PRIVACY POLICY

Last updated: March 28, 2026

OPALLOO INOVACOES LTDA, registered under CNPJ 53.284.020/0001-06, located at Avenida Brigadeiro Faria Lima, 1811 - Cj 115, Jardim America, CEP 01452-001, São Paulo - SP, Brazil ("Tarsy", "we", "us", or "our") operates the Tarsy iOS application, the Tarsy macOS companion application, the relay server infrastructure, and the website at tarsy.dev(collectively, the "Service").

This Privacy Policy explains what information we collect, how we use and share it, and your choices regarding your information. By using the Service, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is incorporated into and subject to our Terms of Use.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address (provided directly or obtained from your Apple ID or GitHub account)
Display name and avatar URL (obtained from your Apple ID or GitHub profile, or provided by you during onboarding when we ask how you would like to be called — used solely to personalize your in-app experience)
Authentication credentials — passwords are hashed and managed by our authentication provider (Supabase). We never store plaintext passwords. If you sign in via Apple or GitHub, we receive only an authentication token and basic profile information from those providers.

1.2 Profile and Preferences

Voice language preference (your selected language for voice-to-text input)
AI agent permission settings (your chosen permission mode per AI engine — e.g., auto or safe mode)
Onboarding status (whether you have completed the setup flow)

1.3 Machine and Device Information

When you connect your Mac to the Service, we collect device metadata to enable connectivity and display it in the app:

Machine name, model, platform (e.g., macOS), and OS version
CPU core count and memory size (in GB)
Local IP address (for connectivity)
Heartbeat timestamps (to show online/offline status in the iOS app)

On the iOS side, we access standard device properties (device model, OS version, screen dimensions) solely for rendering and coordinate mapping purposes. This information is not transmitted to our servers.

1.4 Workspace and Repository Metadata

To let you manage projects remotely, the macOS app scans standard development directories (e.g., ~/Desktop, ~/Documents, ~/Projects, ~/Developer) for Git repositories. We collect:

Repository name and local file path
Git remote URL (e.g., your GitHub origin)
Current branch name
Detected stack type (e.g., web, mobile, backend — based on config file presence)

This metadata is stored in your account to display your workspaces. We do not read, index, or store the contents of your source code files on our servers.

1.5 Chat Messages and Terminal Data

Chat messages: Messages you send to AI agents and the responses you receive are stored in our database to provide conversation history and continuity. Messages include text content, sender role (user or assistant), and timestamps.
Terminal session data: When you run AI coding agents through Tarsy, the commands sent and output received are transmitted via WebSocket between your devices. Terminal output may be transiently processed to display in the iOS app but is not permanently stored on our servers beyond chat message records.

1.6 Subscription and Billing Data

Subscription purchases are processed entirely by Apple through the App Store and StoreKit. We do not collect, process, or store your credit card number, billing address, or any payment instrument details. We only receive and store:

Subscription status (active, cancelled, or expired), synced from StoreKit
Subscription expiration date
Whether your account is on the Pro plan (a boolean flag on your profile)

1.7 Push Notification Tokens

If you enable push notifications, we store your Apple Push Notification service (APNs) device token so we can deliver notifications (e.g., when an AI agent needs your input or a task completes). You can disable push notifications at any time in your device settings.

1.8 Voice Input

Tarsy offers voice-to-text functionality using Apple's SFSpeechRecognizer framework. Audio is processed on your device whenever on-device recognition is available. Tarsy does not record, transmit, or store audio files. Only the resulting transcribed text is sent as a message to the AI agent.

1.9 Agent Task Data

When you dispatch tasks to AI coding agents, we store task metadata including task description, status (running, waiting, completed, error), the AI engine used, error messages (if any), and timestamps. This data is used to display task history and enable task continuity across sessions.

2. Screen Streaming and Remote Control

2.1 Screen Capture

The macOS app captures your screen using Apple's ScreenCaptureKit framework and encodes the video (H.264 or MJPEG) for real-time streaming to the iOS app. Screen data is:

Transmitted directly over your local network (LAN) when both devices are on the same Wi-Fi, or
Routed through our relay server when using remote access over the internet.

