Privacy Notice
Last updated: June 5, 2026
This Privacy Notice explains how Tarlo handles information when you use the Tarlo app for macOS and the website at tarlo.me. Tarlo is built to be local-first: your conversations, memory, files, and the API keys you connect stay on your Mac and are never sent to our servers.
Summary of key points
- Your content stays on your device. Chats, memory, files, and your AI provider API keys are stored locally on your Mac (in a local SQLite database and the macOS Keychain). The contents of your messages, files, and keys are never transmitted to our servers.
- We collect minimal, anonymous telemetry. A random install identifier, session duration, and structural (non-content, non-PII) tool-outcome events help us understand stability and usage. We set
sendDefaultPii=false. - Bring Your Own Key (BYOK). When you connect Anthropic, OpenAI, Google, or OpenRouter, requests go directly from your Mac to that provider. Your keys never reach us.
- Accounts are optional. If you choose to sign in, we store your email and name for the account. Anonymous installs send neither.
- We do not sell your personal data and we do not use advertising networks, retargeting, or marketing pixels.
Table of contents
- What information do we collect?
- Data that stays on your device
- How do we use your information?
- AI providers (Bring Your Own Key)
- Integrations and connectors
- Accounts and sign-in
- Payments
- Error and crash reporting
- When and with whom do we share?
- Hosting and processors
- How long do we keep information?
- How do we keep your information safe?
- Information from minors
- Your privacy rights
- Updates to this notice
- How can you contact us?
1. What information do we collect?
Tarlo is designed to minimize the information that leaves your Mac. The only information that reaches our servers is anonymous telemetry and, if you choose to create an account, basic account details.
Anonymous telemetry
To understand stability and how features are used, the app may send the following non-identifying data to our own backend (Cloudflare Workers with a D1 database):
- A random install UUID generated on your device (not linked to your identity);
- Session duration;
- Structural tool-outcome events that describe whether an action succeeded or failed, without any of the content involved.
This telemetry contains no personal data and no message, file, or key content. We operate with sendDefaultPii=false.
Account information (optional)
If you choose to sign in (see Section 6), we store your email address and name to operate the account. Anonymous installations do not send an email or name.
2. Data that stays on your device
The following are stored locally on your Mac and are never sent to our servers:
- Your chats and conversation history;
- Tarlo's memory about your projects, preferences, and context;
- Files you provide to Tarlo and any content it reads or writes locally;
- The API keys you connect for AI providers, stored in the macOS Keychain.
This data lives in a local SQLite database on your machine. Because it stays on your device, you are in control of it: deleting the app and its local data removes it.
3. How do we use your information?
- To provide and maintain the app. Local data powers Tarlo's features directly on your device.
- To improve stability and reliability. Anonymous telemetry and crash reports help us find and fix problems.
- To operate optional accounts. If you sign in, your email and name are used to identify and manage your account.
4. AI providers (Bring Your Own Key)
Tarlo uses a Bring Your Own Key model. You connect your own API keys for one or more providers:
- Anthropic (Claude)
- OpenAI
- Google (Gemini)
- OpenRouter
When you use Tarlo with a connected provider, requests are sent directly from your Mac to that provider. Your keys are stored in the macOS Keychain and are never transmitted to us. The data you send to a provider is processed by that provider under its own privacy policy and terms. We recommend reviewing the policies of any provider you connect.
5. Integrations and connectors
Tarlo can connect to other tools you use:
- Cloud connectors via Composio. Some integrations use Composio, which connects to third-party services through OAuth on the server side. Authorizing a connector is your choice, and the connected service processes data under its own policy.
- Local connectors. Integrations with Things 3, Apple Calendar, Reminders, Notes, Mail, Obsidian, and your browser run on your device using local access you grant through macOS.
6. Accounts and sign-in
An account is optional. If you choose to create one, you can sign in with Google Sign-In or with an email address. We store your email and name to operate the account. We do not offer or store credentials for other social networks.
7. Payments
Tarlo does not currently collect payment information. When paid plans become available, payments will be processed by a third-party payment provider acting as merchant of record — Stripe or Paddle. When you make a purchase, your payment details will be handled by that provider under its own privacy policy; we do not store full payment card details on our systems.
8. Error and crash reporting
To diagnose problems, Tarlo uses Sentry for error and crash reporting. Personally identifiable information is scrubbed before transmission, and we operate with sendDefaultPii=false. Crash reports are used solely to improve the reliability of the app.
9. When and with whom do we share your information?
We share information only with the service providers needed to operate Tarlo:
- Cloudflare — hosting of our backend (Workers, KV, D1) and the website (Pages);
- Sentry — error and crash reporting (PII scrubbed);
- Google — only if you choose Google Sign-In;
- Composio — only for cloud connectors you authorize;
- Stripe or Paddle — only when paid plans launch and you make a purchase;
- The AI providers you connect, for requests you initiate (see Section 4).
We do not sell your personal data. We do not use advertising networks, retargeting, affiliate tracking, or marketing pixels.
10. Hosting and processors
Our backend and website are hosted on Cloudflare (Workers, KV, and D1 for the backend; Pages for the website). Telemetry described in Section 1 is stored in our Cloudflare D1 database.
11. How long do we keep information?
We keep anonymous telemetry only as long as needed to understand stability and usage trends. Account information is kept for as long as your account exists; if you delete your account, we delete the associated email and name. Data stored locally on your Mac is retained on your device until you remove it.
12. How do we keep your information safe?
We use reasonable technical and organizational measures to protect information. Your API keys are stored in the macOS Keychain, and your content remains on your device. No method of transmission or storage is perfectly secure, but our local-first design means the most sensitive data never leaves your Mac in the first place.
13. Information from minors
Tarlo is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us so we can remove it.
14. Your privacy rights
Depending on where you live, you may have the right to access, correct, or delete personal information we hold about you, and to object to or restrict certain processing. Because most of your data stays on your device, you can exercise much of this control directly in the app. For account information held by us, you can request access or deletion using the contact details below.
15. Updates to this notice
We may update this Privacy Notice from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be reflected here.
16. How can you contact us?
Tarlo is operated by [PLACEHOLDER — legal entity / company name], located at [PLACEHOLDER — registered address].
If you have questions about this notice or your data, you can reach us at: [PLACEHOLDER — contact email will be added].