TamlootBack to Home

Privacy Policy

Last updated: June 15, 2026

1. Introduction

Tamloot ("we," "our," or "us") is an Israeli company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered relationship intelligence platform — built for professionals who run on conversations, including coaches, therapists, consultants, advisors, mentors, and similar practitioners.

We process personal information in accordance with the Israeli Protection of Privacy Law, 5741-1981 (including Amendment No. 13, in force since 14 August 2025) and the Protection of Privacy Regulations (Data Security), 5777-2017. Our processing is subject to oversight by the Israeli Privacy Protection Authority (PPA).

By using Tamloot, you agree to the collection and use of information in accordance with this policy.

1.1 Working with organizations

Many of our customers are organizations — such as clinics and professional practices — that use Tamloot to support the professionals who work with them. When you use Tamloot as part of such an organization, that organization is the owner of the database (the party that controls your personal data), and Tamloot acts as a holder (מחזיק) — a data processor — handling the information on the organization's behalf and in accordance with its instructions.

For these customers we enter into a written data processing agreement, as required by the Data Security Regulations. It defines the types of data and the permitted processing, the security measures we apply, confidentiality obligations, the use of sub-processors, and the return or deletion of data when the engagement ends. A data processing agreement is available to organizational customers on request.

Sensitive information: session content may include information of a sensitive nature, including health-related information. We treat such information as sensitive data under the Protection of Privacy Law and apply the heightened safeguards described in Section 6.

Rights of the people you work with: if you are someone whose professional or clinic uses Tamloot, requests to access, correct, or delete your information are made through that organization — the owner of the data — and not directly through Tamloot. Please contact them to exercise these rights.

2. Information We Collect

2.1 Information from Google Sign-In

When you sign in using Google, we receive and store the following information from your Google account:

  • Email address — Used to identify your account and send service-related communications
  • Full name — Used to personalize your experience
  • Profile picture — Used to display your avatar in the application

2.2 Google Calendar Data

If you choose to connect your Google Calendar, we request read and write access to your calendar. This connection is entirely optional — you can use Tamloot without it.

What we read:

  • Calendar events — Event titles, dates, times, and participant information for scheduled meetings
  • Meeting details — Video conferencing links (Zoom, Google Meet) associated with calendar events

What we write:

  • Session events — When you choose to sync, we create calendar events for your sessions directly in your Google Calendar

How we use Google Calendar data:

  • To display your upcoming sessions within the Tamloot dashboard
  • To automatically detect and connect to scheduled video meetings for recording
  • To help you prepare for upcoming sessions with relevant context about the people you're meeting with
  • To create session events in your calendar when you choose to sync

Important: We will never delete or modify Google Calendar events that were not created through the Tamloot app. We do not access your Google contacts or any other Google services beyond what is described above.

Revoking access: You can disconnect your Google Calendar at any time from the Settings > Integrations page in the Tamloot dashboard. You can also revoke access from your Google Account permissions page.

Google API Services User Data Policy: Tamloot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.3 Account Information

Information you provide when creating or updating your account, including your name, email address, and professional details.

2.4 Data About the People You Work With

Information about the people you work with that you enter into the platform:

  • Names
  • Contact information (email, phone)
  • Session notes and observations

Depending on your practice, this information may be of a sensitive nature — for example, health-related details. We handle it as sensitive data under the Protection of Privacy Law (see Section 6).

2.5 Session Data

Information related to your sessions:

  • Session recordings (audio/video via Zoom integration, Chrome extension, mobile app, or audio file upload)
  • Transcripts generated from recordings
  • AI-generated session summaries and notes
  • AI-generated meeting preparation notes
  • AI assistant queries and responses
  • Session dates, times, and duration

Recordings, transcripts, and notes may contain sensitive information, including health-related content, and are protected accordingly.

2.6 Usage Data

We automatically collect certain information when you use our service, including your IP address, browser type, device information, pages visited, and actions taken within the application.

2.7 Payment Information

Payment processing is handled entirely by Lemon Squeezy, our Merchant of Record. We do not store your credit card numbers or payment details. Please refer to Lemon Squeezy's Privacy Policy for information about how they handle payment data.

2.8 Chrome Extension Data

If you use our Chrome browser extension to record Google Meet or Zoom web app sessions, we collect and process the following information:

Audio Recording

  • Tab audio capture — The extension captures audio from your Google Meet or Zoom web app browser tab during recording sessions
  • Microphone audio (optional) — With your permission, the extension may also capture audio from your microphone to include your voice in the recording

Browser Permissions

The extension requires the following browser permissions to function:

  • Tab Capture — Required to record audio from your Google Meet or Zoom web app tab
  • Microphone — Optional permission to include your voice in recordings
  • Storage — Used to store your authentication state and extension settings locally in your browser
  • Tabs — Used to detect when you are on a supported meeting page
  • Offscreen — Required for audio processing in compliance with Chrome's Manifest V3 requirements

Host Permissions

The extension only operates on Google Meet (meet.google.com) and Zoom web app (app.zoom.us) pages. It does not access or collect data from any other websites you visit.

Local Data Storage

During recording, audio data is temporarily stored in your browser's local storage (IndexedDB) before being securely uploaded to our servers for transcription. This temporary data is automatically cleared after successful upload.

Data Transmission

Audio recordings are transmitted securely over HTTPS to our servers, where they are processed for transcription and AI-generated summaries as described in Section 2.5 (Session Data). We do not sell, share, or use your recordings for advertising purposes.

