Privacy Policy
This Privacy Policy describes how Diplomatist (“Diplomatist,” “we,” “our”), operated as a sole proprietorship, collects, uses, and protects information when you interact with the Diplomatist service, including via SMS messaging.
1. Who we are
Diplomatist is a managed messaging service that records, structures, and audits one-on-one professional discussions conducted over SMS and email. Users of the service (“users”) configure discussions and exchange messages with other parties (“counterparties”) through the platform; the platform validates messages against the user’s pre-configured parameters and maintains a tamper-resistant log for audit and contract-formation purposes. This policy applies to anyone whose information passes through the service, including users and counterparties.
2. Information we collect
We collect only what is necessary to operate the service:
- Phone numbers and email addresses — of users (provided when configuring the service) and of counterparties (either provided by the user, or learned when the counterparty initiates contact).
- Message content — the text of SMS, email, and API messages sent and received through the service, including timestamps, delivery status, and channel attestation metadata (e.g., carrier, signature verification).
- Discussion configuration — configuration the user sets up for a discussion (parameters such as rate ranges, deadlines, or scope items; counterparty information; channel preferences) and the conversation history needed to maintain coherent multi-turn discussions.
- Operational logs — service-level logs (HTTP requests, error traces, timing data) used to operate, secure, and debug the platform. These may include phone numbers and message snippets but are not used for analytics or marketing.
We do not collect: location data, contacts lists, biometric data, payment information (no payments are processed at this time), or data from any source other than messages and configuration directly provided to us.
3. How we use information
We use information solely to:
- Deliver messages between users and counterparties.
- Validate outgoing messages against the user’s configured parameters before transmission.
- Maintain conversation history and audit logs so multi-turn discussions stay coherent and verifiable.
- Provide optional drafting assistance to users (see Section 4).
- Operate, secure, and debug the platform.
- Comply with legal obligations.
We do not use your data for advertising, retargeting, or to train any machine learning model. Conversation data is not sold or shared for marketing.
4. Service providers and data sharing
We rely on a small set of subprocessors to operate the service:
- Telnyx (United States) — SMS and voice connectivity. Phone numbers and message text pass through Telnyx for delivery. Privacy policy: telnyx.com/legal/privacy-policy.
- Anthropic (United States) — natural-language processing for the platform’s optional message-drafting and message-analysis tools. When a user uses the drafting feature, conversation context and message content are sent to Anthropic’s API to produce candidate text, which is validated against the user’s configured parameters before being sent. Privacy policy: anthropic.com/legal/privacy. Per Anthropic’s API terms, submissions are not used to train Anthropic’s models.
- Hetzner Online GmbH (Germany) — server hosting. Application data (database, audit logs) resides on Hetzner’s infrastructure. Privacy policy: hetzner.com/legal/privacy-policy.
We do not share data with any other third parties except where required by law (e.g., a valid subpoena).
5. International data transfers
Diplomatist’s servers are located in Germany. If you are located outside the European Economic Area, your data will be transferred to and processed there. Telnyx and Anthropic operate primarily from the United States, so message content reaches U.S.-based services as part of normal operation.
6. How we store and protect information
We apply standard technical safeguards: TLS encryption for all data in transit (HTTPS for the API, TLS for SMTP and database connections), restricted access to production systems (SSH key authentication only, password authentication disabled), and regular security updates to operating system and dependencies.
No system is perfectly secure. We cannot guarantee that unauthorized parties will never access your data, but we treat security as a first-class concern and will notify affected users in the event of a breach as required by applicable law.
7. Data retention
We retain conversation data and audit logs for as long as is reasonably necessary to operate the service, support users in resuming long-running discussions, maintain a verifiable record of agreements reached, and comply with legal obligations. You may request deletion of your data at any time by contacting us (see Section 10). Deletion requests are honored within 30 days unless legally required to retain.
8. Your rights
Depending on your jurisdiction (EU, California, etc.), you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your information.
- Object to or restrict certain processing.
- Withdraw consent (note: withdrawing consent for SMS will cause the conversation to terminate).
For SMS specifically: reply STOP to any message to opt out immediately. You can reply HELP for help. Standard message and data rates may apply.
9. Children
Diplomatist is not directed to children under the age of 18. We do not knowingly collect information from anyone under 18. If you believe a child has provided information to us, please contact us so we can delete it.
10. Contact
For privacy questions, data access requests, or deletion requests, contact:
Email: privacy@diplomatist.org
11. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Significant changes will be communicated to existing users where reasonably possible.