Privacy Policy

Tactr is operated by Hawk Eye AI ("we", "us"). This policy describes what data Tactr collects, how it's used, and your rights over it. Plain language wins; if anything is unclear, email [email protected].

What we collect

Account data

When you create a Tactr account: your email address, display name, password (hashed by Supabase Auth — we never see it in clear), and any profile fields you fill in (industry, services, brand color).

Your virtual business card

Whatever you put on it — name, title, company, email, phone, website, headshot, logo, brand color. This is content YOU create and choose to share.

Captured paper business cards ("Tacts")

Photos of paper business cards you snap. OCR (text extraction from the image) runs on your device — the photo doesn't leave your phone for OCR. The extracted text fields (name, title, email, phone, etc.), the photo itself (if you keep it), your notes, and the date/event association are stored on Tactr servers so they sync across devices and survive a reinstall.

Email follow-ups

When Tactr drafts an AI follow-up, we send your contact's industry, your industry, and your relationship notes to Anthropic's Claude API. We do not send the contact's full PII (their email/phone are not used as prompt inputs). Drafts are stored on Tactr servers until you send or discard.

Connected services

If you connect an email account (SMTP/Gmail/Outlook) or a calendar (Google Calendar), Tactr stores the OAuth refresh tokens or SMTP credentials encrypted with AES-256-GCM on our servers. The decryption key lives only in our Edge Functions, not in the app bundle. Tokens are used only to send emails and create calendar events YOU authorize.

Subscription & usage

If you subscribe, we record your subscription tier (Free / Pro / Business), billing status (via RevenueCat / Apple IAP / Google Play Billing), and monthly usage counters (captures used, follow-ups sent) to enforce your tier limits.

Bookings

If a recipient books a meeting with you through Tactr's "Book a meeting" CTA, we record the meeting details: their name, email, optional company, time, duration, notes, and meeting link if a video integration created one.

Device & app data

Standard server logs (IP, user-agent, timestamps) for security + abuse prevention. No third-party tracking SDKs. No advertising IDs read. No analytics outside what's required to operate the service.

What we don't do

• We don't sell your data. Ever.
• We don't share your contacts list with anyone outside the providers below.
• We don't read the body of your sent emails. Tactr passes them to your connected email provider; what happens after that is between you and them.
• We don't use Google user data received via OAuth (e.g., calendar events) to train AI models, target ads, or for any purpose beyond providing the Tactr features you've authorized.

Third parties we use ("sub-processors")

• Supabase — database, authentication, file storage. US/EU regions.
• Anthropic — Claude API for AI follow-up generation. Inputs not used for training per Anthropic's commercial terms.
• RevenueCat — subscription state mirror for Apple IAP / Google Play Billing.
• Apple / Google — App Store, Play Store, Sign in with Apple, Sign in with Google, Google Calendar (only if you connect it).
• Cloudflare — DNS, edge hosting, this website.
• Your chosen email provider (Gmail / Outlook / your SMTP host) — only what you connect.

Your rights

You can:

• See all data we have about you — email [email protected] and we'll export it within 30 days.
• Correct anything wrong — most fields you can edit directly in the app; for anything you can't, email us.
• Delete your account — use the in-app Settings → Delete Account flow, or the public deletion page at tactr.app/delete-account. Deletion is permanent and cascades through every data type listed above within 30 days.
• Export your contacts as CSV/vCard (Pro and Business tiers).
• Revoke connected services — disconnect any email/calendar integration from Settings at any time; we also accept revocation directly via Google/Microsoft account settings.

How long we keep your data

For active accounts: indefinitely, until you delete. For deleted accounts: scrubbed within 30 days. For server logs: 90 days. For email send records (delivery receipts, errors): 18 months.

Children

Tactr is not intended for users under 18. We don't knowingly collect data from minors.

International data transfers

Tactr's servers are in the United States. If you're in the EU, UK, or another region with restrictions on transferring personal data to the US, your data is transferred under the EU Commission's Standard Contractual Clauses (SCCs) with each of our sub-processors (Supabase, Anthropic, Cloudflare, Apple, Google, RevenueCat). These contracts bind the recipients to the same data-protection standards required by the GDPR.

For the full list of sub-processors, their roles, and the transfer mechanisms, see our Sub-processors page.

EU / UK representatives

If you're in the EU or UK and want to exercise your GDPR rights, you can email [email protected]. We respond within 30 days. If you're unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA / CPRA)

You have the right to know what personal information we collect about you, to delete it, to correct inaccuracies, and to opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. We don't sell or share personal information for behavioral advertising — there's nothing to opt out of, but if California law changes, we'll add a "Do Not Sell or Share My Personal Information" link here. Submit data requests to [email protected].

Data breach notification

If we discover a personal-data breach affecting your account, we'll notify you (and the relevant supervisory authority where required) within 72 hours of becoming aware, per GDPR Article 33. Notification will describe what data was affected, the likely consequences, and the steps we're taking to mitigate.

Changes to this policy

We'll update the effective date at the top when this changes. Material changes that affect your rights get an in-app notice and an email.

Contact

Privacy questions, complaints, or data requests: [email protected]

Hawk Eye AI · New York, NY