← Back to home

Privacy Policy

Last updated: February 21, 2026

Your data belongs to you, not us. We will never sell your personal information to third parties, and we will never mine your messages for advertising purposes.

What We Collect

Identity and Access

When you sign up for Parlr, we ask for your email address. We use this to create your account and send you essential product communications. If you sign in with Google OAuth, we receive your name, email, and profile photo from Google. You can set a display name and avatar — this is optional and shown to other users.

Billing Information

If you purchase a server plan, your payment details are processed directly by Stripe. We do not store your full credit card number. We retain a record of the transaction, the last four digits of your card, and your billing address for invoicing and fraud prevention.

Messages and Content

Messages you send, files you upload, and reactions you create are stored on our servers while your account is active. Messages are encrypted at rest in our database. End-to-end encryption is not currently implemented — this means our server infrastructure can technically access message content for the purposes of delivering the service.

Voice and Video

Voice and video calls are processed through LiveKit servers. We do not record or store audio or video content. Call metadata (who joined, duration) may be logged for debugging purposes.

Geolocation Data

We log your full IP address when you sign up and when you access your account. This is used for security purposes (detecting suspicious logins) and fraud prevention.

Cookies and Analytics

We use essential cookies to keep you signed in. We use PostHog to understand how the product is used (page views, feature usage). PostHog collects anonymized usage data such as pages visited and features clicked — it does not track you across other websites. We do not run third-party advertising trackers.

What We Don't Do

  • We do not sell or share your data with advertisers.
  • We do not mine your messages for targeted advertising.
  • We do not require government-issued ID to use Parlr.
  • We do not track you across other websites or services.

Third-Party Processors

We use the following services to operate Parlr. Each has access only to the data necessary to perform their function:

  • Supabase — Database, authentication, file storage, and realtime messaging infrastructure
  • Stripe — Payment processing for server plans
  • LiveKit — Voice and video call infrastructure
  • Vercel — Web application hosting
  • Cloudflare — Bot protection (Turnstile CAPTCHA)
  • PostHog — Product analytics

When We Share Your Information

We do not share your personal information with third parties except in the following circumstances:

  • To provide the service: Your messages, display name, and avatar are visible to other members of servers and DM conversations you participate in.
  • With your consent: If you ask us to share information, or if you connect a third-party service.
  • Legal requirements: If required by law, valid subpoena, or court order. We will notify you before disclosure unless legally prohibited.
  • To protect rights: If necessary to enforce our Terms of Service, protect safety, or investigate fraud.

Your Rights

We apply the following rights to all users, regardless of location:

  • Right to access: You can request a copy of the data we hold about you.
  • Right to correction: You can update your personal information through your account settings.
  • Right to deletion: You can delete your account at any time. We will remove your personal data within 60 days.
  • Right to portability: You can request an export of your data in a machine-readable format.
  • Right to object: You can object to our processing of your personal information.

Data Retention and Deletion

When you delete your account, your personal data (profile, email, avatar) is removed within 60 days. Messages you sent in servers remain visible but are disassociated from your identity. Direct messages are deleted. Backups containing your data are purged within 90 days.

Data Location

Our services operate in the United States. If you are located outside the US, your data will be transferred to and stored in the US when you use Parlr.

Security

All data in transit is encrypted via TLS. Data at rest is encrypted in our database. We use CAPTCHA protection to prevent automated abuse. Access to production systems is restricted and logged.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of Parlr after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or your data, contact us at privacy@parlr.app.

Adapted from the Basecamp open-source policies under CC BY 4.0.