Back to Reconnect

Privacy Policy

Last updated: March 4, 2026

1. Overview

ReconnectMeNow ("we," "us," "our") operates the website reconnectmenow.com and related services (collectively, the "Service"). We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains what data we collect, how we use it, where it is stored, who we share it with, and what rights you have over it.

This policy applies to all users of the Service worldwide, regardless of location. Where local law grants you additional rights (for example, the GDPR in the European Economic Area, the CCPA/CPRA in California, or the DPDP Act in India), those rights are described in dedicated sections below.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. Data We Collect

2.1 Account Information

  • Email address (collected and managed by Clerk, our authentication provider)
  • Display name (optional, provided by you)
  • Authentication tokens and session identifiers (managed by Clerk)
  • Subscription tier and billing status

2.2 Clone Data (Uploaded by You)

  • Chat histories — text messages exported from messaging platforms (WhatsApp, Instagram, Telegram, SMS, etc.) that you voluntarily upload to create an AI Clone
  • Voice samples — audio recordings you upload for voice cloning. See Section 2.6 (Biometric Data) below.
  • Photographs — images you upload for avatar display and future video generation

2.3 Generated Data

  • AI-generated text responses produced during chat conversations
  • AI-generated voice audio files (text-to-speech output)
  • Personality profiles and writing style analyses derived from uploaded chat histories
  • Vector embeddings of chat memories (numerical representations stored in our database)

2.4 Usage Data

  • Message counts (daily text messages, monthly voice messages) used for tier limit enforcement
  • Billing and payment records (subscription events, payment amounts, plan changes)
  • Feature interaction patterns (e.g., which features you use, session frequency)

2.5 Technical Data

  • IP address (hashed for anonymization; we do not store raw IP addresses)
  • User agent string (browser type and version)
  • Device type (desktop, mobile, tablet)
  • Referring URL and pages visited within the Service
  • Timestamps of requests

2.6 Biometric Data

Voice samples you upload are classified as biometric data under certain laws, including the Illinois Biometric Information Privacy Act (BIPA) and the EU General Data Protection Regulation (GDPR Article 9, "special categories of personal data"). We treat all voice samples and derived voiceprints with the highest level of care.

  • Voice samples are uploaded voluntarily by you for the sole purpose of creating a voice clone of a person you specify.
  • Voice samples are transmitted to our voice processing provider over encrypted channels for processing.
  • We do not use voice samples for any purpose other than voice cloning within the Service.
  • We do not sell, lease, trade, or otherwise profit from biometric data.
  • See Section 16 (BIPA Notice) for full biometric data disclosures required by Illinois law.

3. How We Use Your Data

The following table describes how we use each category of data, along with the legal basis under the GDPR where applicable:

Data TypePurposeLegal Basis (GDPR)
Chat historiesAnalyzed to build personality profiles, generate vector embeddings, and produce AI responses that reflect the Clone's communication styleConsent (Art. 6(1)(a))
Voice samples (biometric)Transmitted to our voice processing provider to create a voice clone; used for text-to-speech synthesis of AI responsesExplicit consent (Art. 9(2)(a))
PhotographsAvatar display within conversations and future video generationConsent (Art. 6(1)(a))
Account informationAuthentication, billing, subscription management, support communicationContractual necessity (Art. 6(1)(b))
Generated dataDelivering AI chat responses, playing back voice messages, improving Clone accuracy over timeContractual necessity (Art. 6(1)(b))
Usage dataEnforcing tier limits, billing, improving service quality and reliabilityLegitimate interest (Art. 6(1)(f))
Technical dataSecurity monitoring, abuse prevention, debugging, performance optimizationLegitimate interest (Art. 6(1)(f))

4. Data Storage & Encryption

  • All user data is stored on our own self-hosted servers. We do not use third-party cloud storage providers (such as AWS S3 or Google Cloud Storage) for your uploaded files.
  • Encryption at rest: All uploaded files (voice samples, chat exports, photographs) are encrypted using AES-256 encryption on our servers.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS 1.2+ (HTTPS). Communication between our servers and third-party APIs also uses TLS/HTTPS.
  • Database: Records are stored in a self-hosted PostgreSQL 16 database with pgvector extension for embeddings. Database access is restricted to internal connections only (no external network access).
  • Backups: Automated daily backups are performed and stored encrypted on the same server. Backups are retained for 30 days and then permanently deleted.

