Last updated: March 25, 2026
This Privacy Policy explains how TalkToCRM, operated by TwoFeetUp Studio B.V., collects, uses, stores, and protects your personal data. TalkToCRM is a B2B SaaS platform that helps sales professionals record conversations, generate AI-powered summaries, and sync structured notes to their CRM.
This policy applies to all users of our platform, including account holders, organization members, and visitors to our website.
TwoFeetUp Studio B.V.
Ruimtevaart 22-24, 3824 MX Amersfoort
KvK (Chamber of Commerce): 97804770
BTW: NL868239392B01
Email: [email protected]
Website: www.twofeetup.com
TwoFeetUp Studio B.V. acts as a data controller for account and usage data, and as a data processor for conversation recordings, transcripts, and CRM sync data processed on behalf of customer organizations.
When you create an account, we collect:
When you use our recording and AI features, we process the following data solely for the purpose of synchronizing it to your CRM. We do not use this data for any other purpose:
We process your personal data for the following purposes:
Service delivery: To provide the TalkToCRM platform, including recording, transcription, AI analysis, and CRM synchronization
AI processing: To generate transcripts, summaries, and structured data from your conversations
CRM synchronization: To sync conversation data to your connected CRM platform at your request
Account management: To manage your account, organization, and subscription
Security: To protect our platform, detect fraud, and prevent unauthorized access
Legal compliance: To comply with applicable laws, regulations, and legal obligations
Product improvement: To improve and develop our platform (using aggregated, non-identifiable data)
Under the GDPR (and the Dutch AVG), we process your data based on the following legal grounds:
Contract performance (Art. 6(1)(b)): Processing necessary to provide the TalkToCRM service, including account management, conversation processing, and CRM synchronization
Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, and service improvement using aggregated data
Consent (Art. 6(1)(a)): Where we rely on your explicit consent, such as for optional features or communications. You may withdraw consent at any time
Legal obligation (Art. 6(1)(c)): Financial record-keeping and compliance with Dutch and EU law
We work with trusted third-party service providers (sub-processors) to deliver our platform. We do not sell your personal data. Data is shared only as necessary for the purposes described in this policy. Which providers are used depends on the services you activate in your account settings.
Audio recordings are only transcribed when you explicitly initiate this action. By default, AssemblyAI is used. You may select an alternative provider in your account settings. This list is continuously being extended:
Transcripts are only analyzed when you explicitly initiate this action. By default, Mistral is used to generate summaries, action items, and structured data. You may select an alternative provider in your account settings. This list is continuously being extended:
Data is only synced to a CRM platform when you explicitly enable and connect an integration in your account. This list is continuously being extended. Currently supported platforms:
For our HubSpot integration specifically, after you authorize the connection via OAuth we read Contacts, Deals, Companies, and Owner data solely to match the participants and topic of a conversation to the right CRM record, and we write Notes and Tasks (containing the call summary, optional transcript, and any action items) back to those records. Which content types and destinations are written is controlled by you per content type via the Sync Settings panel of the integration. We do not modify other HubSpot properties, contact lists, marketing data, or workflow configurations.
When you disconnect a CRM integration, your OAuth tokens are deleted immediately and we stop reading or writing data from your CRM. Any notes, tasks, or other records previously written to your CRM remain in your CRM — they are your data and we do not retain a copy beyond our own sync logs (see Section 8).
Some of our sub-processors are located outside the EU/EEA, primarily in the United States. Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:
We retain your data as follows. You can delete your conversation data (recordings, transcripts, and summaries) at any time from within your account:
Account data: Retained for the duration of your active account, and deleted within 90 days of account deletion
Conversation data: Retained until you choose to delete it, or for the duration of your active account. You can delete individual conversations (including recordings, transcripts, and AI-generated content) at any time
CRM integration data: OAuth tokens are deleted immediately upon disconnecting an integration. Sync logs are retained for 12 months
Technical logs: Retained for up to 30 days
Financial records: Retained for 7 years as required by Dutch law (fiscale bewaarplicht)
We take appropriate technical and organizational measures to protect your data, including:
Under the GDPR, you have the following rights regarding your personal data:
Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data (“right to be forgotten”)
Right to restriction: Request that we limit the processing of your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interest
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by law.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority:
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through a notice on our platform. The “Last updated” date at the top of this page indicates when this policy was last revised.
For questions or concerns about this Privacy Policy or our data practices, contact us at: