TANPAN.AI
Log in

Privacy Policy

Last Updated: March 20, 2026

Welcome to TANPAN.AI ("we," "us," or "our"). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered negotiation coaching platform at tanpan.ai (the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect information through your chosen authentication method:

  • Google OAuth: name, email address, and profile picture as provided by Google.
  • Email Magic Link: your email address.

1.2 Meeting Data

To provide our core AI coaching service, we collect meeting-related data that you create or upload:

  • Meeting titles, backgrounds, objectives, and agenda items
  • Attendee information (names, titles, organizations, roles, notes)
  • File attachments uploaded for AI analysis

1.3 Audio and Screen Recordings

When you use our recording features during live meetings, we collect:

  • Audio recordings captured via your microphone
  • Screen recordings captured via screen share

All recordings are stored on Cloudflare R2 object storage. Recordings are initiated solely by you and are never captured without your explicit action.

1.4 Real-Time Transcripts

When you enable live subtitles, your audio is processed through Microsoft Azure AI Speech (using ConversationTranscriber with speaker diarization) to produce real-time speech-to-text transcripts with speaker identification. Transcripts are stored alongside your meeting data.

1.5 AI-Generated Content

We use Google Gemini 2.5 Flash to generate AI-powered content based on your meeting data, including:

  • Pre-meeting negotiation strategies and opponent analysis
  • Real-time coaching suggestions during live meetings
  • Post-meeting analysis: goal achievement scores, summaries, action items, and counterpart analysis
  • Document analysis of uploaded attachments

1.6 Team Data

If you use our team features, we collect:

  • Team membership and roles (owner, admin, member, viewer)
  • Team annotations and highlights on shared meetings
  • Team invitation records

1.7 Payment Information

Payments are processed by Paddle (Paddle.com Market Limited), which acts as our Merchant of Record. Paddle collects and processes your payment details directly. We do NOT store your credit card numbers or full payment details. We only receive transaction confirmations, subscription status, and invoice data from Paddle.

1.8 Usage Data

We automatically collect information about how you interact with the Service:

  • Credit consumption and transaction history
  • Session and authentication data
  • Feature usage patterns (e.g., recording duration, AI analysis requests)

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: deliver AI-powered meeting coaching, including pre-meeting strategy, live transcription and coaching, and post-meeting analysis.
  • Process payments: manage subscriptions and credit purchases via Paddle.
  • Communicate with you: send transactional emails via Resend, including magic link authentication, team invitations, and service notifications.
  • Improve the Service: analyze usage patterns and feedback to enhance features and user experience. You may opt out of having your data used for AI model improvement by contacting us at support@tanpan.ai.
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations: meet applicable legal, regulatory, and tax requirements.

3. Third-Party Services & Data Processors

We share your data with the following third-party service providers who act as data processors on our behalf. Each provider processes data only as necessary to deliver their specific service:

Provider Purpose Data Processed
Paddle (Netherlands) Payment processing, Merchant of Record Payment details, billing info, transaction records
Google Cloud / Gemini AI AI strategy analysis, coaching, post-meeting analysis Meeting data, transcripts, attendee info (anonymized where possible)
Microsoft Azure AI Speech Real-time speech-to-text, speaker diarization Audio streams during live meetings
Cloudflare R2 File storage Audio/screen recordings, file attachments
Neon (PostgreSQL) Database hosting All account and meeting data
Resend Transactional email delivery Email addresses, message content
Vercel Application hosting Request logs, performance metrics
Google OAuth Authentication Name, email, profile picture

We require all third-party processors to handle your data in accordance with applicable data protection laws and our contractual obligations.

4. Data Storage & Security

We implement appropriate technical and organizational measures to protect your data:

  • Database: hosted on Neon PostgreSQL in the Singapore region, with automated backups and encryption at rest.
  • File storage: Cloudflare R2 with server-side encryption.
  • Encryption in transit: all data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
  • Authentication: session-based authentication with secure, HTTP-only cookies. Passwords are never stored (we use OAuth and magic link authentication only).
  • Access control: role-based access controls for team features; strict internal access policies for our staff.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Your Rights

5.1 Rights Under the GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: request that we limit how we use your data.
  • Right to object: object to our processing of your data, including for direct marketing or AI model improvement.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent.

5.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to delete: request deletion of your personal information.
  • Right to opt out of sale: we do NOT sell your personal information to third parties.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

5.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@tanpan.ai. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

6. Cookies

We use a minimal set of cookies that are essential for the operation of the Service:

  • Session cookies (NextAuth): used to maintain your authenticated session. These are secure, HTTP-only cookies that expire when your session ends or after a set period.
  • Locale preference cookie (NEXT_LOCALE): stores your preferred language setting (e.g., en, zh-TW, zh-CN, ja, ko) for a consistent experience across visits.

We do not currently use any third-party tracking cookies, advertising cookies, or analytics cookies. If this changes in the future, we will update this policy and seek your consent where required.

7. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account data: retained for as long as your account is active. Upon account deletion request, we will delete or anonymize your data within 30 days, except where retention is required by law.
  • Recordings: retained according to your subscription plan:
    • Free plan: 7 days
    • Pro plan: 90 days
    • Team plan: 365 days
    After the retention period, recordings are automatically deleted from Cloudflare R2.
  • Transcripts: retained alongside meeting data for the duration of your account.
  • AI-generated content: retained alongside meeting data for the duration of your account.
  • Payment records: retained as required by applicable tax and financial regulations (typically 5–7 years).
  • Usage logs: retained for up to 12 months for security and operational purposes.

8. International Data Transfers

TANPAN.AI is operated from Taiwan (R.O.C.). Your data may be processed in various regions depending on the cloud service providers involved:

  • Database hosting: Singapore (Neon PostgreSQL)
  • AI processing: regions operated by Google Cloud and Microsoft Azure
  • File storage: Cloudflare R2 global network
  • Payment processing: Netherlands (Paddle)

Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required under GDPR, and data processing agreements with all third-party providers.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@tanpan.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify you via email or a prominent notice on the Service for significant changes.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.