5. Third-Party Data Processors

We use the following third-party services to provide the Service. Your data is shared with these providers only as necessary for the Service to function. Each provider processes data under their own privacy policy. We act as a data controller (under the GDPR) and a business (under the CCPA/CPRA).

ProviderPurposeData SharedProcessing LocationRetentionPrivacy Policy
Third-party AI text generation providerAI chat responses for non-Latin script languagesChat text, personality contextUnited StatesNot retained for API usageAvailable upon request
Third-party AI text generation and transcription providerAI chat responses, personality analysis, speech-to-text transcription, embeddingsChat text, voice transcriptions, text for embeddingUnited States30 days (API data retention policy)Available upon request
Third-party voice synthesis providerVoice cloning and text-to-speech synthesisVoice audio samples, text for synthesisUnited States / EUUp to 3 years (voice models)Available upon request
ClerkUser authentication and session managementEmail address, display name, session tokensUnited StatesAccount lifetimeclerk.com/legal/privacy
RazorpayPayment processing and subscription billingPayment details (processed by Razorpay directly; we never see or store full card numbers)IndiaAs required by financial regulationsrazorpay.com/privacy
CloudflareCDN, DNS, DDoS protection, SSL terminationIP addresses (processed transiently), request metadataGlobal edge networkTransient (not stored long-term)cloudflare.com/privacypolicy

Important: We do not sell, share, or provide your personal data to any third party for advertising, marketing, or AI model training purposes. The third-party services listed above receive data solely to perform the specific functions described.

6. Data Flow

Here is how your data moves through the system, step by step:

  1. Upload: You upload chat histories, voice samples, or photographs through your browser. All data is encrypted in transit via HTTPS/TLS.
  2. Storage: Uploaded files are encrypted with AES-256 and stored on our self-hosted servers in Los Angeles, California, USA.
  3. Personality Building: Chat histories are processed by our AI pipeline (using our AI providers) to generate a personality profile and vector embeddings. These are stored in our PostgreSQL database.
  4. Voice Clone Creation: Voice samples are sent to our voice processing provider over an encrypted connection to create a voice model. The voice model is stored on our voice processing provider's servers and referenced by an ID in our database.
  5. Chat Interaction: When you send a message, the text plus relevant memory embeddings are sent to the AI provider. The AI response is returned to our server, stored in our database, and delivered to your browser.
  6. Voice Synthesis: If voice is enabled, the AI response text is sent to our voice processing provider for speech synthesis. The resulting audio file is stored encrypted on our server and streamed to your browser.
  7. Deletion: When you delete a Clone, all associated data (files, database records, embeddings, and the voice model stored with our voice processing provider) is removed. See Section 8 for details.

7. Your Rights

Regardless of where you are located, we grant all users the following rights over their personal data:

  • Right to Access: You may view all data associated with your account at any time through the Service dashboard.
  • Right to Delete: You may delete any Clone and all its associated data at any time through the Service. You may also request full account deletion.
  • Right to Export: You may request a copy of your data in a portable format by contacting us.
  • Right to Rectify: You may update or correct your account information at any time.
  • Right to Object: You may contact us to object to specific types of data processing.
  • Right to Restrict Processing: You may request that we limit how we process your data while a concern is being resolved.
  • Right to Data Portability: You may request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner where required by applicable law).

8. Data Deletion

We believe in honest disclosure about what happens when you delete data:

What Is Deleted Immediately

  • Clone personality profiles, conversation history, and all messages
  • Uploaded chat history files, photographs, and voice sample files from our servers
  • Vector embeddings associated with the Clone
  • The voice model registered with our voice processing provider (deleted via API call)
  • Usage records tied to the Clone

What Cannot Be Immediately or Fully Deleted

  • Encrypted backups: Our automated daily backups may contain copies of your data. Backups rotate on a 30-day cycle, meaning your data will be fully purged from backups within 30 days of deletion.
  • Third-party retention: Data previously sent to third-party processors is subject to their retention policies:
    • Our AI providers may retain API data for up to 30 days per their data retention policies
    • Our voice processing provider may retain voice data per their retention policy (up to 3 years for voice models, though we request deletion via API)
    • Razorpay retains payment records as required by financial regulations
    • Clerk retains account data until the account is deleted from their platform
  • Aggregated analytics: Anonymized, aggregated usage statistics (which cannot be linked back to any individual) may be retained indefinitely.

