Privacy Policy

Effective May 12, 2026

This policy explains what Tarrs collects, how it uses your data, who we share it with, and what choices you have. It applies to everything at tarrs.io and the per-project sandbox subdomains (*.dev.tarrs.io).

We try to keep it short, specific, and honest. If something here is unclear, email privacy@tarrs.io — we'd rather change the policy than have it misread.

1. What we collect

Account data

When you sign up via Google or email, we store: your email address, display name, and (for Google) your avatar URL. We store a Google subject ID so subsequent sign-ins resolve to the same account.

Project data

When you create a project we store its name, description, slug, sandbox configuration, your linked GitHub repository names, and project-level memory the agent accumulates (a compact summary of what your project is and the conventions you prefer). We do not store a copy of your repository content in our application database — that lives in your sandbox's encrypted EFS volume, which is destroyed when the project is destroyed.

Chat & agent activity

Every chat message, ticket, and agent task run gets recorded so you can reload conversations, audit who triggered what, and let the AI use its own past context. AI-completion summaries are stored verbatim so the conversation history remains useful even after a sandbox is paused or destroyed.

OAuth tokens

If you connect Claude, ChatGPT, Supabase, Vercel, or GitHub via OAuth, the resulting tokens are stored encrypted at rest in AWS Secrets Manager (per-user for the OAuth tokens; per- project for the sandbox copy of the active token). The encryption key never leaves AWS.

Billing data

Stripe handles all payment-method data. We store your Stripe customer ID and your prepaid credit-wallet balance and ledger (top-ups and metered usage debits). We never see your card number or bank details.

Infrastructure logs

We log API requests, sandbox lifecycle events (boot, idle, terminate), and abuse-related signals (network egress bytes per task, sustained CPU). Logs include user IDs and IP addresses, retained for up to 90 days. We do not retain raw bodies of your chat messages in operational logs.

2. How we use it

We use the data above to:

  • Run the product you signed up for — host your sandboxes, route messages to the AI agent, deploy your code, send transactional email.
  • Bill you for usage (Stripe), keep you out of the destroy queue when you've paid, and stop charging when you cancel.
  • Detect and stop abuse — sandboxes used for spam, DDoS, crypto mining, or anything that endangers other customers.
  • Make the agent smarter on your specific project (project memory). Memory stays scoped to the project that learned it; it is never shared across customers.
  • Respond to support requests and email you about important account events (trial ending, payment failed, sandbox failed to start, projects scheduled for deletion).

We do not sell your data. We do not use your code, your prompts, or your AI outputs to train any model. See §4 for what the AI providers do.

3. Who we share with

Tarrs is a small product built on existing infrastructure. The following sub-processors see specific slices of your data:

  • Amazon Web Services — hosts the database, runs every sandbox container (Fargate), stores secrets + uploaded images. Same physical region (us-east-1) for all of the above.
  • Anthropic, OpenAI,Google — the AI providers you connect. Tarrs forwards your prompts + relevant project context to whichever provider you've authorized. Token usage is governed by that provider's terms; their data-use policies apply.
  • GitHub — when you connect a repository, Tarrs reads and writes that repo using your GitHub App installation token. Code is mirrored into your sandbox's private workspace.
  • Supabase, Vercel — per-user integrations you opt into. Tarrs holds an OAuth token that grants the scopes you approved in their consent screens.
  • Stripe — payment processing. They receive billing email, country, and the metadata we tag your subscription with.
  • Amazon SES — sends transactional email (account notifications, trial reminders, abuse warnings).
  • Google Sign-In — verifies the OAuth ID token if you signed up that way.

We may also share data when legally required (subpoena, court order) or to protect other users (e.g. when an abuse investigation crosses provider lines). We push back on overbroad requests where we can.

4. AI providers & training

When you run an AI task in Tarrs, your prompt + the project context the agent needs (file contents, recent chat history, repository metadata) are sent to the AI provider you connected.

Tarrs does not train on your data. We do not retain prompts in any system designed for model training, and we do not share data with any third party for that purpose.

Each AI provider has its own data-use policy. Anthropic and OpenAI both publicly commit to not training on data sent through their API products, but you should review each provider's policy directly:

5. Retention & deletion

Active account data lives as long as your account does. When you delete a project, we:

  • Soft-delete the project record (hidden from your UI immediately).
  • Tear down the sandbox CFN stack (ECS service, EFS file system, target group, listener rule).
  • Delete the project-scoped secrets in AWS Secrets Manager.
  • Release the ALB slot.
  • Stop metering the project — no further wallet debits.

Chat messages, tickets, and audit log rows referencing the deleted project are retained but hidden — they may be hard- deleted in a future sweeper job. If you want immediate hard deletion of any record, email privacy@tarrs.io.

If your wallet balance runs out (top-up failed, or you simply stopped paying), your paused sandboxes are kept around for a 30-day grace period — long enough to top up and resume — then everything is permanently destroyed by an automated reaper. You'll get an email warning 7 days before the destroy.

6. Your rights

You can:

  • Access — see and download your projects, chat history, billing history through the app.
  • Correct — change your display name, avatar, and email-via-account-settings (some flows require sign-in via the new email).
  • Delete — destroy any project; close your account by emailing privacy@tarrs.io.
  • Export — request a JSON dump of your account data via the same email. We'll deliver it within 30 days.
  • Opt out of marketing email (you'll still get transactional account email).

If you're in the EU / UK, you have GDPR rights including the right to lodge a complaint with your local data protection authority. Tarrs's legal basis for processing your data is contract (running the service you signed up for) and legitimate interest (preventing abuse).

If you're in California, you have CCPA rights. We don't "sell" personal information in the CCPA sense.

7. Security

OAuth tokens are encrypted at rest with a key held only in AWS Secrets Manager. All in-flight traffic is TLS-only. Sandboxes run in isolated Fargate tasks with no network path to our metadata database. We have access logs, alarms on abuse signals (egress / CPU spikes), and a human-in-the-loop kill switch for compromised accounts.

Tarrs is not currently SOC 2 / ISO 27001 / HIPAA / FedRAMP certified. If your use case requires those, please email first.

8. Children

Tarrs is not designed for users under 16. We don't knowingly collect data from children. If you believe a minor has created an account, email privacy@tarrs.io and we'll delete it.

9. Changes to this policy

We'll update this page when our practices change. Material changes (new sub-processor, new data category) get an email notification to active users. The "Effective" date at the top reflects the current version.

10. Contact

Email privacy@tarrs.io for anything in this policy. For security disclosures use security@tarrs.io.