Privacy policy.

Abryn Labs LLC (“Abryn Labs,” “we,” “us,” or “our”) is a software studio organized in the State of Indiana, United States. We operate the website at abrynlabs.com and we build and operate software products, including Talkcounter (an AI voice receptionist for restaurants) and SpaceSense AI (a mobile and web application that analyzes images of interior spaces). Together, the website and the products are referred to in this policy as the “Services.”

For the purposes of EU and UK data protection law, Abryn Labs is the “controller” of the personal data we collect through this website and through our products marketed directly to consumers. Where we process personal data on behalf of a business customer (for example, a restaurant using Talkcounter to process its own callers), we act as a “processor” for that customer.

We collect information in three ways:

Information you provide directly. Account details (name, email, password if applicable), business details (restaurant name, address, hours, menu data for Talkcounter), photos and videos you upload (for SpaceSense AI), messages you send us (email, contact form submissions), and any other content you submit while using the Services.

Information collected automatically. Device and usage data such as IP address, browser type and version, operating system, device identifiers, language, time zone, the pages or screens you view, the actions you take, and the dates and times of your visits. We use cookies, SDKs, and similar technologies (see section 7).

Information specific to product use.

• Talkcounter. Inbound phone numbers placing calls to a connected restaurant line, call audio, automated transcripts of those calls, order contents, modifiers, prices, and the POS responses returned to us.
• SpaceSense AI. Photos and videos you upload of interior spaces, AI-generated analyses and “fix” outputs, your in-app credit balance and activity, and authentication identifiers from Firebase Authentication or Google Sign-In if you use those options.

Information from third parties. If you sign in with a third party (for example, Google), we receive the identifiers, name, and email that the third party shares with us according to your settings with them.

We use the information we collect to:

• Provide, operate, and maintain the Services.
• Authenticate users, secure accounts, and prevent fraud or abuse.
• Process inbound calls and generate transcripts and validated orders (Talkcounter), and to analyze uploaded images and generate fixes (SpaceSense AI).
• Measure how the Services are used and improve them.
• Communicate with you about your account, your usage, security alerts, and changes to the Services, this policy, or our terms.
• Send product updates and marketing if you have opted in. You can opt out at any time using the unsubscribe link in our emails or by contacting us.
• Comply with legal obligations and enforce our terms.

We do not sell personal information. We do not use the content you submit (call transcripts, photos, videos) to train third-party foundation models without a separate, opt-in agreement with you.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following bases:

• Contract. To provide the Services you have requested.
• Legitimate interests. To secure and improve the Services, prevent abuse, and run our business, balanced against your interests and rights.
• Consent. Where we ask for it, for example for non-essential cookies or marketing communications. You can withdraw consent at any time.
• Legal obligation. Where we are required by applicable law.

We share information only as described below:

• With service providers that help us operate the Services (hosting, storage, analytics, authentication, error monitoring, payment processing, customer support). These providers are bound by contract to use personal data only to provide their service to us.
• With business customers whose end users interact with us (for example, a restaurant whose callers reach Talkcounter, or an organization that licenses our services for its team).
• For legal reasons when we believe disclosure is required by law, court order, or government request, or is necessary to protect rights, property, or safety.
• In a business transaction such as a merger, financing, acquisition, or sale of assets, in which case personal data may be transferred subject to standard confidentiality protections.
• With your direction or consent in any other case.

We use the following categories of third parties to provide the Services. The specific vendors we use may change over time, and a current list for any product is available on request.

• Hosting and infrastructure. Cloudflare and Google Cloud Platform (including Firebase).
• Authentication. Firebase Authentication, Google Sign-In.
• AI model providers. Google (Gemini), and other model providers we may add. AI providers process inputs to generate outputs and are contractually restricted from using your content to train their models unless you opt in.
• Analytics. Mixpanel and Google Analytics (with privacy controls applied).
• Error monitoring. Sentry.
• Email. Standard transactional email providers.
• POS integrations (Talkcounter only). Clover, Square, Otter, Revel, Toast, Lightspeed and similar systems that you authorize.

We use cookies and similar technologies (such as local storage, pixels, and mobile SDK identifiers) for purposes that include keeping you signed in, remembering preferences, measuring how the Services are used, and improving them.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services. Where required by law, we ask for your consent before setting non-essential cookies.

We retain personal information only for as long as it is needed for the purposes described in this policy or as required by law. In particular:

• Talkcounter call transcripts are retained in your dashboard for 90 days by default. Raw call audio is purged within 24 hours unless you opt in to longer retention.
• SpaceSense uploads and analyses are retained while your account is active, and may be deleted on request. We may retain de-identified data for service improvement.
• Account records and billing data are retained as required by tax and accounting law in our jurisdiction.

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, audit logging, content moderation on AI inputs, and regular review of our security posture. No system can be guaranteed perfectly secure: if we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

Depending on where you live, you may have the following rights with respect to your personal data:

• Access a copy of the personal data we hold about you.
• Correct inaccurate personal data.
• Delete personal data, subject to certain legal exceptions (for example, where we are required to retain records).
• Restrict or object to certain processing.
• Receive your personal data in a portable, machine-readable format.
• Withdraw consent at any time for processing based on consent.
• Lodge a complaint with a data protection authority.

To exercise any of these rights, email admin@abrynlabs.com. We may need to verify your identity before responding.

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

• Right to know. The categories of personal information we collected about you, the sources of that information, the business or commercial purpose for collecting it, the categories of third parties with whom we shared it, and the specific pieces we hold.
• Right to delete personal information, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information. Where we collect sensitive personal information (for example, precise geolocation), you can ask us to limit its use to what is necessary to provide the Services.
• Right against discrimination for exercising any of these rights.

You can submit a request by emailing admin@abrynlabs.com. An authorized agent may submit a request on your behalf with appropriate proof of authority.

The rights described in section 10 apply in addition to the rights granted by the EU General Data Protection Regulation, the UK General Data Protection Regulation, and the Swiss Federal Act on Data Protection.

The legal bases on which we rely are described in section 4. You have the right to lodge a complaint with your local data protection authority.

The Services are not directed to children under the age of 13 (or under the age that applies in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

Abryn Labs is based in the United States and our service providers are located in several countries. When we transfer personal information outside of your jurisdiction, we use safeguards designed to give that information an adequate level of protection, including European Commission Standard Contractual Clauses and the UK Addendum where applicable.

We may update this policy from time to time. When we do, we will revise the “Effective” date at the top of the document. If the changes are material, we will notify you in advance, for example by email or by an in-app notice. Continued use of the Services after the changes take effect means you accept the updated policy.

Questions, requests, or concerns about this policy can be sent to:

Abryn Labs LLC
Email: admin@abrynlabs.com