Account Deletion

To delete your entire account and all associated data, contact us at [email protected]. We will process your request within 30 days. Account deletion removes all Clones, conversations, uploaded files, and account records from our systems (subject to the backup rotation and third-party retention limitations described above).

9. Cookies & Tracking

We use essential cookies only. We do not use advertising cookies, third-party trackers, or cross-site tracking technologies.

Cookie NameProviderPurposeDuration
__sessionClerkAuthentication session tokenSession (expires on browser close or after inactivity)
__client_uatClerkClient-side authentication stateSession
__cf_bmCloudflareBot management and DDoS protection30 minutes

We do not use:

  • Google Analytics or any advertising analytics platform
  • Facebook Pixel, TikTok Pixel, or similar tracking pixels
  • Cross-site tracking cookies
  • Fingerprinting technologies

10. Data Security

We implement the following security measures to protect your data:

  • AES-256 encryption at rest for all uploaded user files (voice samples, chat exports, photographs)
  • TLS 1.2+ encryption in transit for all connections between your browser and our servers, and between our servers and third-party APIs
  • SSH key-based server access only — password authentication is disabled on all servers
  • Firewall (UFW) restricting inbound connections to SSH (port 22), HTTP (port 80), and HTTPS (port 443) only. Database ports are not exposed to the public internet.
  • Automated daily backups with 30-day rotation and encrypted storage
  • Regular security updates for all server software and dependencies
  • Cloudflare DDoS protection and SSL termination at the edge
  • No shared hosting — our application runs on a dedicated server, not shared infrastructure

While we take extensive measures to protect your data, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We have a zero-tolerance policy regarding minors:

  • COPPA (United States): We do not knowingly collect personal information from children under the age of 13. If we discover that a child under 13 has provided us with personal data, we will delete it immediately.
  • GDPR (European Economic Area): For users aged 13 to 16 in EEA countries, parental or guardian consent is required. We do not knowingly process data of anyone under 16 in the EEA without verified parental consent.
  • All users must confirm they are at least 18 years old during the account creation process (via our Terms & Conditions consent flow).

If you believe a minor has created an account or used the Service, please contact us immediately at [email protected] and we will delete their data and terminate their account.

12. International Users

Our servers are located in Los Angeles, California, United States. If you access the Service from outside the United States, your data will be transferred to and processed on servers located in the United States.

By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where required by the GDPR. See Section 13 for more details on cross-border transfer mechanisms.

13. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional information applies to you under the General Data Protection Regulation (GDPR):

13.1 Data Controller

ReconnectMeNow is the data controller for the personal data we collect and process. For questions about our data practices, contact our designated Data Protection contact at [email protected].

13.2 Legal Basis for Processing

Data TypeLegal BasisDetails
Account informationContractual necessity (Art. 6(1)(b))Required to provide the Service and manage your subscription
Chat histories (uploaded)Consent (Art. 6(1)(a))You voluntarily upload chat data; consent obtained during clone creation
Voice samples (biometric)Explicit consent (Art. 9(2)(a))Special category data; explicit consent obtained before upload
PhotographsConsent (Art. 6(1)(a))You voluntarily upload photographs for avatar creation
Generated data (AI responses, voice audio, embeddings)Contractual necessity (Art. 6(1)(b))Generated as part of delivering the core Service functionality
Usage dataLegitimate interest (Art. 6(1)(f))Necessary for billing, tier enforcement, and service improvement
Technical dataLegitimate interest (Art. 6(1)(f))Necessary for security, abuse prevention, and debugging

13.3 Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Art. 18): Request that we limit processing of your data while a concern is being addressed.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interest or direct marketing.
  • Rights Related to Automated Decision-Making (Art. 22): You have the right not to be subject to decisions based solely on automated processing. See Section 19.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.

