Typossum

Privacy Policy

How we collect, use, and protect your personal data

Last Updated: February 10, 2026

Effective Date: February 10, 2026

No AI Training

We do NOT train AI models on your data

No Data Sales

We do NOT sell your personal information

GDPR & CCPA Compliant

Full compliance with privacy regulations

Table of Contents

1. Introduction

This Privacy Policy explains how Adam Fręśko (“we,” “us,” or “our”) collects, uses, and shares your personal information when you use Typossum, including our Iphone and Android keyboard application, browser extension, and website (collectively, the “Service”).

By using the Service, you accept the practices and policies outlined in this Privacy Policy, and you consent that we will collect, use, and share your information as described herein. If you do not agree with this policy, please do not use the Service.

Data Ownership: All data transmitted through the Service is processed by Typossum to provide you with the Service. Your personal data remains your own, and you retain all rights to it, subject to the licenses you grant us to operate the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name
  • Profile photo (if provided via authentication provider)
  • Marketing preferences (whether you opt in to receive promotional communications)
  • Language and locale preferences

2.2 Message History and Local Context

When you use our AI-powered text correction features (spelling correction, clarity improvement, autocorrect), we process your text data in two ways:

A. Server-Side History:

We store a record of your corrections to enable features like viewing past corrections. This includes:

  • Original text you submitted
  • Corrected text returned by the AI
  • Timestamp and language settings

B. Local Context Buffer:

To provide the AI with better context, we temporarily store up to the last 100 recent messages locally on your device.

  • Local Storage Only: This buffer resides strictly on your device and is not transmitted to our servers or AI providers while you type.
  • Transmission on Trigger: The content of this buffer is transmitted to the AI provider only when you explicitly trigger an AI action (e.g., by pressing the “Correct” button or enabling “Live Autocorrect” mode).
  • This local buffer is overwritten as you continue typing and can be cleared by clearing your app data.
Important: When you submit text for correction, your input (and any locally stored context) is transmitted to third-party AI providers (such as Google, OpenAI, Vercel, or Anthropic) for processing. See Section 4.1 for details.

2.3 Usage Data

We collect information about how you use the Service, including:

  • Type of AI action performed (spelling fix, clarity improvement, autocorrect)
  • Input and output language settings
  • Text length
  • Token consumption for billing purposes
  • Timestamps of requests
  • AI model used for processing

2.4 Payment Information

When you purchase, or attempt to purchase, a subscription, we collect payment information through our payment processor (Stripe). We do not directly store your full credit card number. Our payment processor may collect:

  • Name
  • Email address
  • Billing address
  • Payment card information (handled securely by the payment processor)
  • Transaction data (including data from transactions that are initiated but not completed)

2.5 Technical Information

We automatically collect certain technical information, including:

  • IP address (for payment processing and fraud prevention)
  • Device type, manufacturer, and model
  • Operating system type and version
  • Browser type and version (for browser extension)
  • Screen resolution
  • App version
  • Unique device identifiers
  • Referral source (how you found us)
  • General location data (city/country level, not precise location)

2.6 Contact Information

When you contact us through our contact form, we collect:

  • Name
  • Email address
  • Subject and message content

2.7 Feedback and Support

When you provide feedback, report issues, or contact our support team, we may collect:

  • Your feedback or support request content
  • Screenshots or other files you share with us
  • Information about your device and app version to help diagnose issues

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your text through AI models and return corrected results
  • Provide message history: Store and display your correction history for your convenience
  • Manage your account: Create and maintain your user account
  • Verify your identity: Confirm your identity when you access your account or make changes
  • Process payments: Handle subscription billing and payment processing
  • Fulfill your requests: Respond to your requests for information, support, or features
  • Track usage: Maintain accurate billing records based on your usage
  • Personalize your experience: Remember your preferences and customize the Service for you
  • Improve the Service: Analyze usage patterns to improve our products (using aggregated, anonymized data)
  • Research and development: Conduct research and development to improve existing features and develop new ones
  • Communicate with you: Respond to your inquiries and send service-related notifications
  • Send transaction communications: Send confirmations, receipts, and updates about your account or purchases
  • Ensure security: Detect and prevent fraud, abuse, and security issues
  • Enforce our terms: Enforce our Terms of Service and other policies
  • Comply with legal obligations: Meet our legal and regulatory requirements

