Telbox Privacy Policy

Last updated: May 18, 2026 · Version: 2.0

This policy describes what data Telbox collects, how we use it, who we share it with, how long we keep it, and what choices you have. It is written for end users (you) and to be read by regulators. If anything in here is unclear, write to privacy@telbox.ai and we will answer.

A summary of the most important things first:

Transport encryption is always on, on every tier. Every message, voice note, and call you send through Telbox travels end-to-end encrypted between your device and the recipient's device. Telbox itself cannot read your messages while they are in transit. This is true for Free, Plus, Pro, Business, and Workforce users alike.
AI processing is opt-in and tiered. Telbox has AI features (transcription, summary, memory, /ask). They are off by default. If you turn them on, your messages are decrypted inside our AI worker and sent to a third-party AI processor. The processor that runs your AI work depends on your subscription tier. Free accounts route to Google's Gemini API free tier, where Google's terms allow Google to use your content to train their AI models. Plus, Pro, Business, and Workforce accounts route to Google's Vertex AI Gemma-4 endpoint, where Google is contractually forbidden to train on your content.
You can withdraw consent at any time. Turn AI off in Settings, upgrade to a no-training tier, or delete your account.

0. Reading guide

This policy is intentionally long because the tier-based AI processing model we use is unusual and the legal posture varies by jurisdiction. Section 3 ("How AI processes your content") is the load-bearing section — read it before turning AI on. Section 7 ("Your rights") spells out what you can request and how. The remaining sections are reference material.

If you only have time for the headline: transport is always end-to-end encrypted; AI is opt-in; free-tier AI exposes content to Google for training; paid-tier AI does not.

1. Who we are

Telbox FZ-LLC is a free-zone company registered in the Dubai International Financial Centre (DIFC), United Arab Emirates. Telbox FZ-LLC is the data controller for the personal data we process about end-user consumer accounts (Free / Plus / Pro). For Business and Workforce tenants, Telbox FZ-LLC is the data processor acting on behalf of the customer organization that holds the tenant subscription.

Contact:

General: hello@telbox.ai
Privacy: privacy@telbox.ai
Mailing: Telbox FZ-LLC, Dubai International Financial Centre, Dubai, UAE.

2. What we collect, per tier

The categories below describe what Telbox stores on our servers. Material on your device (the iOS app's local SQLite cache, iCloud Keychain entries, etc.) is governed by Apple's terms and is outside the scope of what we "process" in the privacy-law sense.

2.1 Identity + account

Display name, email or phone number (whichever you used to sign up), and per-device cryptographic identity keys.
Profile photo if you upload one.
iCloud-Keychain-synced long-lived identity public key (the private half stays on your device).

We use these to authenticate you, route messages, and verify device-to-device trust relationships.

2.2 Messages and media

Each message is stored as ciphertext that we cannot read. The encryption envelope is sealed independently to each recipient device using X25519 key exchange + AES-256-GCM authenticated encryption. The same envelope shape applies to text, voice notes, photos, video, and file attachments.
A per-recipient sealed key envelope is stored alongside the ciphertext. Only the intended recipient device's private key can unwrap the envelope.
Metadata we do see: thread membership, message timestamp, message size, sender and recipient user IDs, recipient device IDs, message type (text / voice / image / ...).

2.3 Voice + media blobs

Encrypted blob storage in Google Cloud Storage. The blob ciphertext is encrypted-at-rest (Google's default GCS encryption) and the contents are encrypted before upload by your device using the same envelope keys as the message.
We never store voice recordings in any unencrypted form.

2.4 AI-derived data (only when AI is enabled)

When you turn AI on, our worker decrypts each message inside our infrastructure and sends the plaintext content to an AI processor. The processor returns a transcript (for voice notes), a summary, extracted tasks, extracted people, and other "understanding" artifacts. These are stored alongside the message in our database.

Crucial detail for free-tier users: the AI processor for Free tier is Google's Gemini API free tier, governed by https://ai.google.dev/gemini-api/terms. Google's terms allow Google to "use the content you submit to the Services and any generated responses to provide, improve, and develop Google products and services and machine learning technologies." This includes training Google's AI models on your content.

