Skip to main content
TartarusAI
← back to home

// privacy

Plain English.
No fog.

last updated · 2026-05-03

Most "privacy policies" run 4,000 words because the company hoovers up everything they can and is required to disclose it. Ours is shorter because we don't.

What we collect

Account data. Email, the plan you're on, the IP your account last signed in from. Billing is crypto-only, handled by our self-hosted CryptoPay backend — we see the invoice reference and your email, no card or bank fields. That's it.

Prompts and responses. While you're using the agent, your prompts are sent to our inference servers, processed, and a response is returned. The session lives in our cache for the duration of your conversation and clears on the schedule below.

Operational telemetry. Error rates, latency, capacity utilisation, abuse-detection signals. Stripped of prompt content. No third-party analytics SDKs.

What we don't

  • We don't train on your prompts. Ever. Our model is trained on a curated corpus we control, not on your engagement work.
  • We don't share with the foundation labs. Inference runs on infrastructure we operate. Your prompts are not forwarded to OpenAI, Anthropic, Google, Meta, or any frontier-lab API.
  • We don't use third-party trackers. No Google Analytics, no Segment, no Mixpanel, no fingerprinting library. The site you're reading right now loads zero third-party JavaScript bundles.
  • We don't sell your data. Not to brokers, advertisers, "research partners," anyone.

How long we keep it

  • Inactive sessions auto-purge from cache after 24 hours.
  • You can purge any session manually from your dashboard, immediately.
  • Account metadata is retained while the account exists, plus 30 days after closure for billing reconciliation.
  • Operational telemetry rolls off after 90 days.

Sub-processors

The full list, no "and others":

  • CryptoPay (self-hosted) — crypto invoice generation and on-chain confirmation. Receives the invoice reference and your email; no card, bank, or other payment-instrument data exists.
  • Statuspage.io — public uptime page. No prompt or response content.

If we add or replace a sub-processor that handles prompt or response content, we give 30 days' notice on the dashboard and via the changelog.

Your rights

You can export your account data and session history at any time from the dashboard. You can request deletion the same way. For anything that needs a human (data subject access requests, regulator inquiries, requests under GDPR / UK GDPR / CCPA), email [email protected] and we respond within 30 days.

Cookies

We use one essential session cookie to keep you signed in. No analytics cookies, no advertising cookies, nothing else. The site works fine without it; you'll just have to sign in again on every visit.

Changes to this policy

If we change this policy in any meaningful way, the changelog says so before the page does. Material changes get an email to active subscribers 14 days before they take effect.

Contact

Privacy questions: [email protected]
DPA / security questionnaires: [email protected]