-Fi network, or Bluetooth.
- Voice never transits Talky servers — there are no Talky servers in the audio path. We literally cannot listen to your conversations.
- Audio is not persistently stored. The optional Session Recording feature (Pro tier) stores recordings locally on your device, in the app's sandboxed container. You can delete them at any time from within the app.
- A short device display name (e.g. "Andrea's iPhone") is broadcast over Multipeer for peer discovery on the local network. You can change it in your iOS device settings.
Identity, accounts, contacts
None. We do not collect or process your name, phone number, email, address book, photos, calendar, health data, location coordinates, or biometric identifiers.
Device locale
The app reads your device's locale (e.g. it-IT, en-US) so it can suggest radio stations that match your country. This is read locally from iOS and is not transmitted to us. We do not use GPS or any precise-location API.
Firebase Analytics & Crashlytics (optional)
- If you grant App Tracking Transparency (ATT) consent and accept analytics in the in-app cookie/consent dialog, Talky sends anonymous usage events to Firebase Analytics (e.g. "user opened radio mode") and crash diagnostics to Firebase Crashlytics (stack traces, OS version, device model).
- If you decline ATT or analytics consent, no Firebase events are sent. Crash reports become anonymous and limited to the minimum necessary to keep the app stable.
- IDFA (the Apple advertising identifier) is collected only if you explicitly tap "Allow Tracking" on the ATT prompt. Otherwise it is replaced with all zeros, per Apple policy.
Google AdMob (free tier only)
- Free users may see App Open, interstitial, rewarded and native ads served by Google AdMob. Talky Pro subscribers see zero ads.
- For EEA, UK and Swiss users, the app presents Google's UMP (User Messaging Platform) consent dialog the first time ads load, in line with the IAB TCF v2.2 framework. You can change your consent at any time from Settings → Privacy inside the app.
- If you withhold ad-personalisation consent, AdMob serves only non-personalised, contextual ads.
- Apple's ATT prompt is shown before any tracking-enabled ad SDK code runs.
In-App Purchases (StoreKit 2)
- Talky Pro and any consumable purchases are processed entirely by Apple through StoreKit 2. Your payment instrument, billing address and Apple ID never reach us.
- We receive only the cryptographic entitlement signal ("this device is entitled to Pro") and an opaque transaction identifier used for purchase-restoration and tax reporting.
Push notifications & Live Activities
If you enable notifications, iOS issues an anonymous device push token. Talky uses this token only locally to schedule reminders and Live Activities (Dynamic Island). We do not operate a push server that targets users individually — there is no marketing push.
05Legal bases (GDPR Article 6)
| Processing | Legal basis |
|---|---|
| Walkie-talkie peer connection | Performance of a contract (Art. 6(1)(b)) — you ask Talky to connect you to a peer. |
| In-App Purchase delivery & restore | Performance of a contract (Art. 6(1)(b)). |
| Firebase Analytics & personalised ads | Your freely-given, granular consent (Art. 6(1)(a)), collected via UMP + ATT. |
| Non-personalised contextual ads | Legitimate interest (Art. 6(1)(f)) in funding the free tier, balanced against minimal impact on you. |
| Crash diagnostics | Legitimate interest in keeping the app stable and secure (Art. 6(1)(f)). |
| Vercel access logs & abuse prevention | Legitimate interest (Art. 6(1)(f)) in protecting the website from attacks. |
Consent record (talky_consent_v1) | Compliance with a legal obligation (Art. 6(1)(c)) — we must be able to prove your choice. |
06Third-party processors and sub-processors
We rely on the following processors. Each operates under contractual data-processing terms and, where relevant, Standard Contractual Clauses approved by the European Commission.
| Provider | Purpose | Jurisdiction |
|---|---|---|
| Apple Inc. privacy policy | App Store distribution, StoreKit purchases, Multipeer Connectivity, ActivityKit, Push (APNs), App Tracking Transparency | USA + EU (Apple Distribution International, Ireland) |
| Google LLC (Firebase, AdMob, UMP) privacy policy | Anonymous analytics, crash diagnostics, advertising to free users, EU consent flow | USA + EU (Google Ireland Ltd) |
| Vercel Inc. privacy policy | Static hosting of the marketing site, edge CDN, access logs | USA |
| Google Fonts (Google LLC) font privacy FAQ | Web-font delivery for the marketing site (no cookies) | USA + EU |
We do not use any other third party not listed above. We do not sell, rent or trade personal data.
07International data transfers
Apple and Google are global organisations that may process data on servers located in the United States or other countries outside the European Economic Area. When that happens, transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) as updated in 2021, combined with supplementary technical measures (end-to-end encryption, pseudonymisation) where appropriate. Apple is additionally certified under the APEC Cross-Border Privacy Rules framework. Both Apple and Google participate in the EU–US Data Privacy Framework where applicable.