For paid users (Plus / Pro / Business / Workforce), the AI processor is Google's Vertex AI Gemma-4 endpoint, governed by the Google Cloud enterprise Data Processing Addendum (https://cloud.google.com/terms/data-processing-addendum). Under that DPA, Google is contractually forbidden to use your content for training. Vertex AI processes the content, returns the result, and discards the prompt.

2.5 Subscription state

The Apple StoreKit2 receipt fields for your active subscription: original transaction ID, expires-date timestamp, environment (Sandbox vs Production), product ID, auto-renew status. Stored as a JSONB blob alongside your account.
The paywall disclosure version you saw when you subscribed (a build-versioned identifier). Used as audit trail for FTC ROSCA disclosure compliance.
Apple sends us subscription-event notifications (renewal, lapse, refund, family sharing) via the App Store Server Notifications V2 endpoint; we update your account state in response.

2.6 Consent timestamps

We store three timestamps that represent your onboarding consents:

transport_e2e_acknowledged_at — when you acknowledged the transport-E2E information screen.
ai_processing_consent_at — when you opted in to AI processing at all.
ai_training_consent_at — when you (as a free-tier user) consented to Google training on your AI workload. NULL until you accept the free-tier disclosure.

These are the audit trail proving that we obtained your consent before any AI processing started.

2.7 Device push tokens

If you grant iOS notification permission, we store the APNs token issued by Apple. We use it to send you alerts when something happens (new message, call invite, subscription lapsed). We never include the plaintext of your messages in a push payload — the body is the AI-generated summary if available, otherwise a generic placeholder like "Voice note" or "New message."

2.8 Audit log

Limited record of administrative events: account creation, device registration, device revocation, subscription state changes, AI consent state changes, deletion requests, legal-process responses (subpoenas, takedown notices). Stored separately from user content for legal-hold + abuse-prevention purposes.

2.9 What we do NOT collect

We do not embed third-party advertising SDKs.
We do not embed third-party analytics SDKs that exfiltrate user content.
We do not collect location data.
We do not read your contacts list (the in-app "Match contacts" feature hashes your contacts on-device, sends only hashed truncations, and discards the response).
We do not record video calls or store call audio.
We do not access your photos library (the share-extension flow only sees what you explicitly tap into Telbox).

3. How AI processes your content

This section is the load-bearing one. Please read it before you turn AI on.

3.1 Free accounts (and when AI is on)

When you turn on AI features as a free-tier user, your messages and voice notes are decrypted inside our infrastructure and sent to Google's Gemini API free tier for processing. Google's terms (https://ai.google.dev/gemini-api/terms) allow Google to use this content "to provide, improve, and develop Google products and services and machine learning technologies" — which includes training Google's AI models.

If you do not want Google to train on your content, you have two options:

1. Keep AI off. Nothing leaves your device for processing. 2. Upgrade to Telbox Plus. AI routes through Google's no-training endpoint (see 3.2).

3.2 Telbox Plus, Pro, Business, and Workforce accounts

When you are on a paid tier, your AI processing routes through Google's Vertex AI Gemma-4 endpoint. Under the Google Cloud Data Processing Addendum, Google is contractually forbidden to train on your content. Vertex AI processes the content, returns the AI result to us, and discards the prompt within Google's processing window.

3.3 Transport encryption stays in place regardless of tier

Whether you are on free or paid, your messages travel from your device to ours encrypted, and the recipient's device decrypts them. We never see plaintext in transit. The two tiers differ only in what happens after the server-side decrypt inside the AI worker process.

3.4 If your subscription lapses

If a Plus / Pro / Business subscription ends and you drop back to the free tier, your NEXT AI call will route to the trainable Gemini endpoint. Before that happens, we show you an in-app notification that requires you to confirm you understand the change. You can:

Continue with AI on at the free tier (Google may train).
Turn AI off until you resubscribe.
Resubscribe to Plus.

AI calls already completed under your Plus subscription are unaffected — Vertex AI has already discarded those prompts.

3.5 When someone else sends you content

Telbox is a messaging app. People send each other content. When a free-tier sender sends a message to a free-tier recipient, the recipient's AI tier matters too — if the recipient's AI is on and they're on the free tier, processing the sender's content exposes it to Google training even though the sender themselves never enabled their own AI.

