tailroom

Tailroom

Privacy

Last updated: 16 May 2026

Tailroom is a voice-first app for clearing what's still running in your head. We built it on the principle that what you say into the app is yours, and we should hold as little of it as possible. This policy is a plain statement of what that means in practice.

If something in this policy is unclear, email us at privacy@tailroom.app. We will answer.

The short version

  • Audio recordings never leave your device. They are captured, transcribed on your phone, and discarded.
  • Transcripts leave your device once, to generate the reflection. They are sent to Anthropic (the company that makes the AI we use), processed, and discarded by them according to their data policy. We do not store transcripts on any server we operate. We have no server.
  • Reflections live on your phone. SwiftData, encrypted at rest by iOS. Optionally backed up to your iCloud if you enable the toggle.
  • We have no accounts, no analytics, no telemetry, no advertising, and no third-party tracking. We do not know who you are. We have no way to know which sessions came from which device.
  • We do not sell, share, or licence your data to anyone. There is nothing to sell.

If that's enough for you, you can stop reading. The rest of the document is the detailed version for people who need it.

What we collect, why, and what happens to it

Audio. When you record a session, your iPhone captures audio through its microphone, transcribes it using Apple's on-device Speech framework (or, if on-device recognition fails on your device, Apple's cloud Speech service — which you can disable in Settings), and then releases the audio. The audio is never saved to disk by Tailroom. It is never sent to our servers, because we have no servers. It is never shared with Anthropic.

Transcripts. The text of what you said is generated on your device. When you complete a session, the transcript is sent over an encrypted connection (TLS 1.3) to Anthropic's API to generate the reflection. The transcript is not accompanied by your name, your email, your device ID, your app instance ID, or any identifier we could use to link the request back to you specifically. Anthropic's API terms state that data submitted via the API is not used to train their models by default; you can read their current API privacy terms at https://www.anthropic.com/legal/aup. After Anthropic returns the reflection, we discard the transcript from our memory; the only copy that persists is the one stored locally on your phone.

Reflections. The structured reflection that Anthropic returns — the "What I heard" sentence, the sorting cards, the session-close line — is stored on your device using SwiftData, which is encrypted at rest as part of iOS device storage. If you have iCloud backup enabled in Settings (off by default), reflections may be included in your encrypted iCloud backup according to Apple's iCloud backup terms. We have no access to iCloud-backed data.

Subscription status. If you subscribe to Tailroom Plus, Apple's App Store handles the transaction. We receive from Apple a receipt indicating that your device has an active subscription. The receipt does not contain your name, email, or payment details. We never see your payment information.

Diagnostic data. Tailroom does not collect crash reports or analytics. If you have iOS-level Analytics & Improvements sharing enabled (Settings → Privacy & Security → Analytics & Improvements), Apple may share aggregated, anonymised crash and usage data with us through Apple's standard developer tools. This data is anonymised by Apple and never includes anything you said.

What we do not collect

To be explicit:

  • We do not collect your name, email address, phone number, or any account identifier.
  • We do not collect your IP address.
  • We do not collect your device's unique identifier (IDFA, IDFV).
  • We do not collect your location.
  • We do not collect your contacts, photos, calendar, or any other data on your phone.
  • We do not collect demographic data — age, gender, occupation, anything.
  • We do not use cookies. (We're a native app; there are no cookies. The tailroom.app website also does not set cookies.)
  • We do not use any third-party analytics service — Mixpanel, Amplitude, PostHog, Google Analytics, Firebase Analytics, none of them.
  • We do not use any advertising network or attribution SDK.

This is unusual for a consumer app. We mean it.

Third parties we work with

Two, and only two:

Anthropic. The AI company that powers the reflection. Your transcripts pass through their API to generate the reflection. Anthropic's data handling is governed by their published API privacy terms. They do not train on data submitted via the API. We do not share anything else with them — no identifying information, no usage patterns, no metadata beyond what's required to make the API call.

Apple. Your device manufacturer and the operator of the App Store. Apple handles your subscription if you have one, surfaces the app to you in the App Store, and provides the on-device frameworks (Speech, SwiftData, iCloud, StoreKit) that Tailroom uses. Apple's privacy policy governs anything they collect from you as your device manufacturer; it is independent of Tailroom.

