Privacy Policy

Last updated: May 11, 2026

1. Who we are

This Privacy Policy explains how Topos, a product by Dialogues, collects, uses, and shares information when you use our website, hosted applications, APIs, and related services.

2. Information we collect

  • Account and profile data such as name, email, account identifiers, and authentication metadata.
  • Service data you provide, including prompts, files, records, contacts, and messages.
  • Integration data imported from authorized third-party services based on your permissions.
  • Usage and diagnostics such as logs, IP address, timestamps, and operational telemetry.
  • Support and communication details you provide when contacting us.

3. How we use information

  • Provide, maintain, and secure the services.
  • Authenticate users and manage access.
  • Import and process connected data for user-requested features.
  • Improve reliability, quality, and abuse prevention.
  • Comply with legal obligations and enforce terms.

4. Protection of sensitive data

We treat information such as account credentials, imported contacts, messages, prompts, files, integration tokens, and billing details as sensitive and apply technical and organizational measures designed to protect it.

  • Data in transit: connections between your browser or client, our websites, and our APIs use industry-standard TLS (HTTPS).
  • Access controls: we use authentication (including federated sign-in and OAuth where you connect Google or other providers), authorization checks, and logical separation of customer accounts so operational access is scoped to your tenancy.
  • Storage and infrastructure: where sensitive information is stored on systems we operate, we rely on reputable cloud infrastructure with encryption at rest where available, network isolation, least-privilege access for personnel, logging, and security monitoring intended to detect misuse or unauthorized access.
  • Retention minimization: we retain sensitive categories only as described in Sharing and retention, and you may disconnect integrations or request deletion where applicable.
  • Deployment choice: depending on how you configure Topos, you may keep certain processing on your own device or self-managed environment; in those configurations, additional protections depend on your own security practices.

5. AI services and model providers

Dialogues does not train or operate its own general-purpose foundation models. Topos is a software platform for organizing user data, permissions, and workflows.

When Topos features use AI-generated output, inference may be performed by third-party model providers. For Dialogues-hosted cloud AI features, we currently use OpenAI, LLC as a third-party AI service provider. Where supported, users may configure Topos to use local inference, self-hosted models, their own API keys, or their own model endpoints.

Data sent to AI providers is used only as needed to provide user-requested features. Topos does not use Google Contacts data to train Dialogues-owned foundation models. When data is routed to a third-party AI provider, that processing is also governed by that provider’s applicable terms and privacy policy.

6. Google user data and People API scope

If you choose to connect Google Contacts, Topos requests the following Google OAuth scope: https://www.googleapis.com/auth/contacts.readonly.

This scope allows Topos to read and download your Google Contacts after you explicitly authorize access through Google OAuth consent. Topos does not create, edit, delete, or otherwise modify your Google Contacts.

Depending on the data available in your Google Contacts account, Topos may access contact information such as names, email addresses, phone numbers, profile photos, organization details, job titles, contact identifiers, and related contact metadata.

Topos uses Google Contacts data only to provide user-requested features inside your own Topos workspace, including contact import, identity resolution, contact enrichment, deduplication, relationship context, and organizing people-related records. We do not use Google Contacts data for advertising.

Topos may use AI-powered features to help organize, summarize, classify, or enrich user-controlled workspace data. Dialogues does not operate its own general-purpose foundation model. Where AI features are enabled, Topos may use third-party AI model providers, including OpenAI, LLC, or user-configured local or self-hosted models.

Google Contacts data is not used to train Dialogues-owned foundation models. Google Contacts data is not sold. If Google Contacts data is sent to an AI model provider, it is sent only as needed to provide a user-requested feature or workflow, and that processing is subject to the provider’s applicable terms and privacy policy. Where supported, users may configure Topos to use local inference or their own model provider instead.

We protect Google user data using technical and organizational safeguards designed to prevent unauthorized access, disclosure, alteration, or misuse.

We do not sell Google user data. We do not share Google Contacts data with third parties except as necessary to provide the service, operate infrastructure, process user-requested workflows, comply with law, or protect the security and integrity of the service. Service providers and subprocessors that process data on our behalf are required to handle that data under appropriate confidentiality and security obligations.

We retain Google Contacts data only as long as needed to provide user-requested Topos features, comply with legal obligations, resolve disputes, enforce agreements, or maintain security. You may disconnect the Google integration in Topos where available, revoke Topos access from your Google Account permissions page, or request deletion of imported Google Contacts data by contacting us.

Topos's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • TLS/HTTPS encryption for data transmitted between users, Topos services, and APIs.
  • OAuth-based authorization for Google integrations.
  • Read-only access to Google Contacts using the least-privilege scope needed for the feature.
  • Logical separation of customer accounts and workspace data.
  • Access controls intended to limit operational access to authorized personnel and service processes.
  • Use of reputable cloud infrastructure with encryption at rest where available.
  • Logging, monitoring, and security controls intended to detect misuse or unauthorized access.
  • Retention limits and deletion controls as described in this Privacy Policy.

7. Sharing and retention

We may share data with service providers, subprocessors, and legal authorities when required. We do not sell personal information for monetary compensation.

We retain information only as long as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

8. Rights and choices

Depending on jurisdiction, you may have rights to access, correct, delete, export, object to, or restrict certain processing. You can also disconnect integrations and revoke OAuth access in third-party account settings.

Return to home