By using Telbox to send content to other Telbox users, you consent to this processing. You can prevent it in two ways:

Ask the recipient to turn off AI for that conversation — Telbox supports per-thread AI-off overrides.
Do not send sensitive content to a Telbox user who is on the free tier with AI on. The recipient's AI tier is visible in the conversation header so you can check at a glance.

Telbox enforces a server-side gate that refuses to route content through a trainable endpoint when both parties have explicitly declined to consent — see the "consent gates" section of our architecture documentation.

3.6 Sub-processors and the Google relationship

Google LLC is our AI sub-processor. The full sub-processor list is at https://telbox.ai/sub-processors and is updated with 30 days' notice when changes happen. Today's list:

Google LLC (United States) — AI processing via Gemini API free tier (for free-tier users) and Vertex AI Gemma-4 (for paid users). Subject to Google's Gemini API Terms (free tier) or Google Cloud DPA (paid tier).
Google Cloud EMEA Ltd. (Ireland) — infrastructure (Cloud Run, Cloud SQL, Memorystore Redis, Google Cloud Storage). Subject to Google Cloud DPA.
Apple Inc. (United States) — iOS push notifications via APNs. Subject to Apple's standard service agreement.
Cloudflare Inc. (United States) — DNS hosting. Subject to Cloudflare's DPA.
Stripe Inc. (United States) — B2B billing (Workforce tier). Subject to Stripe's DPA.
Functional Software, Inc. (Sentry, United States) — error tracking. Subject to Sentry's DPA.

3.7 What we never do with your AI workload (regardless of tier)

Even when you're on a free-tier account and the AI flow goes through a trainable endpoint, Telbox itself never sells your data, embeds advertising profiles, or uses your messages to target ads. The Free tier exists because Google subsidizes the inference cost in exchange for training data — that is the explicit trade we surface to you. We do not pile additional uses on top.

Specifically, regardless of tier:

Telbox does not target advertisements at you.
Telbox does not run third-party advertising or analytics SDKs that exfiltrate the contents of your messages.
Telbox does not train its own AI models on your content. We do not even keep the ML training datasets that would make that possible.
Telbox does not sell aggregate, anonymized, or pseudonymized derivatives of your AI-processed data to data brokers.
Telbox does not allow internal teams to read your messages outside of named two-person reviewed operational support tasks (debugging a crashed message, responding to legal process, processing a deletion request you yourself triggered).

What changes between Free and Plus is the contract with Google, not the contract with Telbox. Both tiers route AI through Google as a sub-processor; only the contractual terms with Google differ.

3.8 Inspectable architecture

Our architecture documentation at the repository under docs/architecture/ai-privacy-tiers.md describes the data flows in engineering detail, including the per-user routing factory that decides which endpoint receives your AI workload. The factory's read path defaults to FREE when a user record is missing or a tier column is unset — a defense-in-depth choice that ensures we never accidentally upgrade a user's privacy without a paid subscription confirming billing. If you suspect a leak between tiers, please file an issue or email info@telbox.ai.

4. Who we share data with

We share data with the following categories of recipients, on the legal bases noted:

AI processors (Google). As described in §3, per the relevant Google terms or DPA.
Push notification providers (Apple). Push payloads include only the AI summary or a generic placeholder; never raw ciphertext or unencrypted message content.
Infrastructure providers (Google Cloud). Encrypted blobs and database rows are stored in Google Cloud infrastructure in our chosen region. Workload Identity authentication; no service-account keys.
Business / Workforce tenants. When you sign up under a B2B tenant subscription, the tenant administrator can see your messages and AI-derived data per the tenant's data-processing agreement. The tenant's privacy policy governs internal access.
Authorities responding to lawful process. We respond to subpoenas, court orders, and emergency disclosure requests per our published Subpoena Response Procedure. We notify the affected user unless legally prohibited.
Acquirer. In the event of a corporate transaction (acquisition, merger), data may transfer to the new entity. We will give 30 days' notice in-app before any such transfer.

We do not sell your data to advertisers, data brokers, or any third party.

