This Privacy Policy describes how Thinking Code LLC ("we," "us," or "our") collects, uses, and protects your personal information when you use The Thinking Speaker at thethinkingspeaker.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.
01 Information We Collect
Account Information
When you create an account, we collect the information you provide, including:
- Email address
- Name (if provided)
- Password (stored as a bcrypt hash — we never store your plaintext password)
- Google OAuth profile information (if you sign in with Google), including your Google account email and display name
Speech and Session Data
When you use the teleprompter, interview prep, or other speech features, we may collect:
- Scripts and speech text you enter or generate using AI tools
- Session recordings (audio), stored temporarily for AI coaching analysis
- Performance metrics, including words per minute (WPM), filler word counts, script adherence percentage, and completion rate
- Session metadata such as duration, date, and speech engine used
Payment Information
Payment processing is handled entirely by Stripe. We never receive, store, or have access to your full credit card number, CVV, or other sensitive payment credentials. We receive only a confirmation of your subscription status, billing cycle, and transaction identifiers from Stripe.
Usage Data
We collect information about how you interact with the Service, including which features you use, session frequency, and general usage patterns. This helps us understand how to improve the product.
Device and Browser Information
We collect basic device and browser information to ensure compatibility with our speech-to-text engines and to diagnose technical issues. This may include browser type, operating system, and device capabilities relevant to audio processing.
02 How We Use Your Information
We use the information we collect to:
- Provide and operate the Service — powering the teleprompter, tracking speech performance, and saving your session history
- Process payments and manage subscriptions — handling Pro tier billing through Stripe, managing trial periods, and sending payment-related notifications
- Generate AI-powered features — sending relevant data (such as your script, topic, or session metrics) to our AI providers to produce speech writing, coaching feedback, and interview questions
- Send account-related communications — including email verification, password reset emails, and important service updates
- Analyze and improve the product — understanding usage patterns, identifying bugs, and prioritizing new features based on how speakers actually use the tool
03 Third-Party Services
We integrate with the following third-party services to deliver the features of The Thinking Speaker:
- Stripe — processes all payments and manages subscriptions. Stripe receives your payment details directly and is subject to their own Privacy Policy.
- Deepgram — provides cloud-based speech recognition and text-to-speech capabilities for Pro users. Audio data is sent to Deepgram's servers for processing in real time.
- Anthropic — powers AI speech writing, AI coaching feedback, and interview grading through the Claude language model. Your script text, session metrics, or prompts may be sent to Anthropic for processing.
- Cerebras — generates AI interview questions. Prompt data is sent to Cerebras for processing.
- Google — provides OAuth authentication for users who choose to sign in with their Google account. Google receives only the authentication request; we receive your basic profile information (name and email).
- Cloudflare — provides CDN and content delivery services for static assets, including offline speech recognition model files.
Offline Speech Engines
The Thinking Speaker offers offline speech recognition through Sherpa-ONNX and Vosk engines. These engines run entirely within your web browser. When using offline engines, no audio data is sent to any external server. All speech processing happens locally on your device, giving you complete control over your data.
04 Data Storage and Security
We take the security of your data seriously and employ the following measures:
- Hosting — application data is stored on Railway, a cloud hosting platform with infrastructure-level security controls
- Database — user data is stored in a PostgreSQL database with encryption at rest
- Encryption in transit — all connections to the Service use HTTPS/TLS encryption
- Password security — passwords are hashed using bcrypt before storage; we never store or log plaintext passwords
- Session audio — audio recordings are stored temporarily for AI coaching analysis and are not retained indefinitely. We do not maintain a permanent archive of your voice recordings.
While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
05 Your Rights
You have the following rights regarding your personal data:
- Access — you may request a copy of the personal data we hold about you
- Deletion — you may request deletion of your account and all associated data, including session history, scripts, and performance metrics
- Export — you may request an export of your session history and associated data
- Opt out of AI processing — by selecting an offline speech engine (Sherpa-ONNX or Vosk), you can ensure that your audio data is never sent to external servers for processing
- Correction — you may update your account information at any time through the Service
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
06 Data Retention
Our data retention practices vary by account tier:
- Free tier — we retain your last 5 sessions. Script text is not stored on our servers for free-tier accounts. Older sessions are automatically pruned.
- Pro tier — full session history is retained for as long as your subscription is active, including script text, performance metrics, and AI coaching feedback.
- Account deletion — when you request account deletion, all of your data (including account information, session history, scripts, and performance data) will be permanently removed from our systems within 30 days.
- Payment records — certain transaction records may be retained beyond account deletion as required by applicable tax and financial regulations.
07 Cookies and Local Storage
The Thinking Speaker uses the following browser storage mechanisms:
- Authentication token — an HTTP-only cookie is used to maintain your logged-in session. This cookie is essential for the Service to function and cannot be disabled while using the app.
- Script text (localStorage) — your current script text is stored in your browser's localStorage so that it persists across page reloads during a session.
- Offline model cache (IndexedDB) — if you download offline speech recognition models (Sherpa-ONNX), the model files are stored in your browser's IndexedDB for fast subsequent access. These files remain on your device and are not transmitted anywhere.
We do not use any third-party tracking cookies. We do not use advertising cookies, analytics cookies from third-party providers, or any cookie-based tracking across websites.
08 Children's Privacy
The Thinking Speaker is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will promptly delete that information. If you believe a child under 13 has provided us with personal data, please contact us at [email protected].
09 International Users
The Thinking Speaker is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our database is operated.
By using the Service, you consent to the transfer of your information to the United States and acknowledge that the data protection laws of the United States may differ from those of your country of residence.
10 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by:
- Posting the updated policy on this page with a revised "Last updated" date
- Sending a notification via email to the address associated with your account
- Displaying an in-app notification when you next use the Service
We encourage you to review this page periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms.
11 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: