Tacenda

Legal

Privacy Policy

Effective Date: April 24, 2026

Who we are

Tacenda is a product of Tacenda LLC, a Colorado limited liability company. We built Tacenda to help people reflect on their experiences and find patterns in their own thinking over time.

This Privacy Policy explains what data Tacenda collects, why we collect it, who we share it with, and what rights you have over your information. We've written it in plain language because we think you deserve to actually understand what you're agreeing to.

If you have questions or concerns, you can reach us at privacy@tacenda.app.

1. Who this policy applies to

This policy applies to anyone who uses the Tacenda app. Tacenda is rated 17+ and is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@tacenda.app and we will delete it promptly.

2. What data we collect

We collect a limited set of data to make Tacenda work. Here's what that is and where it comes from.

Data you provide

Data How it's collected
Apple user identifier When you sign in with Apple. A stable, unique ID Apple assigns to your account in our app.
Email address Optionally provided by Apple at sign-in. You may share your real email or Apple's private relay email — we never see the underlying address if you use the relay.
Your written answers Text you type into the app (up to 500 characters per response). This is the core content of Tacenda.
Content reports If you use in-app reporting to flag content, we receive your report.

Data we collect automatically

Data How it's collected
Push notification token Generated by Expo when you enable notifications. Used solely to deliver push notifications to your device.
App usage events Collected by PostHog. Anonymized events (e.g., screen views, feature interactions) that help us understand how the app is used. We do not include your answer text or link these events to your identity.
Crash and error data Collected by Sentry. Includes device information, OS version, and app state at the time of a crash. We use this to fix bugs.

Data we derive

Data How it's generated
Text embeddings Numerical representations of your answer text, computed by OpenAI and stored in our database (Supabase). Used to power pattern-finding and curation features.
AI-generated highlights and patterns Summaries and insights generated from your answers using OpenAI. These are derived from your content and stored alongside it.

What we do NOT collect

We do not collect your name (unless Apple includes it in your sign-in payload, which is rare), precise or approximate location, contacts, photos, browsing history, purchase history, financial information, health data, or fitness data. We have no interest in any of that.

3. Why we collect this data

We collect data for specific, limited reasons:

  • To operate the app. Your answers, embeddings, and AI-generated patterns are the product. We store and process them to deliver the core Tacenda experience.
  • To authenticate you. Your Apple user identifier lets us securely identify your account without requiring a password.
  • To send notifications. Your push token is used only to deliver the notifications you've opted into.
  • To improve the app. Anonymized usage events and crash data help us understand what's working and fix what isn't.
  • To moderate content. We use OpenAI's moderation tools on AI-generated curation output to prevent harmful content from surfacing.

We do not sell your data. We do not use your data for advertising. We do not build profiles of you for any purpose outside the Tacenda product experience.

4. Legal bases for processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under GDPR:

  • Performance of a contract: Processing your answers, managing your account, and delivering the core product features.
  • Legitimate interests: Collecting anonymized analytics, crash data, and operating the app securely. Our interest in improving the app and preventing abuse does not override your rights.
  • Compliance with legal obligations: Retaining data when required by law.

You have the right to object to processing based on legitimate interests by contacting us at privacy@tacenda.app.

5. Third parties that receive your data

Tacenda is built on top of third-party infrastructure. The following parties receive data as part of normal app operations:

Third party What they receive Why
Supabase Your answers, user record, snapshots, embeddings, AI-generated content Database hosting for all app data
OpenAI Your answer text (for embeddings and curation); curation output (for moderation) Generates embeddings and AI insights; runs content moderation
PostHog Anonymized usage events (no answer text, no linked identity) Product analytics
Sentry Crash/error reports including device info, OS version, and app state Error monitoring and debugging
Expo / EAS Your push notification token Routing push notifications through Apple's infrastructure
Apple (APNs) Your push notification token Delivering push notifications to your device
Cloudflare Network traffic metadata (may include IP addresses) DNS, CDN, and traffic routing

We do not share your data with any other third parties except as required by law.

All third-party providers listed above are engaged under contractual terms appropriate for data processors, including, where applicable, Standard Contractual Clauses for international data transfers.

6. Data retention

We retain your data for as long as your account is active. Specifically:

  • Active account data (answers, user record, embeddings, AI-generated content) is retained until you delete your account.
  • Anonymized analytics events (PostHog) are subject to PostHog's own retention policies.
  • Crash logs (Sentry) are retained per Sentry's standard retention settings.
  • Final snapshots (anonymized aggregates) do not contain user-attributable data and are not modified or deleted on account deletion.

7. Account deletion

You can delete your account at any time from within the app:

Settings → Delete Account

Here's what happens when you do:

  1. Immediately: Your account is soft-deleted and your session is revoked. You lose access right away.
  2. Within 30 days: All of your personal data is permanently deleted from our systems — including your answers, user record, content reports, embeddings, and AI-generated content.

You can also request deletion by emailing privacy@tacenda.app with the subject line "Account Deletion Request." We will process your request within 30 days.

Note on final snapshots: Tacenda may retain anonymized aggregates (snapshots) that do not contain any user-attributable data. These are not modified on account deletion because they cannot be linked back to any individual.

8. Your privacy rights

For EEA and UK users (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Ask us to delete your personal data (see Section 7).
  • Restriction: Ask us to stop processing your data in certain circumstances.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise these rights, contact us at privacy@tacenda.app. We will respond within 30 days. If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority.

For California users (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties we share it with.
  • Right to Delete: Request deletion of your personal information (see Section 7).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not treat you differently for exercising your privacy rights.

To submit a CCPA request, contact us at privacy@tacenda.app. We will acknowledge your request within 10 business days and respond within 45 calendar days.

Categories of personal information collected in the past 12 months:

  • Identifiers (Apple user ID, email address)
  • Internet or network activity (usage events, crash data)
  • Inferences (AI-generated patterns and highlights)

Categories sold or shared: None.

9. Data security

We take reasonable technical and organizational measures to protect your data. This includes encrypted connections (TLS), access controls, and use of established security-focused infrastructure providers (Supabase, Cloudflare). No system is perfectly secure, but we treat your data with care.

If we become aware of a breach that affects your personal data, we will notify affected users in accordance with applicable law.

10. International data transfers

Tacenda LLC is based in the United States. If you use Tacenda from outside the United States, your data will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For users in the EEA and UK, we ensure that international transfers of personal data are covered by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, where required.

11. Children's privacy

Tacenda is rated 17+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@tacenda.app and we will delete that information promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the effective date at the top of the page. If we make material changes — changes that meaningfully affect your rights or how we use your data — we'll notify you through the app or via email before they take effect.

We encourage you to review this policy periodically. Continued use of Tacenda after changes take effect constitutes your acceptance of the updated policy.

13. Contact us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to request account deletion, please reach out:

Tacenda LLC
Email: privacy@tacenda.app
Website: tacenda.app

We aim to respond to all privacy inquiries within 30 days.

This Privacy Policy applies to the Tacenda mobile application. It does not apply to third-party websites or services linked from within the app.