4.1 What "lawful process" means in practice

Authorities occasionally serve Telbox with a subpoena, court order, search warrant, or emergency disclosure request. Our standing policy:

We respond only to legal process we determine to be valid under the law of the jurisdiction asserting it. We push back on overbroad requests with the help of counsel.
Where the requesting jurisdiction's law and the user's resident jurisdiction's law conflict, we route to the user's resident jurisdiction's protections when feasible.
For requests involving message ciphertext, we can only produce what we hold: encrypted blobs we cannot read. The Apple device key needed to decrypt is in the user's iCloud Keychain on the user's device; we do not have it.
For requests involving AI-derived data (transcripts, summaries) on accounts where AI is enabled, we can produce the derived data. We log every such production to our Subpoena Register.
We notify the affected user within 24 hours of receiving the request unless legally prohibited (gag order). If we are prohibited from notifying, we re-evaluate the gag every 90 days and notify the moment we are no longer prohibited.
Aggregate transparency reports are published at https://telbox.ai/transparency yearly.

4.2 Internal access

A small number of Telbox engineers have administrative access to the production environment. Production-data-touching operations require:

Named two-person review (one engineer initiates; one engineer approves) for any action that reads user content.
Audit log entry in the platform-audit table with engineer ID, action, target user, and justification.
Quarterly access review by the founder.

This applies to manual interventions only (e.g., debugging a crashed AI worker on a specific user's message at the user's explicit request). Routine backend operation (the AI worker, the message router, the API server) operates on encrypted data only and does not constitute "internal access" in this sense.

5. International data transfers

Telbox is built in Dubai (UAE) and the production stack runs on Google Cloud in us-central1 (Iowa, United States). Our AI processors are Google LLC (USA). When you are an EU/EEA/UK or MENA resident, your data transfers to the United States for AI processing.

Telbox relies on the following legal mechanisms for cross-border transfer:

EU-US Data Privacy Framework (DPF). Google LLC is DPF-certified (verify at https://www.dataprivacyframework.gov/list). EU and EEA personal data transferred to Google LLC for AI processing relies on this adequacy decision.
UK Extension to the DPF. UK personal data follows the same mechanism via the UK's adequacy extension.
Standard Contractual Clauses (SCCs). For data subjects not covered by the DPF (e.g., MENA tenants under our Business/Workforce tiers), we attach the EU SCCs Module Two (controller-to-processor) and Module Three (processor-to-sub-processor) as Annexes to our Data Processing Addendum.

If the DPF is invalidated by a future court ruling (Schrems III, pending), we will switch immediately to SCC-only operation. We monitor DPF status every 90 days.

Data residency for Business and Workforce tenants: Business administrators can choose data residency at tenant creation. Options: us-central1 (default), eu-frankfurt (Germany), me-central1 (Doha, Qatar). Workforce administrators get the same options. Consumer users (Free / Plus / Pro on individual billing) are pinned to us-central1.

6. How long we keep your data

| Category | Retention while account active | Retention after account deletion | |---|---|---| | Account identity + display name | Indefinitely | Deleted within 7 days | | Messages (ciphertext) | Indefinitely | Deleted within 7 days | | Voice/media blobs | Indefinitely | Deleted within 7 days | | AI-derived data (transcripts, summaries, etc.) | Indefinitely | Deleted within 7 days when account is deleted; or instantly when you tap "Clear AI memory" in Settings | | Subscription state | Indefinitely | Deleted within 7 days; some Apple-side records persist on Apple's servers per their policy | | Consent timestamps | Indefinitely (audit) | Anonymized to a one-way hash; retained for 7 years per FTC ROSCA §3.9 | | Audit log | Indefinitely (security + abuse-prevention) | Anonymized to a one-way hash; retained for 7 years | | Device push tokens | Until you revoke the device, or up to 90 days of inactivity | Deleted within 7 days | | Backups | 7-day rolling encrypted backups | Deletion propagates within 7 days |

You can trigger immediate deletion at any time:

Settings → Account → Delete account — deletes everything you own.
Settings → Privacy → Clear AI memory — wipes only AI-derived data; underlying messages stay.

7. Your rights

Depending on where you live, you may have one or more of the following rights. Telbox honors all of them on a worldwide basis; the per-jurisdiction list is for clarity.