3.1 What We Do NOT Do

We do not use your data to train our own AI models. Your text submissions and message history are used solely to provide you with the correction service and maintain your personal history. We explicitly opt-out of data training with our third-party AI providers where available. However, we rely on the data governance of third parties (e.g., OpenAI, Google, Anthropic) and cannot guarantee their internal compliance. See Section 4.1 for details about our AI service providers.

We do NOT sell your personal information. Your data is never sold to third parties for marketing, advertising, or any other purpose.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 AI Service Providers

To provide text correction features, we share your submitted text and, if applicable, the immediate textual context (previous messages stored in your local context buffer) with third-party AI providers. Your text input is transmitted to these external services only upon your explicit action. We do not passively stream your keystrokes to AI providers in the background unless you have specifically enabled a “Live/Real-Time” feature.

We currently use:

We may add or change AI providers in the future to improve our Service. Any new providers will be subject to this Privacy Policy and will be listed here.

These providers process your text solely to return corrected results. Your data is shared with these providers only to provide you with the Service, not for their own training purposes. We have data processing agreements in place with these providers to protect your information.

4.2 Payment Processors

We use Stripe for payment processing.

Stripe acts as a data processor and service provider for Typossum. When you provide personal data in connection with the Service, Stripe receives that personal data and processes it in accordance with Stripe's Privacy Policy.

Fraud Detection and Analytics: Stripe collects identifying information about you and the devices that connect to its services, which includes the use of cookies and similar technologies. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics.

4.3 Infrastructure Providers

Our Service is built on:

  • Firebase (Google Cloud): For authentication, database, and backend services (Privacy Policy)
  • Vercel: For website hosting and deployment (Privacy Policy)

4.4 Affiliates

We may share your personal information with any affiliates or subsidiaries, for purposes consistent with this Privacy Policy. Currently, Typossum does not have any affiliates or subsidiaries, but this section will apply if that changes in the future.

4.5 Professional Advisors

We may share your information with professional advisors such as lawyers, accountants, and auditors where necessary for them to provide their services to us.

4.6 Legal Requirements

We may disclose your information:

  • To comply with applicable laws, regulations, legal processes, or governmental requests (including subpoenas and court orders)
  • To protect the rights, property, or safety of Typossum, our users, or the public
  • To investigate potential violations of our Terms of Service
  • To detect, prevent, or address fraud, security, or technical issues
  • To respond to lawful requests from public authorities, including law enforcement agencies

4.7 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.8 Aggregated and Anonymized Data

We may create aggregated, anonymized, or de-identified data from your information. This data cannot be used to identify you and is not considered personal information. We may use and share such data for any purpose, including research and analytics.

4.9 How We Protect Shared Data

When we share your information with third parties, we take steps to protect it:

  • We only share the minimum information necessary to provide the Service
  • We require third parties to protect your information and use it only for the purposes we specify
  • We have data processing agreements in place with our key service providers
  • We regularly review our third-party relationships and their privacy practices

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our AI providers (Google, OpenAI, Vercel, Anthropic) are located.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs): We use European Commission-approved standard contractual clauses to ensure adequate protection for your data
  • UK International Data Transfer Agreement (IDTA): For UK residents, we use the UK IDTA or UK Addendum to the EU SCCs as approved by the UK Information Commissioner's Office
  • EU-US Data Privacy Framework: Where applicable, our service providers may be certified under the EU-US Data Privacy Framework
  • UK Extension to the EU-US Data Privacy Framework: Where applicable for UK residents

When we transfer your information internationally, we apply the safeguards described above in accordance with applicable data protection laws.

