International Data Transfer Statement

Effective Date: 1 January 2025
Last Updated: 27 November 2025

​

This International Data Transfer Statement explains how PPLST Tech Private Limited (“we,” “our,” “us”) handles the transfer of personal data across borders when you use ProTalkie (“the App”).

​

Because ProTalkie is a global service, your information may be processed in countries outside your own, including regions that may have different data protection laws.

​

We are committed to ensuring that all international transfers comply with GDPR, UK GDPR, India’s DPDP Act, and other applicable laws.

1. Where Your Data Is Processed

​

ProTalkie stores and processes data in the following regions:

​

1.1 United States (Firebase)

Used for:

• Authentication

• Analytics

• Crash logs

• Backend infrastructure services

​

1.2 Asia-South (AWS Region)

Used for:

• Storing encrypted message media (voice notes, photos, videos, files)

• Storing certain device metadata

​

1.3 Other Regions (Push Delivery)

Message notifications are handled by:

• Firebase Cloud Messaging (Google – global infrastructure)

• Apple Push Notification Service (Apple – global infrastructure)

Push notifications may traverse servers located outside your region.

​

2. End-to-End Encryption and International Transfers

​

All message content (voice notes, photos, videos, text) is end-to-end encrypted (E2EE).

This means:

• Content is encrypted on your device

• We cannot access, read, or view message content

• Decryption happens only on recipients’ devices

Even when message data travels internationally or is stored on servers outside your country, the content remains unreadable to everyone except you and your recipients.

Only limited metadata may be stored in plaintext (e.g., timestamps).

​

3. Legal Basis for Transfers (GDPR / UK GDPR)

​

For users in the EU/EEA and UK, data transfers outside your region rely on:

​

3.1 Standard Contractual Clauses (SCCs)

We use SCCs approved by the European Commission for transfers to:

• United States

• India / Asia-South regions

These clauses ensure data is protected to EU standards.

​

3.2 Additional Safeguards

We apply:

• Strong encryption (including E2EE)

• Access controls

• Minimization of collected data

• Zero advertising tracking

• Secure TLS transmission

• Strict contractual obligations with service providers

​

3.3 Legitimate Interest / Performance of Contract

Transfers are necessary to:

• Deliver messages

• Operate accounts

• Provide cloud services

• Maintain app security

​

4. India Users & International Transfers (DPDP Act)

Under India’s Digital Personal Data Protection Act (DPDP):

• Personal data may be transferred internationally except to restricted countries (if applicable).

• Transfers comply with contractual protections, encryption safeguards, and strict processing limitations.

We ensure your personal data is handled with the same level of protection regardless of where it is processed.

​

5. United States Users (Federal + CPRA Standards)

We do not sell or share personal information.
Transfers to other regions occur only to:

• Deliver your messages

• Store your data securely

• Provide app functionality

All transfers comply with:

• CPRA security standards

• Contractual limitations

• Encryption safeguards

​

6. Brazil Users (LGPD)

Transfers outside Brazil follow:

• International transfer rules under the LGPD

• SCC-equivalent contractual clauses

• Encryption and security best practices

​

7. Categories of Personal Data That May Be Transferred