Privacy Policy

Effective date: 30 June 2026 Last updated: 30 June 2026

This Privacy Policy explains how Nerdstorm Pty Ltd (ABN 60 671 857 435) ("Nerdstorm", "we", "us", "our") collects, uses, discloses, and protects your personal information when you use the Tars application and related services (the "Service").

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where applicable, we also seek to comply with the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA) for users in those regions. By using the Service, you consent to the practices described in this Policy. The Service is intended only for people aged 18 and over.

This Policy should be read together with our Terms of Use.

1. The Information We Collect

We collect only what we need to provide the Service.

Account and identity information.

An account identifier and authentication credentials. You can use an anonymous passkey (in which case no email or name is required), or sign in with Google or Apple, in which case we receive a provider identifier and any information you choose to share.
For passkeys, we store a public key and credential identifier; the private key never leaves your device.
An optional display name or alias, and an optional email address, if you provide one.

Approximate location.

An approximate location (country and, where available, city) derived from your IP address at sign-up using a third-party IP-geolocation service. We use this to suggest locally relevant support services. We do not collect precise GPS location.

Session content (which may include sensitive information).

Audio from your microphone is streamed to our speech-to-text provider to produce a live transcript. We process the transcript and store it, together with speaker labels, timestamps, and related metadata. We do not retain the raw audio recording after it has been transcribed.
AI-generated guidance, summaries, insights, and reports produced during your sessions.
Session metadata such as session name, status, duration, and word counts.

Because the Service is designed for conversations about relationships, your session content may reveal sensitive information (for example, about health, sex life, or religious or other beliefs). We collect and handle this information only with your consent and only to provide the Service to you. Please do not share more sensitive information than you are comfortable being processed as described in this Policy.

Purchase and subscription information.

Records of your subscription status, entitlements, and credit balances. Payments are handled by the app stores and our payment partners (see section 4); we do not collect or store your full payment card details.

Feedback and support information.

Ratings, comments, and any information you provide when you contact us.

Technical information.

Limited technical data needed to operate and secure the Service, such as device/app information and connection logs. We do not use third-party advertising or analytics/tracking SDKs in the Service.

2. How We Use Your Information

We use personal information to:

provide, operate, and maintain the Service, including live transcription, speaker identification, AI-generated guidance, and reports;
create and secure your account and authenticate you;
suggest locally relevant support services based on your approximate location;
process purchases, subscriptions, and credits;
respond to your enquiries and provide support;
monitor, protect, and improve the safety, security, and performance of the Service, including using de-identified or aggregated data; and
comply with our legal obligations and enforce our Terms of Use.

Legal bases (GDPR). Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); your consent (for processing session content, including any sensitive/special-category data, and approximate location — which you may withdraw at any time); our legitimate interests (to secure and improve the Service); and compliance with legal obligations.

3. AI and Automated Processing

The Service uses automated systems and large language models to transcribe speech and generate guidance. To do this, your session content is sent to our AI service providers (see section 4) for real-time processing. The Output is generated automatically and may be inaccurate; it is not professional advice (see the Terms of Use). We do not use the identifiable contents of your sessions to train third-party foundation models.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We share information only as described below.

Service providers (processors). We share information with trusted providers who process it on our behalf, under contract, only to provide the Service:

AssemblyAI — real-time speech-to-text and speaker identification (receives session audio stream and participant names).
Anthropic (Claude API) — language-model processing to generate guidance, classifications, and reports (receives session transcript and approximate location).
ElevenLabs — text-to-speech for the agent voice (receives generated guidance text).
RevenueCat and our payment processor / the app stores (Apple, Google) — purchases, subscriptions, and entitlements.
Google and Apple — authentication, where you choose those sign-in methods.
IP-geolocation provider — to derive approximate country/city from your IP address at sign-up.
Cloud hosting and database providers — to host the Service and store data securely.

Legal and protective disclosures. We may disclose information where required by law, to respond to lawful requests, or to protect the rights, safety, and property of you, us, or others.

Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

5. International Transfers

Some of our service providers are located outside Australia, including in the United States and other countries. When we transfer personal information overseas, we take reasonable steps to ensure it is handled in accordance with this Policy and applicable law, including, where required, by using appropriate safeguards such as standard contractual clauses.

6. Data Retention

We keep personal information only for as long as necessary to provide the Service and for the purposes described in this Policy, unless a longer period is required or permitted by law. You can delete individual sessions within the Service, and you can ask us to delete your account and associated data (see section 8). When you delete a session or account, we delete or de-identify the associated personal information within a reasonable period, except where we must retain it for legal, security, or backup purposes.

7. Security

We take reasonable technical and organisational measures to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, including encryption in transit, access controls, and device-bound passkey credentials. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

Subject to applicable law, you may:

access the personal information we hold about you and request a copy;
correct information that is inaccurate or out of date;
delete your account and associated data, or specific sessions;
withdraw consent to processing of session content or approximate location (note this may mean you can no longer use core features);
object to or restrict certain processing, and request data portability, where the GDPR applies; and
exercise your rights under the CCPA/CPRA (including the right to know and the right to delete) if you are a California resident — we do not sell or share personal information as those terms are defined.

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before responding, and we will respond within the timeframes required by law.

9. Cookies and Similar Technologies

On the web, we use only the cookies and local storage necessary to sign you in and keep the Service working. We do not use advertising or third-party tracking cookies.

10. Children

The Service is not intended for, and must not be used by, anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take steps to delete it.

Where you use the Service with another person (for example, in a couple session), you are responsible for informing them and obtaining their consent to the recording, transcription, and processing of their voice and contributions as described in this Policy, before the session begins. See section 5 of the Terms of Use.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you (for example, in-app or by updating the effective date above). The latest version will always be available within the Service and at the link below.

13. How to Contact Us and Make a Complaint

If you have a question, request, or complaint about your privacy, contact us:

Nerdstorm Pty Ltd — Privacy Email: [email protected] New South Wales, Australia

We will acknowledge and investigate your complaint and respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992. Users in the EU/UK may also lodge a complaint with their local data-protection authority.