Screen frames are not stored, recorded, or logged by us — not on the relay server, not in any database. The relay server acts as a forwarding server that does not store or inspect your content. We do not have access to the visual content of your screen.

2.2 Remote Input

The iOS app sends touch, scroll, keyboard, and gesture input events to the macOS app to enable remote control. These input events (tap coordinates, scroll deltas, keystrokes, drag paths) are transmitted via WebSocket and are not stored or logged by us or by the relay server.

2.3 Sudo Password Handling

Certain operations on your Mac may require administrator (sudo) privileges. When this occurs, the macOS app requests your sudo password via the iOS app. The password is transmitted over the encrypted WebSocket connection, used once to execute the privileged command, and cached locally on your Mac for a maximum of 60 seconds before being discarded. Your sudo password is never transmitted to or stored on our servers.

3. AI Services and Third-Party Data Processing

3.1 AI Coding Agents

Tarsy supports multiple AI coding agents, including Claude (Anthropic), Gemini CLI (Google), Codex CLI (OpenAI), Aider, and custom CLI tools. When you use these agents:

Your prompts, messages, screenshots, file contents, and terminal output may be sent to the respective third-party AI provider.
Each AI provider processes your data under their own privacy policy and terms of service. We strongly encourage you to review the privacy policies of any AI provider you use through Tarsy.
AI agents run as local processes on your Mac. Tarsy facilitates communication between your iOS device and those local processes but does not independently send your data to AI providers — the AI CLI tools do.
We are not responsible for how third-party AI providers process, store, or use the data that their tools transmit.

3.2 UltraContext

Tarsy integrates with the UltraContext API for enhanced AI context management. When this feature is active, conversation messages (role and text content) may be sent to the UltraContext service through a secure server-side proxy. Your authentication token is never exposed to UltraContext directly. UltraContext processes data under its own privacy policy.

3.3 OpenClaw (Local Processing)

When available, Tarsy can interface with OpenClaw, a local AI model gateway that runs entirely on your Mac. All data processed through OpenClaw remains on your device and is never transmitted to external servers by Tarsy.

4. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Authenticate your identity and manage your account and subscription
Enable real-time connectivity and screen streaming between your devices
Deliver push notifications when AI agents require your input or tasks complete
Send transactional emails (e.g., welcome emails, subscription notifications)
Display your workspace and machine information in the app
Maintain conversation history for AI agent interactions
Monitor and improve the reliability and performance of the Service
Respond to your support requests and communications
Enforce our Terms of Use and protect against misuse
Comply with legal obligations

We do not use your information for advertising, profiling, or automated decision-making.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your data only in the following circumstances:

5.1 Service Providers

We use the following third-party service providers to operate the Service:

Supabase — Authentication, database hosting, real-time subscriptions, and serverless edge functions.
Apple (App Store, StoreKit, APNs) — Subscription billing, payment processing, and push notification delivery.
Fly.io — Hosting our WebSocket relay server infrastructure for remote connectivity.
Resend — Transactional email delivery (welcome emails, billing notifications).
AI Providers — Claude (Anthropic), Gemini (Google), Codex (OpenAI), and others as selected by you. Data is sent to these providers only when you actively use the corresponding AI agent, and is sent directly from your Mac, not through our servers.
UltraContext — AI context management, accessed via a server-side proxy.

5.2 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with applicable law, respond to a court order or legal process, or protect the rights, property, or safety of Tarsy, our users, or the public.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

6. Data Storage, Security, and International Transfers

6.1 Data Storage

Your account data is stored on Supabase-hosted infrastructure. The relay server (hosted on Fly.io in São Paulo, Brazil) does not persist any data — it only forwards WebSocket messages in real-time. Local data (authentication tokens, preferences) is stored securely on your device using the system Keychain and standard app storage.