7.1 Universal (every user, every jurisdiction)

Access — request a copy of the personal data we hold about you. Use Settings → Privacy → Export my data, or email privacy@telbox.ai.
Correction — fix inaccurate or outdated data. Most fields are user-editable in the app; email us for the rest.
Deletion — delete your account and all associated data. Use Settings → Account → Delete account, or email us.
Restriction — limit what we process. Use Settings → Privacy → AI mode: Off to stop AI processing while keeping your messages.
Portability — receive your data in a machine-readable JSON format. Use Settings → Privacy → Export my data.
Withdrawal of consent — turn AI off or downgrade your tier at any time. Withdrawal stops future AI processing immediately; content already processed cannot be recalled from Google.
Complaint — lodge a complaint with the data protection authority in your country.

7.2 European Union / European Economic Area / United Kingdom

All rights listed in §7.1.
Additionally, the right to object to processing under GDPR Art. 21.
Lawful basis for the AI processing we do for you: your consent (Art. 6(1)(a) GDPR). For voice-based biometric features (Voice Identity Signing, when you opt in), explicit consent (Art. 9(2)(a) GDPR).
Right to lodge a complaint with your national Data Protection Authority. The EDPB list of authorities is at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

7.3 California (US)

All rights listed in §7.1.
Right to know what categories of personal information and sensitive personal information we collect (this policy is that disclosure).
Right to opt out of "sale or share" of personal information for cross-context behavioral advertising. We do not sell or share for advertising purposes; the "Do Not Sell or Share" link on our website is provided as a CCPA-compliance affordance.
Right to limit use of sensitive personal information (CCPA §1798.121). Sensitive personal information we collect includes biometric voiceprint material when you opt in to Voice Identity Signing. The "Limit Use of Sensitive Personal Information" link on our website turns this off.

7.4 United Arab Emirates

All rights listed in §7.1.
Plus the rights listed in the UAE Personal Data Protection Law (PDPL), Federal Decree-Law No. 45 of 2021, Articles 13–19. These include the right to information (Article 13), the right to access (Article 14), the right to correction (Article 15), the right to erasure (Article 16), the right to restrict processing (Article 17), the right to data portability (Article 18), and the right to object (Article 19). You may file a complaint with the UAE Data Office for inquiries we do not resolve to your satisfaction.

7.5 Kingdom of Saudi Arabia

All rights listed in §7.1.
Plus the rights listed in the KSA Personal Data Protection Law, Royal Decree M/19 of 1443H, Articles 4–13. These include the right to information, the right to access, the right to correct, the right to erasure, the right to restrict processing, the right to object, and the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) or the National Data Management Office (NDMO).

7.6 Egypt

All rights listed in §7.1.
Plus the rights listed in the Egyptian Personal Data Protection Law (Law No. 151 of 2020), Articles 2–9. Telbox will appoint a local representative in Egypt as required by Article 35 of Law No. 151 / 2020 before Egypt becomes a primary market; until then, Egyptian residents may exercise their rights by emailing privacy@telbox.ai and we will route the request through our DIFC-based privacy counsel.

7.7 How to exercise your rights

To exercise any right above:

1. Use the in-app affordance when one exists (Settings → Privacy → Export my data, Settings → Account → Delete account, etc.). The in-app path is the fastest. 2. If no in-app affordance covers your request, email privacy@telbox.ai with the subject line "[GDPR / CCPA / PDPL] data subject request" and describe what you want. 3. We acknowledge within 5 business days and complete the request within 30 days (45 in jurisdictions that allow extension, with notice to you). 4. We may need to verify your identity before fulfilling the request — typically a one-time-passcode sent to the phone number or email tied to your account.

You will never be charged a fee for exercising a data-subject right. We do not penalize you for asking. We do not require you to upgrade your subscription to use a right.

8. Children

Telbox is rated 17+ in the App Store. We do not knowingly collect data from children under 13 (USA, COPPA), under 16 (EU/EEA default), or under 18 (UAE/KSA general). If you believe a child has signed up, email privacy@telbox.ai and we will delete the account within 7 days.

9. Voice Identity Signing (biometric data)

Telbox supports Voice Identity Signing — a feature that creates a cryptographic signature anchored to the unique acoustic features of your voice. Recipients use the signature to verify a voice note is really from you (and not from a deepfake or impersonator).

Voice Identity Signing is opt-in. Telbox does NOT auto-enroll your voice biometric. The opt-in flow includes:

A separate consent screen describing what we store, where we store it, how long, and how to revoke.
A checkbox you explicitly tick (no pre-selection).
A retention/destruction policy at https://telbox.ai/biometric-policy.

