Privacy Policy

1. Scope and our role

This Privacy Policy applies to personal information handled by Tandem ("Tandem," "we," "us"), through:

• the tandembase.xyz marketing website and any subdomains we operate;
• the Tandem software (desktop app and web dashboard) when run in Tandem-hosted Cloud mode;
• email and form submissions sent to us;
• billing, support, and account operations.

Tandem is a product of the Tandem AI division. Tandem runs locally on your device by default; Tandem's role as a controller is limited to the surfaces listed above.

2. Information we collect

Information you give us

• Contact and form submissions: name, email, organization, and any message you send us via the marketing site, AI Readiness Scorecard, feature-request form, or direct email.
• Account data (if you create a tandembase.xyz account): email, password hash, and preferences. Account creation is optional for local use.
• Billing data (paid tiers): billing email, subscription tier, payment method tokens. Card numbers are handled by Stripe — we never see them.
• Support correspondence: anything you send to support@tandembase.xyz or attach to a support ticket.

Information collected automatically from our website

• Request metadata: IP address, user agent, referrer, requested URL. Held transiently in server logs for abuse prevention and debugging.
• Privacy-preserving analytics (if enabled): aggregate traffic counts, cookieless, no cross-site tracking. We do not use Google Analytics, Meta Pixel, or ad-retargeting.

Information we do not collect

• We do not buy marketing lists.
• We do not fingerprint devices for ad targeting.
• We do not collect the contents of your vault, tasks, wiki, or chat history — those stay on your device (see Section 3).
• We do not require account creation to browse the site or run Tandem locally.

3. Local-first architecture

Tandem's default install is a desktop app that runs entirely on your machine. All project, task, session, and vault data lives in files on your local filesystem. Your prompts, AI conversations, generated code, and knowledge base are never transmitted to Tandem servers unless you explicitly:

• sign up for a Tandem Cloud account and enable cloud sync;
• opt in to crash reporting, telemetry, or diagnostic uploads (all off by default);
• submit content to us through a support ticket, bug report, or form.

Even in Cloud mode, we encrypt data at rest and in transit and keep sub-processor footprint minimal (Section 8).

4. How we use information

• Operate and secure tandembase.xyz and the Tandem software.
• Provision and meter Free and paid subscriptions.
• Send transactional email (receipts, password resets, version upgrade notices) tied to your account.
• Answer your questions and resolve support issues.
• Detect and prevent abuse, fraud, or attacks on our systems or users.
• Meet legal, accounting, and tax obligations.

We do not use your information to train AI models, for advertising, or to build cross-site profiles.

5. BYOK and AI providers

Tandem is BYOK ("bring your own key") by default. When you configure Tandem with an Anthropic, OpenAI, or other model-provider key:

• your prompts and responses pass directly from your device to that provider, not through Tandem;
• your use of that provider is governed by that provider's terms and privacy policy, not this one;
• your API key stays on your device (or, if you enable Cloud mode, in the encrypted credential store described in Section 10).

If you use the optional Credential Vault Proxy, the proxy injects credentials at request time so subagents never see raw keys; the prompts and completions still flow through the chosen provider under its own terms.

6. Legal bases (GDPR)

If you are in the UK, EEA, or Switzerland, our lawful bases under the UK GDPR and EU GDPR are:

• Contract — processing necessary to deliver the subscription or support you have requested.
• Legitimate interests — securing our systems, responding to inquiries, aggregate analytics.
• Legal obligation — billing, tax, and compliance with lawful requests.
• Consent — where you have explicitly opted in, e.g., the newsletter.

7. Sharing and disclosure

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We disclose information only:

• to sub-processors acting on our documented instructions (Section 8);
• to professional advisors (auditors, lawyers, accountants) under confidentiality;
• in a business transition (merger, acquisition, asset sale), with continued protection;
• in response to a valid legal request, narrowed where possible, with notice to you unless prohibited;
• to protect rights and safety against fraud, abuse, or imminent harm.

8. Sub-processors

Short list on purpose. As of the last updated date:

• Cloudflare, Inc. — website hosting, CDN, DNS, DDoS protection.
• Resend, Inc. — transactional email delivery.
• Stripe, Inc. — payment processing for paid tiers. Stripe is an independent controller for payment data.
• Privacy-preserving analytics provider (Plausible or Umami, if enabled) — aggregate traffic only.

Model-provider APIs you configure (Anthropic, OpenAI, Google, etc.) are not our sub-processors — you contract with them directly (Section 5).

9. Data retention

• Contact and form submissions: up to 24 months after last contact, then deleted or anonymized.
• Account data: for the life of the account plus 30 days after deletion (to cover reversal requests).
• Server and access logs: up to 90 days.
• Billing records: the minimum statutory period (typically 7 years in the United States).
• Newsletter list: until you unsubscribe.

10. Security

• TLS 1.3 for all public surfaces.
• Encrypted storage for account credentials and billing tokens.
• Access to systems is role-scoped and audit-logged.
• No persistent access to user machines. Local installs contact our servers only for update checks and opt-in features.
• Optional on-device features (Credential Vault Proxy, SimpleX bridge) keep secrets off third-party servers entirely.

No system is perfectly secure. If a breach affects your personal information, we will notify you without undue delay and within the timeframes required by applicable law.

11. International transfers

Tandem and its sub-processors may process your information in the countries where they operate. We do not currently offer Cloud hosting in the European Union; EU Cloud hosting is coming soon, and we will put appropriate data-transfer safeguards in place before we offer it.

12. Your rights (GDPR / UK GDPR)

If you are in the UK, EEA, or Switzerland, you have the right to access, rectify, erase, restrict, port your data, object to processing based on legitimate interests, withdraw consent, and lodge a complaint with your supervisory authority. Email privacy@tandembase.xyz. We respond within 30 days.

13. Your rights (CCPA / CPRA)

If you are a California resident, you have the right to know, access, delete, correct, opt out of sale/sharing (we do not sell or share), limit use of sensitive personal information, and receive non-discrimination for exercising these rights. Email privacy@tandembase.xyz. We respond within 45 days.

14. Children's privacy

Tandem is directed to adults and is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, email privacy@tandembase.xyz and we will delete it.

15. Cookies and tracking

tandembase.xyz is designed to run without third-party cookies or trackers. We use:

• Strictly necessary session cookies on pages that need them (e.g., signed-in account pages).
• No advertising cookies. No cross-site trackers.

If we add analytics, it will be cookieless (Plausible, Umami, or equivalent). This policy will be updated first.

16. Do Not Track and Global Privacy Control

We do not track users across sites, so DNT and GPC signals do not change what we collect — there is already nothing to opt out of. We honor GPC as a valid CCPA/CPRA opt-out of sale or sharing.

17. Automated decision-making

We do not make decisions that have legal or similarly significant effects on you using solely automated processing.

18. Changes to this policy

We update this policy when our practices change, when the law requires, or when we add a sub-processor. Material changes are announced on this page with a new "Last updated" date and, where required, by direct notice. Continued use after an update constitutes acceptance.

19. Contact

Tandem

• Privacy: privacy@tandembase.xyz
• Legal notices: legal@tandembase.xyz
• General: hello@tandembase.xyz