That's it. There is no analytics processor, no error tracking service, no marketing automation tool, no customer data platform, no CRM, no email service provider (other than the one we use for support@tailroom.app correspondence, which only sees email you choose to send us).

Your rights

Because we hold so little, most data-rights requests are simple.

To see what we hold about you: in most cases, nothing. Your data is on your phone, accessible through the app. If you've corresponded with us at support@ or privacy@, we may have those emails in our inbox. Email us and we'll tell you what we have.

To export your data: in the app, go to Settings → Data → Export all sessions as JSON. The file contains everything we stored about your usage, because it is everything we have.

To delete your data: in the app, go to Settings → Data → Delete all sessions. This is a hard delete. There is no archive, no trash, no recovery. If you've corresponded with us by email, you can request deletion of those records by emailing privacy@tailroom.app.

To stop using the app: uninstall Tailroom. Your local data goes with the uninstall.

Specific jurisdictional rights:

  • EU users (GDPR): You have the rights of access, rectification, erasure, data portability, restriction of processing, objection to processing, and to lodge a complaint with your supervisory authority. Most of these are exercised through the in-app controls described above. The legal basis we rely on for processing is your consent (when you tap record) and contract performance (delivering the reflection you asked for). We do not transfer personal data outside the EU/EEA except via the Anthropic API, which operates under Standard Contractual Clauses.
  • California residents (CCPA/CPRA): You have the rights to know, delete, correct, and opt-out of sale or sharing. We do not sell or share your personal information. The "Do Not Sell or Share My Personal Information" link is not required because we don't do either.
  • Australian users (Australian Privacy Principles): Tailroom is an Australian product subject to the Privacy Act 1988 and the Australian Privacy Principles. The Office of the Australian Information Commissioner (OAIC) is the regulator; you can contact them if you have a complaint we have not resolved.
  • UK users (UK GDPR): Same substantive rights as EU users; the Information Commissioner's Office (ICO) is the regulator.

Children's privacy

Tailroom is not designed for and is not intended to be used by people under 17. The App Store age rating is 17+, partly because the content of a session is user-generated and can include adult themes, and partly because mental load is not a problem we want to mediate for minors. If you are under 17, please do not use Tailroom.

If we become aware that we have inadvertently received personal information from a person under 17 — for example, in correspondence to support@ — we will delete it from our records.

Data retention

On your device: your sessions are kept until you delete them or uninstall the app. We do not automatically expire or delete sessions.

In our records: we have no records to retain, because we hold no server-side data about your usage. Emails you send to support@, privacy@, or hello@tailroom.app are retained for up to two years for support continuity, then deleted, unless you request earlier deletion or the correspondence relates to an ongoing matter.

Security

The honest summary: the strongest security guarantee a piece of software can offer is not collecting data in the first place, and that is the guarantee Tailroom offers. There is no server to breach, no database to leak, no backup to lose.

For the limited data that does exist:

  • The app stores data on your device using SwiftData; the device storage is encrypted at rest by iOS.
  • Face ID locking is enabled by default; you can disable it in Settings.
  • Network traffic to Anthropic uses TLS 1.3.
  • The Anthropic API key embedded in the app is not a user secret — it is a service credential used to call the Anthropic API. It does not protect your data; the TLS connection and Anthropic's API design do.
  • We do not maintain a bug bounty program at v1 but welcome responsible disclosure of security issues. Email security@tailroom.app with details. We will acknowledge within 5 business days.

Changes to this policy

If we change this policy, we will update the "Last updated" date at the top and, for material changes, mention the change on the tailroom.app website and in the app's About screen. We will not email you about policy changes because we don't have your email address — that's the trade-off of the privacy posture we've chosen.

What constitutes a material change: adding any new third party that receives user data, adding any new category of data we collect, or changing the legal basis on which we process data. Cosmetic changes — clarifying language, fixing typos, updating contact addresses — are not material.

Contacting us

  • General questions: hello@tailroom.app
  • Support: support@tailroom.app
  • Privacy questions and rights requests: privacy@tailroom.app
  • Security disclosure: security@tailroom.app

We are based in Perth, Western Australia. Our postal address is provided on request to facilitate formal correspondence.