Privacy

Privacy Policy


We are committed to protecting your privacy and personal information.

Last updated: 21 November 2025

Operated by Healthcare Design Studio Ltd (England & Wales)

1. Overview

This Privacy Policy explains how Healthcare Design Studio Ltd ("we", "us") collects, uses, stores, and protects personal information when you use TalkFRCA ("the Service"). By using the Service, you consent to the processing described in this policy.

2. Information We Collect

A. Information you provide

  • Name and email address during registration.
  • Text responses, written answers, and content typed within the platform.
  • Support messages, feedback, and communication you send to us.

B. Information generated through use

  • Session transcripts for Quickfire, SOE, and mock viva practice.
  • Session timing, topic data, and performance analytics.
  • Interaction logs created during active sessions.

C. Automatically collected data

  • Device, browser, OS, and technical metadata.
  • IP address and approximate location.
  • Cookies and tracking data used for analytics and functionality.

D. Information we do not collect or store

  • TalkFRCA does not store audio recordings locally; however, Vapi (our real-time voice provider) temporarily stores voice data on its own infrastructure and may use it to train or improve its service in line with its privacy policy.
  • No patient-identifiable information; users must not enter clinical details about real individuals.

3. How We Use Your Information

A. Service delivery

Running Quickfire sessions, SOE practice, mock viva simulations, transcripts, analytics, and progress tracking.

Maintaining secure authentication and account functionality.

B. Model improvement

Transcripts, interaction logs, and anonymised usage data will be used to improve automated models and educational features.

C. Analytics

Understanding feature usage, improving performance, and identifying platform trends.

D. Platform safety

Detecting misuse, enforcing Terms of Service, and protecting platform integrity.

E. Communication

Service announcements, account notices, and optional marketing updates.

Marketing emails are opt-out.

4. Legal Basis (UK GDPR)

Data is processed under:

  • Contractual necessity – delivering core platform features.
  • Legitimate interests – product improvement, analytics, and security.
  • Consent – optional marketing communications or non-essential cookies.

5. Voice Interaction Data

Voice-based features operate as follows:

  • Voice audio is processed in real time by Vapi (orchestration) and Deepgram (transcription) before TalkFRCA receives the transcript.
  • TalkFRCA never stores audio; we retain transcripts only. Vapi may retain encrypted audio snippets and related metadata on its systems for a limited period to monitor quality, ensure abuse prevention, or train its models.
  • When Vapi stores audio, it does so under its own terms and privacy policy. By using voice features, you agree to Vapi's handling of audio data.
  • Deepgram processes audio streams for transcription but does not retain audio after conversion.

6. Data Retention

A. During account lifetime

  • Transcripts, analytics, and interaction logs remain stored.
  • Interaction data tied to active sessions may be retained for transcript generation or analytics.

B. After account deletion

  • Account information is removed.
  • Transcripts are anonymised and retained indefinitely for educational research, product development, and model improvement.
  • Anonymised analytics may also be retained indefinitely.

7. Data Sharing & Third-Party Providers

We share data only with services essential to platform operation:

  • Supabase (EU storage) – data, authentication, and infrastructure.
  • OpenAI – automated content generation and model improvement.
  • Vapi – real-time session orchestration and voice processing.
  • Deepgram – real-time speech-to-text transcription (audio processed but not stored).
  • ElevenLabs – synthetic voice generation for certain features.
  • Payment processors – for subscription management.

These third parties process data strictly under our instructions.

We do not sell personal data.

8. Data Security

Measures include encryption, access controls, monitoring, and secure infrastructure. Users must protect their login credentials.

9. Your Rights

Under UK GDPR, you may request:

  • Access to your personal data.
  • Correction of inaccurate data.
  • Deletion of account information.
  • Restriction of certain processing.
  • Export of your data, including transcripts.
  • Objection to processing where applicable.

To make a request, email hello@talkfrca.com.

10. Marketing Communications

Marketing emails and feature updates are opt-out.

Users may disable marketing at any time via account settings or by contacting us.

11. Cookies

We use cookies for:

  • Authentication and session management.
  • Feature performance.
  • Analytics and platform improvement.

Users may adjust cookie settings in their browser.

12. International Transfers

Data may be processed outside the UK by approved third-party providers.

Where this occurs, appropriate safeguards consistent with UK GDPR are applied.

13. Institutional and Future Features

This policy anticipates:

  • Institutional licences (e.g., hospitals, deaneries).
  • Future voice-based mock viva sessions.
  • Expanded AI-driven analytics.

All future features will comply with this policy unless further updates are issued.

14. Updates to This Policy

We may update this policy periodically. Continued use of the Service indicates acceptance of any updates.