3. How We Use Your Information

We use the information we collect, for the purposes for which it was provided, to:

  • Provide, maintain, and improve our services
  • Process session recordings and generate AI-powered notes and summaries
  • Authenticate your identity and manage your account
  • Send you service-related communications (account notifications, updates, security alerts)
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve our platform
  • Comply with legal obligations

Where you use Tamloot through an organization, we process the information only as instructed by that organization under our data processing agreement, and we do not use it for our own independent purposes.

4. How We Do NOT Use Your Information

We are committed to protecting your data. We do NOT:

  • Sell your data — We will never sell your personal information or data about the people you work with to third parties
  • Train AI models on your data — Your conversations, transcripts, and notes are never used to train AI models
  • Use your data for advertising — We do not use your information for targeted advertising, retargeting, or interest-based advertising
  • Share data with data brokers — We do not transfer your information to data brokers or advertising platforms
  • Use Google data beyond stated purposes — Information received from Google (Sign-In and Calendar) is only used as described in Section 2 of this policy. We do not share your Google Calendar data with third parties or use it for advertising. We will never delete or modify calendar events that were not created through Tamloot

5. Data Sharing and Sub-processors

We share your information only with the following third parties, solely to provide our services. These providers act as our sub-processors: they are engaged under contractual data-protection terms and may use the information only to provide services to us. Several of them operate outside Israel — see Section 10 (International Data Transfers).

5.1 Sub-processors

  • Google — Authentication (Google Sign-In) and calendar integration (read and write access to calendar events). Privacy Policy
  • Supabase — Database hosting and authentication infrastructure. Privacy Policy
  • Lemon Squeezy — Payment processing (Merchant of Record). Privacy Policy
  • Zoom — Video conferencing and recording integration. Privacy Policy
  • ElevenLabs — Speech-to-text transcription services. Privacy Policy
  • Anthropic (Claude AI) — Third-party AI provider used to generate session notes, meeting preparation summaries, and power the in-app AI chat assistant. Data shared: session transcripts (text generated from recordings) and messages typed in the AI chat assistant are sent to Anthropic for processing. Your data is used solely to provide these features and is never used to train AI models. Anthropic maintains industry-standard security practices and provides data protection equivalent to our own standards. Privacy Policy
  • Amazon Web Services (AWS) — Cloud infrastructure, audio file storage, and compute. Privacy Policy
  • Recall.ai — Desktop meeting recording technology. Privacy Policy
  • Hookdeck — Webhook routing and delivery infrastructure. Privacy Policy

5.2 Legal Requirements

We may disclose your information if required by Israeli law, a court order, or a competent authority (including the Privacy Protection Authority), or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, in line with the Protection of Privacy Regulations (Data Security), 5777-2017:

  • Encryption in transit — All data transmitted to and from our servers is encrypted using TLS/SSL
  • Encryption at rest — Data stored in our databases is encrypted
  • Access controls — We use role-based access controls and Row Level Security so that you can only access your own data
  • Handling of sensitive data — Information of a sensitive nature, including health-related content, is classified and protected under the heightened requirements of the Data Security Regulations
  • Secure infrastructure — Our services are hosted on industry-leading cloud infrastructure with robust security practices
  • Agreements with sub-processors — We maintain data-protection agreements with the sub-processors that handle personal information on our behalf
  • Audit logging — Access to sensitive data is logged and monitored
  • Ongoing review — We periodically review our security practices and assess risks to personal data

Breach notification: in the event of a severe security incident, we will notify the Israeli Privacy Protection Authority as required by law, and will notify the affected organizational owner and/or affected individuals where directed to do so.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information as follows:

  • Account data — Retained while your account is active and for 30 days after account deletion to allow for recovery
  • Session data and data about the people you work with — Retained until you delete it or close your account
  • Session recordings — Retained according to your account settings or until you delete them
  • Usage logs — Retained for up to 12 months for security and analytics purposes
  • Records kept for legal reasons — Some records are retained for longer where needed to meet security, legal, or accounting obligations under Israeli law

Where you use Tamloot through an organization, retention follows the organization's instructions and our data processing agreement. After the applicable retention period, your data is securely deleted from our systems.

8. Your Rights

Under the Israeli Protection of Privacy Law you have the following rights regarding your personal information:

  • Access — Request to review the personal information we hold about you (Section 13 of the Law)
  • Correction and deletion — Request that information that is inaccurate, incomplete, unclear, or out of date be corrected or deleted (Section 14 of the Law)
  • Direct mailing — Request to be removed from any direct-mailing list

As a matter of practice, we will also honor reasonable requests to receive a copy of your data in a portable format, and to withdraw consent for or object to certain processing, to the extent this does not conflict with our legal obligations.

If you use Tamloot through an organization that owns your data, please exercise these rights through that organization. Otherwise, contact us at contact@tamloot.cc. You also have the right to lodge a complaint with the Israeli Privacy Protection Authority.

9. Children's Privacy

Our service is intended for professionals — coaches, therapists, consultants, advisors, and similar practitioners — and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Some of our sub-processors operate outside Israel — specifically in the United States and the European Union — for cloud infrastructure, AI processing, transcription, and payment services. Where we transfer personal information outside Israel, we do so in accordance with the Protection of Privacy Regulations (Transfer of Data to Databases Abroad), 5761-2001. Transfers to the European Union / EEA rely on its recognition as providing an adequate level of protection; transfers to other countries, including the United States, are made subject to contractual undertakings requiring the recipient to protect the information to a standard consistent with Israeli law and not to make unauthorized onward transfers. By using our service, you are informed of and consent to these transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website prior to the change becoming effective. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: contact@tamloot.cc

Supervisory authority: you may also contact or lodge a complaint with the Israeli Privacy Protection Authority (PPA).

Governing Law: This Privacy Policy is governed by the laws of the State of Israel.