08Retention periods
| Data | Retention |
|---|---|
| Walkie-talkie voice in transit | Not stored. Discarded packet by packet after playback. |
| Local session recordings (Pro) | Until you delete them in the app or uninstall. |
| Vercel HTTP access logs | ~30 days, then purged by Vercel. |
| Firebase Analytics events | 14 months (Firebase default), then auto-deleted. |
| Crashlytics diagnostics | 90 days for non-fatal traces, 180 days for fatal crashes. |
| AdMob serving logs | Per Google's published retention windows (typically < 60 days for identifiable signals). |
Cookie-consent choice (talky_consent_v1) | Indefinite — kept until you clear browser storage or click "Cookie preferences". |
| In-App Purchase receipts (Apple) | Up to 7 years where required by Italian and EU tax law. |
09Your rights under GDPR / UK GDPR
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:
- Right of access — ask whether we hold data about you and receive a copy.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your data.
- Right to restriction of processing — ask us to pause processing under certain conditions.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing based on legitimate interest, including for direct marketing (we do not do direct marketing).
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing. You can withdraw analytics or ad-personalisation consent from Settings → Privacy inside the Talky app, or by clicking Cookie preferences in the footer of the marketing site.
- Right not to be subject to automated decision-making with legal effects — we do not perform any such automated decision-making.
To exercise any of these rights, email andreapiani.dev@gmail.com. We will respond within 30 days (extendable by 60 days for complex requests, in which case we will inform you). The request is free of charge unless manifestly unfounded or excessive.
You have the right to lodge a complaint with a supervisory authority. In Italy this is the Garante per la protezione dei dati personali — garanteprivacy.it. In the UK it is the Information Commissioner's Office (ICO). EU residents may also contact their local data-protection authority.
10California Consumer Privacy Act (CCPA / CPRA)
If you are a resident of California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, grants you the following rights:
- Right to know what categories of personal information we collect, the sources, the purposes, and the third parties with whom we share it. The complete answer is in sections 03, 04 and 06 above.
- Right to delete personal information we have collected, subject to legal exemptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of personal information. Talky does not sell or "share" (as those terms are defined under CPRA) personal information for cross-context behavioural advertising outside the AdMob consent flow you control inside the app.
- Right to limit the use of sensitive personal information — we do not collect sensitive PI categories as defined under CPRA.
- Right to non-discrimination for exercising these rights. Free Talky stays free whether you opt out of analytics or not.
To exercise these rights, email andreapiani.dev@gmail.com with the subject line "CCPA request". We will verify your request using the email associated with your message and respond within 45 days. We honour Global Privacy Control (GPC) signals on the marketing site as an opt-out preference signal.
11Children
Talky is rated 4+ on the App Store and is designed for general audiences, but it is not directed at children under 13 (or under 16 in the European Union, where stricter age-of-consent thresholds apply for online services). We do not knowingly collect personal data from such children. If you are a parent or guardian and believe your child has provided personal information through Talky, please contact us at andreapiani.dev@gmail.com and we will delete it without undue delay. We do not run profiling, targeted advertising, or behavioural advertising against any user identified as a minor.
12Security
We take a deliberately minimalist approach to security: the safest data is the data we never collect.
- Walkie-talkie audio uses Apple's Multipeer Connectivity, which negotiates a TLS-based encrypted session between peers by default. Sessions are configured as required-encryption in Talky.
- There is no server-side voice storage, no central database of users, no central recording.
- The marketing site is served exclusively over HTTPS with HSTS, modern TLS ciphers and HTTP/2 via Vercel's edge network.
- We do not run a user database. There are no passwords to leak.
- In the unlikely event of a personal-data breach affecting EU users, we will notify the Garante Privacy within 72 hours per Article 33 GDPR, and affected individuals where required by Article 34.
13Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the app, new features, or evolving legal requirements. When we do, we will revise the "Last updated" date at the top of this page. For material changes — for example, the introduction of a new processor or a new category of data — we will additionally notify users by an in-app banner on the next app launch, and the cookie banner on the marketing site will reappear so you can reaffirm your choices. We encourage you to review this page periodically.
14Contact
For any privacy question, request, or complaint, please contact:
- Andrea Piani — privacy point of contact
- Andrea Piani, Italy
- Email: andreapiani.dev@gmail.com
- Website: andreapiani.com
- App page: walkie-talky.vercel.app
Thank you for reading. Talky exists to be a small, calm, respectful app. We want the privacy policy to feel the same way: short on legalese, long on substance, and honest about what we do and do not do.