Privacy & data retention
How long Teleperson keeps your data, how to delete it, and the rights you have under GDPR and US privacy laws.
This page is the plain-English summary of how long Teleperson keeps your
data and how you can delete it. The full internal policy that engineering
and our auditors work from is the Data Retention & Deletion Policy
(TLP-SEC-RET-001), and the two are kept in sync.
What we keep, and for how long
| Data | How long we keep it |
|---|---|
| Your profile (email, name, plan, optional demographic fields) | While your account exists. Deleted when you close your account. |
| Your Hub (followed companies) | Same as your profile. |
| A Plaid bank/card connection (token + transactions + balances) | While the connection is active. Deleted on disconnect. No grace window. |
| A vendor account connection (eBay, etc. — token + cached orders, invoices, shipments) | While the connection is active. Deleted on disconnect. |
| Voice Concierge transcripts | Streamed live in the panel. Persistence is opt-in; if you opt in, transcripts are kept for 90 days unless you explicitly retain them. |
| Chat co-pilot transcripts | Stay in your browser by default. Backend recording is opt-in; if you opt in, kept for 90 days. |
| Stripe billing (subscription + invoices) | Subscription is cancelled when you close your account. Stripe itself retains payment records as required for tax / dispute handling, governed by Stripe's DPA. |
| Security logs (auth events, deletions we performed for you) | Up to 7 years, so we can prove on regulatory request that we deleted what we said we would. Your user_id is removed from these rows when you close your account; what remains is the audit trail, not your identity. |
| Edge Function logs | Per Supabase platform default — typically up to 90 days. |
| Database backups | Per our Supabase point-in-time-recovery window. If you delete data and we later restore from a backup that pre-dates the deletion, we re-run the deletion as part of the restore. |
Disconnect = deletion
When you disconnect a Plaid item or a vendor account, deletion is hard, not soft:
- We attempt to revoke the token at the third party (best-effort).
- We delete every row scoped to that connection: tokens, transactions, orders, shipments, invoices.
- We append an entry to our internal audit log so we can prove the deletion if asked.
The data is gone. There is no grace window and no soft-delete flag.
Your rights
If you are in the EEA, UK, or Switzerland (GDPR / UK GDPR)
You have the right to:
- Access the personal data we hold about you (Art. 15)
- Correct inaccurate data (Art. 16)
- Delete your data — the "right to be forgotten" (Art. 17)
- Restrict processing in certain circumstances (Art. 18)
- Receive a portable copy of your data in a machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Not be subject to legal or similarly significant decisions made solely by automated means (Art. 22). Teleperson does not make such decisions about you.
You also have the right to lodge a complaint with your national data protection authority.
If you are in the United States
You have rights under your state's privacy law. The substantive set is similar across California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA), and Teleperson applies the strictest applicable standard:
- Know what categories of personal information we collect and what we do with it (this page; the Security overview)
- Access the specific pieces of personal information we hold
- Delete your personal information
- Correct inaccurate personal information
- Opt out of sale or sharing for cross-context behavioral advertising — not applicable here: Teleperson does not sell or share your personal information for advertising
- Limit the use of sensitive personal information (your bank-link tokens, vendor tokens, and 2FA secrets are used only to provide the service you asked for)
- Appeal if we decline a request (VCDPA / CPA / CTDPA require this; Teleperson honors it for residents of any state)
We do not discriminate against you for exercising any of these rights.
How to exercise your rights
The fast paths are in the product:
- Disconnect a Plaid item or a vendor account → settings → disconnect. Deletes everything scoped to that connection.
- Close your account → settings → close account. Triggers the account-deletion flow described above.
- Export your data → request an export and we generate a JSON file for you. The download link is valid for 30 days.
For anything else — a formal access, correction, restriction, objection, or appeal — email security@teleperson.com.
- We acknowledge within one business day.
- We respond within 30 days (GDPR) or 45 days (CCPA and most US state laws). When the request is complex or requires verification with a subprocessor, we may extend by the period each statute allows — and we will tell you when we do.
To verify it's really you, we ask you to demonstrate control of the account email, and (if you have MFA enabled) complete an MFA challenge.
Subprocessors
Teleperson uses these third parties to provide the service. Each one holds a Data Processing Agreement and acts as a service provider under CCPA / processor under GDPR.
| Subprocessor | What they handle for us |
|---|---|
| Supabase | Database, authentication, and Edge Functions. |
| Plaid | Bank and card connections. Plaid handles the credential exchange — Teleperson never sees your bank username or password. |
| Stripe | Subscription billing. Stripe handles all card data; Teleperson never sees raw card numbers. |
| Vapi | Voice AI infrastructure for Voice Concierge calls. |
| ElevenLabs | Text-to-speech for voice features. |
| Anthropic | The Claude language model that powers Ask AI and the chat co-pilot. Per Anthropic's API terms, your prompts are not used for training. |
| Vercel | Hosting for the marketing site and this docs site. End User application data does not pass through Vercel. |
What we don't sell or share
Teleperson does not sell your personal information and does not share it for cross-context behavioral advertising. Subprocessors above process data only for the purposes we direct.
Related
- Security overview → — encryption, row-level security, AI guardrails, and how we handle reports.
- Transport security → — TLS posture and HSTS.
- System overview → — the architecture this lives in.