Talooka Privacy Policy

Last updated: May 2026

1. What We Collect

Talooka collects the following data only when you explicitly choose to include it in your research profile:

  • Photo & video metadata (counts, date ranges, file types — never actual image content)
  • Calendar event patterns (frequency, categories — never event titles or personal details)
  • Email metadata (sender domains, volume patterns — never email content or subject lines)
  • Installed app categories (which categories of apps are present — detected via standard iOS URL schemes)
  • Wallet pass metadata (issuer names and pass types from files you manually import)
  • Social profile data (self-reported: years active, activity level, follower ranges)
  • Account information (email address and user ID from Google Sign-In)

2. How We Use Your Data

Your data is used solely to:

  • Generate your anonymized research profile
  • Match your profile with relevant research programs
  • Notify you when your profile is selected by a research partner
  • Improve the accuracy of profile value estimates

3. How Your Data Is Shared

When you enroll a data type in a research program, an anonymized version of that profile is made available to verified research partners (brands, market research firms, academic institutions). Raw personal content (photos, messages, email content) is NEVER shared.

Research partners receive statistical/behavioral profiles, not raw data linked to your personal identity.

4. Your Rights

You may at any time:

  • View all data included in your research profiles
  • Remove any individual data source from your profile
  • Delete your entire account and all associated data
  • Opt out of all research programs

To exercise these rights, use the Settings screen in the app or email privacy@talooka.app.

5. Data Retention

Your profile data is retained until you delete it. If you delete your account, all data is permanently removed within 30 days.

6. Data Deletion & Your Rights (GDPR / CCPA)

You have the right to request deletion of all personal data we hold about you at any time. This includes:

  • Right to Erasure (GDPR Article 17) — request complete deletion of your account and all associated data
  • Right to Access (GDPR Article 15) — request a copy of all data we hold about you
  • Right to Rectification (GDPR Article 16) — request correction of inaccurate personal data
  • Right to Restriction of Processing (GDPR Article 18) — temporarily pause use of your data
  • Right to Data Portability (GDPR Article 20) — receive your data in a structured, machine-readable format
  • Right to Object (GDPR Article 21) — opt out of all research programs and data processing
  • CCPA Right to Delete — California residents may request deletion of personal information
  • CCPA Right to Know — California residents may request disclosure of data categories collected

To submit a data deletion or access request, email privacy@talooka.app with the subject line Data Deletion Request or Data Access Request. We will respond and fulfill verified requests within 30 days.

Alternatively, you can delete your account instantly via the App: Settings → Delete Account. This permanently removes all data from our systems within 30 days.

7. Security

All data is transmitted over encrypted HTTPS connections. We use Supabase for secure cloud storage with industry-standard encryption at rest.

8. Children

Talooka is not directed at children under 13. We do not knowingly collect data from children.

9. Contact

For privacy questions: privacy@talooka.app

Review Notes for the Apple Reviewer

In App Store Connect → Version Information → Notes for App Review, paste this:

Talooka is a consumer data empowerment platform that allows users to voluntarily participate in market research and receive compensation for sharing anonymized behavioral data with brands and researchers.

Key Points for Review

  1. All data collection is user-initiated. No data is collected passively. Every data type requires the user to explicitly tap "Scan," "Connect," or "Import." Users see exactly what will be included before any data leaves their device.
  2. No sensitive content is transmitted. Photo content, email content, message content, and calendar event details never leave the device. Only anonymized metadata (counts, patterns, categories) is included in research profiles.
  3. User control & deletion. Users can remove any data source or delete their entire profile at any time via Settings → Delete Account.
  4. Similar approved apps. This model is consistent with other App Store-approved applications in the market research space such as Nielsen Digital Voice and similar consumer research platforms.
  5. Gmail access. Email integration uses Google OAuth — no passwords are stored. Only metadata (sender domains, subject categories, volume) is analyzed. The actual Gmail API scope requested is gmail.readonly, and no email content is stored or transmitted.
  6. Calendar access. NSCalendarsFullAccessUsageDescription is required for iOS 17+ per Apple's own documentation. Calendar access is used exclusively for behavioral pattern analysis (time-of-day usage, event frequency) — not for reading personal event content.

Test Account

  • Email: [your test email]
  • Password: [your test password]
  • Note: Google Sign-In is the primary auth method. A test account has been pre-configured for review.

UI Changes That Reduce Rejection Risk

A few small wording changes in the app itself:

  • All "List for Sale" buttons → "Enroll in Research"
  • "Estimated Worth" → "Research Value"
  • "List [X] Data for Sale" → "Add to Research Profile"
  • Success screen: "You'll be notified when a buyer purchases" → "You'll be notified when a research partner selects your profile"
Back to home