13.4 Cross-Border Data Transfers

Your data is transferred to and stored on servers in the United States (Los Angeles, California). For transfers from the EEA/UK to the US, we rely on:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable to our third-party processors
  • Your explicit consent to the transfer, obtained during account creation and Terms acceptance

13.5 Data Retention Schedule

See Section 18 for our comprehensive data retention schedule.

14. CCPA/CPRA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights regarding your personal information.

14.1 Categories of Personal Information Collected

  • Identifiers: Email address, display name, IP address (hashed), account identifiers
  • Biometric information: Voice samples and derived voiceprints
  • Internet or electronic network activity: Browser type, pages visited, interaction data
  • Audio, electronic, or visual information: Voice recordings, photographs
  • Professional or employment-related information: Not collected
  • Inferences: Personality profiles and behavioral patterns derived from uploaded chat data
  • Sensitive personal information: Voice samples (biometric data)

14.2 "Do Not Sell My Personal Information"

We do NOT sell, share, or disclose your personal information to third parties for monetary or other valuable consideration. We have never sold personal information and have no plans to do so. Because we do not sell personal information, there is no need to opt out. However, if you wish to confirm this in writing, you may email [email protected].

14.3 Your CCPA/CPRA Rights

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: Not applicable, as we do not sell or share personal information.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of your sensitive personal information (including biometric data) to purposes necessary for providing the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

14.4 How to Exercise Your Rights

To submit a request, email [email protected] with the subject line "CCPA Request." We will verify your identity using your account email address and respond within 45 days.

15. India DPDP Act Compliance

If you are a resident of India, the Digital Personal Data Protection (DPDP) Act, 2023, grants you additional rights as a Data Principal:

  • Purpose Limitation: We process your personal data only for the specific purposes described in this Privacy Policy. We do not process data beyond what is necessary for these purposes.
  • Consent: We obtain your consent before collecting and processing your personal data. You may withdraw consent at any time by deleting your Clones or contacting us.
  • Right to Access: You may request a summary of all personal data we process about you and the processing activities undertaken.
  • Right to Correction and Erasure: You may request correction of inaccurate data or erasure of data that is no longer necessary for the purpose for which it was collected.
  • Right to Grievance Redressal: You may raise any concerns about how we process your data.
  • Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.

For grievances or to exercise your rights under the DPDP Act, contact our Grievance Officer at [email protected]. We will acknowledge your request within 48 hours and resolve it within 30 days.

16. Biometric Data Processing (BIPA Notice)

This section constitutes our written notice as required by the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.):

  • Biometric data collected: Voice samples (audio recordings) and voiceprints (mathematical representations of voice characteristics derived from those samples).
  • Purpose: Voice samples are collected for the sole purpose of creating a voice clone via our voice processing provider's API, enabling text-to-speech synthesis that mimics the voice characteristics of the person you are recreating.
  • Duration of storage: Voice samples and voiceprints are retained on our servers for as long as the associated Clone exists in your account. Upon deletion of the Clone or your account, biometric data is deleted from our servers and a deletion request is sent to our voice processing provider.
  • Destruction schedule: When you delete a Clone, voice samples are deleted from our servers immediately (with backup purge within 30 days). We issue a delete request to our voice processing provider via their API to remove the voice model. Our voice processing provider's own retention policy governs when the data is fully purged from their systems.
  • Third-party access: Biometric data is shared only with our voice processing provider for the purpose of voice cloning and synthesis. No other third party receives biometric data.
  • No sale or profit: We will NOT sell, lease, trade, or otherwise profit from your biometric data. Biometric data is never used for advertising, marketing, or any purpose unrelated to the Service.

By uploading voice samples and proceeding with voice clone creation, you provide informed written consent (via the electronic consent mechanism in the Service) to the collection, use, and storage of your biometric data as described above.