6.2 Security Measures

We implement industry-standard security measures, including:

TLS/SSL encryption for all data in transit
End-to-end encryption (E2E) for all communication between your iOS and macOS devices, with trust-on-first-use (TOFU) key pinning — the relay server cannot read your data even in transit
Row-Level Security (RLS) on all database tables, ensuring users can only access their own data
JWT-based authentication with token refresh for all API and WebSocket connections
Server-side API key proxying for third-party services (keys are never exposed to client apps)
Encrypted WebSocket connections (WSS) for screen streaming and remote input
Machine secret verification and action allowlists on the relay server to prevent unauthorized access
Rate limiting on the relay server (120 messages per second per connection)

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6.3 International Transfers

Your data may be processed in countries other than your country of residence, including the United States and Brazil, where our service providers operate. By using the Service, you consent to the transfer of your information to these countries. We ensure that any such transfers comply with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission where required.

7. Data Retention

Account data: Retained for as long as your account is active. Upon account deletion, your personal information is deleted within 30 days, except where retention is required by law.
Chat messages and agent tasks: Retained for as long as your account is active. Deleted upon account deletion.
Screen streaming data: Never stored. Transmitted in real-time only.
Remote input data: Never stored. Transmitted in real-time only.
Push notification tokens: Deleted upon account deletion or when you disable notifications.
Subscription records: Retained for up to 7 years after account deletion for tax and legal compliance purposes.
Transactional emails: Email delivery records may be retained by our email provider (Resend) in accordance with their retention policies.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 General Rights

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Deletion:Request deletion of your personal data. You can delete your account directly within the iOS app (Profile > Delete Account), or by contacting us.
Portability: Request your data in a structured, commonly used, machine-readable format.
Objection: Object to or restrict certain processing of your data.
Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, contact our Data Protection Officer at privacy@tarsy.dev. We will respond to your request within 30 days, or sooner if required by applicable law.

8.2 Brazil (LGPD)

If you are located in Brazil, you have the rights provided under the Lei Geral de Proteção de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymization, blocking, or deletion of unnecessary data, portability, information about shared data, and the right to revoke consent. You may also file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

8.3 European Economic Area (GDPR)

If you are located in the EEA, you have the rights provided under the General Data Protection Regulation, including the rights listed above and the right to lodge a complaint with your local data protection supervisory authority. Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, security), and consent (where applicable). You may also use the European Commission's Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

8.4 California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined under the CCPA/CPRA. To exercise your rights, contact us at support@tarsy.dev.

9. System Permissions

The Service requests the following device permissions:

9.1 iOS App

Microphone: For voice-to-text input to send commands to AI agents. Audio is processed on-device and is not recorded or transmitted.
Speech Recognition:To convert your voice into text commands using Apple's on-device speech recognition.
Camera: To capture and send images to AI agents as context for coding tasks.
Photo Library: To save screenshots from the screen stream or attach images to AI agent messages.
Local Network: To discover and connect to your Mac on the same Wi-Fi network for direct, low-latency streaming.
Push Notifications: To alert you when AI agents need your input, tasks complete, or errors occur.
Live Activities: To display real-time AI agent status on your Lock Screen and Dynamic Island while a session is active. No additional data is collected — Live Activities use information already present in the app.

9.2 macOS App

Screen Recording: To capture and stream your screen to the iOS app using ScreenCaptureKit.
Accessibility: To simulate keyboard and mouse input for remote control functionality.
Local Network: For direct device-to-device communication on LAN.

All permissions are optional and requested only when the corresponding feature is used. You can revoke permissions at any time in your device settings. The Service will continue to function with reduced functionality if permissions are not granted.

10. Analytics and Tracking

Tarsy does not use third-party analytics SDKs, advertising trackers, or fingerprinting technologies. We do not participate in cross-app tracking. We do not collect or use the Apple Advertising Identifier (IDFA). We do not use cookies in our native applications. Our website does not use tracking cookies or third-party analytics scripts.

11. Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@tarsy.dev.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and, where appropriate, sending you a notification via email or in-app notice. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

13. Language

This Privacy Policy may be made available in multiple languages for convenience. In the event of any discrepancy between the English version and any translation, the English version shall prevail.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us:

Support: support@tarsy.dev
Data Protection Officer: privacy@tarsy.dev
General inquiries: contact@tarsy.dev
Website: https://tarsy.dev
Company: OPALLOO INOVACOES LTDA, CNPJ 53.284.020/0001-06
Address: Avenida Brigadeiro Faria Lima, 1811 - Cj 115, Jardim America, CEP 01452-001, São Paulo - SP, Brazil