6. Data Retention

We retain your information for the following periods:

Data TypeRetention Period
Message historyDuration of account + 30 days after deletion
Account informationDuration of account + 30 days after deletion
Usage data (billing records)10 years
Payment records7 years (legal requirement)
Contact form submissions10 years

Retention Justification

  • Message history (30 days post-deletion): Retained to comply with potential legal claims and tax audit requirements under Polish law, and to respond to user requests for historical data access.
  • Payment records (7 years): Required by Polish tax law (Ordynacja podatkowa) and EU VAT regulations for financial record-keeping.
  • Usage data (10 years): Retained for billing disputes, fraud prevention, and compliance with statutory limitation periods for contractual claims.

After the retention period, data is securely deleted or anonymized.

7. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the GDPR (and UK GDPR for UK residents):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at . We will respond to your request within one month, as required by GDPR. In complex cases, we may extend this period by up to an additional two months, but we will inform you of any extension within the initial one-month period.

You also have the right to lodge a complaint with your local data protection supervisory authority:

  • Poland: President of the Personal Data Protection Office (UODO)
  • United Kingdom: Information Commissioner's Office (ICO)
  • Other EU/EEA countries: Your local data protection authority

Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interests: Usage analytics, fraud prevention, service improvement
  • Legal Obligation: Retention of payment records as required by law
  • Consent: Marketing communications (where applicable)

Automated Decision-Making

We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significant effects on you. The AI text correction features process your text to provide corrections but do not make decisions about you as an individual.

8. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at . We will respond to verifiable consumer requests within 45 days, as required by CCPA. We may extend this period once by an additional 45 days if reasonably necessary.

Categories of Personal Information Collected

  • Identifiers (email address, name, IP address)
  • Commercial information (subscription and payment history)
  • Internet activity (usage data, device information)

We do not sell your personal information.

California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share your personal information with third parties for their direct marketing purposes.

8.1 Other US State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, or other US states with comprehensive privacy laws, you may have similar rights to those described for California residents, including:

  • Right to Access: Request access to personal information we have collected about you
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Data Portability: Receive your data in a portable format
  • Right to Opt-Out: Opt out of targeted advertising, sale of personal data, or profiling

We do not sell personal information or engage in targeted advertising based on personal information. We do not use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise these rights, contact us at . We will respond to verified requests within the timeframes required by applicable state law (typically 45 days, with possible extensions).

If your request is denied, you may appeal by contacting us at with the subject line “Privacy Rights Appeal.”

9. Security

We are committed to protecting the security of your personal information. We use reasonable efforts and implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption at rest (Firebase/Google Cloud)
  • Encryption in transit (HTTPS/TLS)
  • Secure authentication with httpOnly cookies
  • Access controls and authentication for our systems
  • Regular security assessments and updates

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge that you provide your personal information at your own risk.

9.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify the relevant supervisory authority within 72 hours where required by GDPR
  • Notify affected users without undue delay where required by law
  • Notify the relevant supervisory authority where required by law
  • Provide information about the nature of the breach and the data affected
  • Describe the measures taken to address the breach and mitigate potential harm
  • Provide recommendations for steps you can take to protect yourself

10. Children's Privacy

The Service is not intended for users under the age of 13, or under the higher minimum digital-consent age required in their country. In compliance with COPPA and similar laws, we do not knowingly collect personal information from children below the applicable age threshold.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at . We will take prompt steps to delete such information from our systems.

If we become aware that we have collected personal information from a child below the applicable age threshold without required consent, we will delete that information as quickly as possible.

11. Cookies

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. We use cookies to:

  • Keep you signed in to your account
  • Maintain your session security

11.2 Types of Cookies We Use

By Purpose:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Payment Security Cookies: Our payment processor (Stripe) uses cookies and similar technologies to detect fraud and ensure secure transactions during the checkout process.

By Duration:

  • Session Cookies: Temporary cookies that expire when you close your browser
  • Persistent Cookies: Remain on your device until they expire or you delete them (used for remembering your login)

We do not use advertising, tracking, or functional cookies. User preferences in the browser extension are stored in your browser's local storage, not in cookies.

