Privacy Policy

1. Who we are

[TODO: legal entity name, registered address, company / VAT number, jurisdiction of incorporation] ("Telmur", "we", "us") operates the Telmur macOS application and the backend at api.telmur.com. For questions about this policy, see Contact.

[TODO: if you have a Data Protection Officer or EU/UK representative under GDPR Art. 27, name them here. Otherwise: state explicitly that none is appointed and why (e.g. occasional processing, low risk).]

2. Scope

This policy covers data processed when you use the Telmur macOS application ("the App") and any related Telmur services (collectively, "the Service"). It does not cover third-party services you choose to interact with through the Service — their own privacy policies apply.

3. Data we collect

3.1 Provided by you

• Voice audio. The App captures microphone audio while you hold the configured hotkey, and uploads the resulting WAV to our backend for transcription. [TODO: confirm whether the raw audio is retained on the backend after transcription, and for how long. The current backend implementation writes the audio to data/transcripts/<date>/ <request_id>-audio.wav with no automatic deletion until the 100 GB rotation gate triggers.]
• Screenshots. In Assistant and Agent modes the App captures the frontmost window and uploads it as a PNG. [TODO: confirm retention. The backend currently extracts and stores each image as <request_id>-image-N.png.]
• Prompt and response text. The text of your dictation, your chat turns, the system prompt sent on your behalf, and the model's response. [TODO: same — describe storage location and TTL.]
• Clipboard contents. Only when you have enabled "Clipboard Context" in the menu, and only at the moment of a request.

3.2 Collected automatically

• Request metadata. A per-request UUID (X-Telmur-Request-Id), the macOS user name reported by the App (X-User), the model alias requested, the upstream model resolved, token counts, latency, and our cost-accounting numbers. Stored in data/usage.jsonl on our backend.
• Network metadata. Standard server-side details — IP address from the connecting client, TLS version, User-Agent. Caddy access logs retain these for [TODO: retention period — Caddy default is "as long as the container has been running"].
• Subscription and billing data. [TODO: describe what your billing provider (Stripe / Paddle / etc.) collects on your behalf and link to their policy. If billing is not yet wired, write "not applicable yet" and update before launch.]

3.3 What we do not collect

• Other-window screenshots. The App only captures the frontmost window when you trigger a request. The full desktop is never captured.
• [TODO: any other "we don't collect X" claims you want to make. Each one becomes a binding commitment — make sure backend behaviour actually reflects it.]

4. How we use it

We process the data described above for the following purposes:

• Providing the Service. Routing your requests to the underlying AI providers (currently Google Gemini for chat, OpenAI Whisper for transcription) and returning the result.
• Diagnostics & abuse prevention. Storing per-request transcripts (Tier 2 logging) so we can debug failed requests, detect abuse, and reproduce issues you report.
• Cost accounting. Tracking token usage per request to compute the cost we are billed by upstream providers.
• Service improvement. [TODO: do you use stored transcripts for prompt-engineering, internal evals, or model evaluation? Be honest. If yes, say so. If you ever plan to use them to train a model, you must say so explicitly here — silence is not consent.]
• Legal compliance. Where required by law, to respond to lawful requests from authorities and to enforce our Terms of Service.

5. Legal basis (EEA / UK / Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing under GDPR / UK GDPR / FADP is:

• Performance of a contract (GDPR Art. 6(1)(b)) — for processing necessary to deliver the Service you subscribed to.
• Legitimate interests (GDPR Art. 6(1)(f)) — for diagnostics, abuse prevention, security, and cost accounting. [TODO: link to or summarise your legitimate-interest assessment.]
• Consent (GDPR Art. 6(1)(a)) — for any optional features that explicitly ask for it, including [TODO: list opt-in features, e.g. analytics, marketing emails, beta-testing programs].
• Legal obligation (GDPR Art. 6(1)(c)) — for tax records and similar mandatory retention.

6. Retention

• Per-request usage records (data/usage.jsonl): [TODO: state the retention period and what triggers deletion. As implemented today, records are retained until you manually archive them; no TTL.]
• Per-request transcripts & media (data/transcripts/): [TODO: same as above. The current 100 GB rotation gate archives the oldest day's directory but does not delete it permanently.]
• Caddy access logs: [TODO: container lifetime, no rotation configured today.]
• Account & billing records: [TODO: duration required by your tax / accounting rules in the relevant jurisdiction.]

7. Subprocessors & sharing

We share the minimum data necessary with the following subprocessors. Each link points at the subprocessor's own privacy policy.

• Google LLC (Generative Language API / Gemini) — receives the text and images of your chat requests. [TODO: link to Google's API data usage policy for paid Gemini access; confirm current terms on whether Google retains or trains on this data.]
• OpenAI, OpC (Whisper transcription API) — receives the audio of your dictation requests. [TODO: link to OpenAI's API data usage policy.]
• OpenRouter (chat fallback when Gemini is unavailable) — receives the same payload as Google when fallback triggers. [TODO: link to OpenRouter's privacy policy. If you removed the fallback per your earlier instruction, delete this bullet.]
• Hosting provider — [TODO: the VPS provider hosting api.telmur.com and telmur.com; link to their DPA.]
• Payment processor — [TODO: Stripe / Paddle / …]
• Email provider — [TODO: for transactional email — receipts, password resets, etc.]

We do not sell or rent your data. We do not use it for behavioural advertising. We do not provide it to third parties for their own purposes except as required by law.

8. International transfers

[TODO: state where your servers are located. If you process or store data outside the EEA / UK and accept users from those regions, you need a valid transfer mechanism — Standard Contractual Clauses, an adequacy decision, or equivalent. Name it explicitly.]

9. Security

• All traffic between the App, our backend, and upstream providers is encrypted in transit using TLS 1.2 or higher.
• The backend's shared API token is stored on the server and never exposed to the App or to subprocessors.
• Access to our infrastructure is restricted to [TODO: who? list the people / roles with production access].
• [TODO: any other security commitments — at-rest encryption, backup policy, incident response. Only claim what you actually do.]

No system is perfectly secure. If you become aware of a security issue affecting Telmur, please report it to [TODO: security@telmur.com or equivalent].

10. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Delete your data ("right to be forgotten").
• Restrict or object to certain processing.
• Port your data to another service.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with a supervisory authority (in the EEA / UK).

To exercise any of these rights, email privacy@telmur.com. We will respond within [TODO: timeframe — GDPR default is one month, with a possible two-month extension].

California residents have additional rights under the CCPA / CPRA, including the right to know what categories of personal information we collect and the right to opt out of "sale" or "sharing" (we do neither). [TODO: confirm and add California-specific disclosures if you serve California users.]

11. Children

Telmur is not directed at children under [TODO: 16 in EEA, 13 in US — pick the higher floor across markets you serve], and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy. The "Last updated" date at the top of this page is always current. Material changes will be communicated via [TODO: in-app notice / email / both, and how much advance notice you commit to].

Previous versions: [TODO: link to a changelog or to archived versions if you maintain them].

13. Contact

Email: privacy@telmur.com (or hi@telmur.com for general questions).

Postal: [TODO: legal entity, registered address. Required by most jurisdictions for a privacy policy.]