What we store: a mathematical fingerprint (template) of your voice, plus the signing key derived from it. We do not store raw voice recordings beyond the encrypted blob storage described in §2.3.

Where we store it: in our database, encrypted at rest. Linked to your account.

Retention: as long as your account is active. If you delete your account, the template is destroyed within 7 days.

Revocation: Settings → Privacy → Voice Identity Signing → Disable. The template is destroyed immediately; existing voice notes you've already sent continue to carry their original signatures but you can no longer make new ones.

BIPA notice for Illinois residents: this section is your written notice that biometric data is being collected, and the consent checkbox in the iOS app is your written consent under the Illinois Biometric Information Privacy Act, 740 ILCS §14/1 et seq.

10. Voice Cloning (Pro tier; deferred)

Voice cloning is a planned Pro-tier feature where Telbox synthesizes speech in your own voice. As of this policy version, voice cloning is not yet shipped. When it ships:

The voice clone enrollment is gated on a separate consent screen.
Every audio file generated by your voice clone carries an inaudible cryptographic watermark (C2PA-compliant) identifying your Telbox account and timestamp.
Telbox reserves the right to disable Voice Cloning on any account where we have reasonable belief of misuse (impersonation, fraud, defamation).
See https://telbox.ai/voice-cloning-policy when Voice Cloning is live.

11. EU AI Act transparency

When Telbox uses AI to generate content for you (transcripts, summaries, AI-drafted reply chips), the iOS app labels the AI-generated content with a visible "AI" badge. This satisfies Article 50(1) of the EU AI Act (Regulation (EU) 2024/1689). Voice clones (when shipped) will additionally embed a machine-detectable watermark per Article 50(2).

12. Security

Transport: every message, voice note, and call is encrypted between your device and the recipient's device. We use X25519 key exchange, AES-256-GCM authenticated encryption, Ed25519 signatures, HKDF-SHA256 key derivation — all RFC-published and NIST-recognized.
At-rest: Telbox stores message ciphertext and media blobs in Google Cloud, encrypted at rest by Google's default GCS / Cloud SQL encryption.
AI processor isolation: when you turn AI on, your messages are sealed to an AI processor's public key (X25519). The AI worker decrypts in-process inside our infrastructure; the plaintext exists only in memory for the duration of the AI call.
Internal access: a small number of Telbox engineers have administrative access to the production environment for operational support. Production access requires named two-person review for any data-touching operation and is audit-logged.
Vulnerability disclosure: report vulnerabilities to info@telbox.ai. We respond within 5 business days.

13. Changes to this policy

If we change anything material in this policy, we will:

Post the new policy at https://telbox.ai/privacy with a new "Last updated" date.
Show you an in-app notification before the next time you use a feature affected by the change.
For substantive changes that affect AI processing or data flows, require you to explicitly accept the new policy before continuing.

Non-substantive changes (typos, formatting, link updates) are made without notice; the version number stays the same.

14. Contact

General privacy questions: privacy@telbox.ai.
Data subject rights requests: privacy@telbox.ai with subject line "[GDPR / CCPA / PDPL] data subject request".
Vulnerability reports: info@telbox.ai.
Mail: Telbox FZ-LLC, Dubai International Financial Centre, Dubai, UAE.

If we are slow to respond, escalate to founder@telbox.ai — the founder commits to a personal response within 5 business days while the team is small.

For privacy advocates or researchers studying our practices: we welcome scrutiny. The architecture documentation in our public repository at https://github.com/telbox-ai/telbox/docs/ describes the same data flows we describe in this policy, at engineering detail. If you find a contradiction between what's in the repo and what's in this policy, the repo is the bug fix target — please file an issue.

15. Version history

2.0 — May 18, 2026. Rewrite to distinguish free-tier (trainable Gemini) and paid-tier (no-training Vertex AI) AI processing flows; added Apple subscription disclosure; added recipient-consent gate explanation; added per-jurisdiction rights breakdown; added EU AI Act transparency note; added Voice Identity Signing biometric disclosure; added sub-processor list reference.
1.0 — April 30, 2026. Initial closed-alpha policy.