11.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored
  • Delete cookies individually or all at once
  • Block third-party cookies
  • Block all cookies from specific sites

For more information about managing cookies, visit allaboutcookies.org.

Note: Disabling essential cookies may prevent you from using certain features of the Service, such as staying logged in.

12. Do Not Track

Some browsers include a “Do Not Track” (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how websites should respond to DNT signals.

Our Service does not currently respond to DNT signals. However, we do not use third-party advertising or tracking cookies, and we do not track your activity across other websites.

For more information about DNT, visit allaboutdnt.com.

13. Governing Law

This Privacy Policy and your use of the Service are governed by the laws of Poland and the European Union, without regard to conflict of law principles. For users outside the EU, your information will be processed in accordance with EU data protection standards, which are among the most protective in the world.

If you are located outside of Poland or the EU, please be aware that information we collect may be transferred to and processed in Poland and other countries where our service providers operate, subject to the safeguards described in this Privacy Policy.

14. Third-Party Links

The Service may contain links to third-party websites or services. We have no control over, do not review, and are not responsible for these external websites or their content, or any collection of your personal information after you click on links to such external websites.

The inclusion of any link does not imply endorsement by Typossum. We encourage you to read the privacy policies of any third-party websites you visit. Your use of any third-party website is at your own risk.

15. Your Choices

15.1 Account Information

You can update or correct your account information at any time by logging into your account settings. You can initiate account deletion directly from your account settings (Danger Zone). If you have an active paid subscription, deletion can be processed only after you cancel the subscription and it becomes inactive. You can also contact us at for privacy-related assistance.

15.2 Email Communications

If you receive promotional or marketing emails from us, you can opt out by:

  • Clicking the “unsubscribe” link in the email
  • Contacting us at

Please note that even if you opt out of marketing emails, we may still send you service-related communications (such as account notifications, billing updates, or security alerts).

15.3 Message History

You can view and delete your message history through the Service interface. Deleted messages are removed from your visible history but may be retained in our backup systems for a limited period before being permanently deleted.

16. Changes to This Privacy Policy

We reserve the right to change this Privacy Policy at any time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last Updated” and “Effective Date” at the top
  • Sending you an email notification (for significant changes)

Any changes to this Privacy Policy will take effect immediately upon posting, unless otherwise stated. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically for any changes.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

General Support

Data Controller

Adam Fręśko (Jednoosobowa działalność gospodarcza - Polish sole proprietorship)

Business Address

Ul. Dworcowa 18a 62-001 Golęczewo, Poland

Data Protection Officer

We have not designated a Data Protection Officer as we do not meet the threshold requirements under Article 37 of the GDPR. For any data protection inquiries, please contact .

Summary of Key Points

  • We store your message history to provide you with a record of your corrections
  • When you use AI features, your text is transmitted to third-party AI providers for processing
  • We opt-out of AI training with our providers where available, but cannot guarantee third-party compliance
  • We do NOT sell your personal information
  • We do NOT share your data for third-party marketing
  • We do NOT use automated decision-making that affects you
  • We share your data with third-party AI providers (Google, OpenAI, Vercel, Anthropic) solely to provide the correction service
  • We may share aggregated, anonymized data that cannot identify you
  • Message history and account data are retained for the duration of your account plus 30 days
  • We use only essential cookies for authentication (no advertising, tracking, or functional cookies)
  • We do not respond to Do Not Track signals, but we don't track you across other websites anyway
  • In case of a data breach, we notify authorities and users within the timelines required by law
  • This policy is governed by Polish and EU law
  • We design our privacy program to align with GDPR, CCPA/CPRA, COPPA, and other applicable privacy laws
  • The Service is not intended for children below the applicable minimum digital-consent age
  • You can opt out of marketing emails while still receiving service-related communications
  • You can request access, correction, or deletion of your data at any time by contacting