17. US Server Jurisdiction Disclosure

Our servers are physically located in Los Angeles, California, United States, hosted by Namecheap. As such, all data stored on our servers is subject to:

  • United States federal law, including the Electronic Communications Privacy Act (ECPA), the CLOUD Act, and the Stored Communications Act (SCA)
  • California state law, including the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

Under these laws, US government agencies may in certain circumstances request access to data stored on our servers pursuant to lawful legal process (such as warrants, subpoenas, or court orders). We will comply with valid legal requests but will notify affected users where legally permitted to do so.

For international users: By using the Service, you acknowledge that your data is transferred to, stored in, and processed in the United States, and is subject to US jurisdiction. If you are located in the EEA, see Section 13.4 for information about cross-border transfer safeguards.

18. Data Retention Schedule

The following table outlines how long we retain each type of data and the reason for that retention period:

Data TypeRetention PeriodReason
Account informationLifetime of account + 30 days after deletionRequired for Service operation; grace period for backup rotation
Chat histories (uploaded files)Until Clone is deletedRequired for personality building and Clone accuracy
Voice samplesUntil Clone is deletedRequired for voice cloning functionality
PhotographsUntil Clone is deletedRequired for avatar display
AI-generated responsesUntil conversation or Clone is deletedChat history feature
Voice audio (generated)Until conversation or Clone is deletedVoice message playback feature
Personality profilesUntil Clone is deletedCore Clone functionality
Vector embeddingsUntil Clone is deletedMemory retrieval for contextual conversations
Usage recordsRolling daily/monthly counters; historical records for 12 monthsTier limit enforcement and billing accuracy
Payment records7 years after transactionLegal and financial compliance requirements
Technical/server logs90 daysSecurity monitoring and debugging
Encrypted backups30-day rolling cycleDisaster recovery

19. Automated Decision-Making

In accordance with GDPR Article 22, we disclose the following automated decision-making processes:

  • Personality Profile Generation: When you upload chat histories, our AI system automatically analyzes the text to build a personality profile for your Clone. This is an automated process that determines how the AI Clone communicates (tone, vocabulary, speech patterns, topics of interest). No human reviews the chat data during this process.
  • Memory Embedding: Chat messages are automatically converted into vector embeddings (numerical representations) and stored in our database. These embeddings are used to retrieve relevant context during conversations, which influences the content of AI responses.
  • Language-Based Model Selection: Our system automatically detects the script/language of incoming messages and routes them to the most suitable AI model (using different AI language models optimized for different scripts). This is a fully automated decision.
  • Usage Limit Enforcement: Message and voice usage counts are automatically tracked and enforced against your subscription tier limits.

Your rights: You have the right to contest any automated decision, request human review, and express your point of view. To do so, contact [email protected].

20. Data Breach Notification

In the event of a personal data breach, we will follow these procedures:

  • Detection & Assessment: Upon discovering a potential breach, we will immediately assess the scope, severity, and types of data affected.
  • Regulatory Notification (within 72 hours): In compliance with GDPR Article 33, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that poses a risk to individuals' rights and freedoms.
  • User Notification: If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay via:
    • Email to your registered email address
    • In-app notification banner
  • Notification contents: Our breach notification will include:
    • A description of the nature of the breach
    • The categories and approximate number of individuals affected
    • The types of data involved
    • Likely consequences of the breach
    • Measures taken or proposed to address the breach
    • Contact information for further questions
  • Mitigation: We will take immediate steps to contain the breach, remediate the vulnerability, and prevent recurrence.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Minor changes: For non-material changes (typo corrections, formatting), we will update the "Last updated" date at the top of this page.
  • Material changes: For material changes that affect how your data is collected, used, or shared, we will:
    • Notify you via email at least 30 days before the changes take effect
    • Display a prominent notice within the Service
    • Where required by law, request your re-acceptance of the updated policy before continuing to use the Service

Your continued use of the Service after a policy update constitutes acceptance of the revised terms (except where re-acceptance is explicitly required).

22. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your data is handled, you can reach us at:

We aim to respond to all inquiries within 30 days. For GDPR-related requests from EEA residents, we will respond within the legally required timeframe.

Trust Summary

AES-256 encrypted at rest, TLS in transit
Delete anytime — we remove your data
We never sell, share, or trade your data
Self-hosted servers — no third-party cloud storage