Skip to content
CONCORDIA by TACITUS

Privacy Policy

Last updated: April 8, 2026 · Effective immediately

GDPR-Ready ControlsCCPA-Ready ControlsGoogle Cloud security controls

Privacy at a Glance

Live audio is streamed by default; recording requires consent
Your data is never sold to third parties
AES-256 encryption at rest, TLS 1.3 in transit
Delete anytime — full erasure within 30 days

1. Information We Collect

1.1 Account Information

When you create an account via Firebase Authentication, we collect your email address, display name, and profile photo. If you use Google OAuth, we receive your Google profile information as authorized by you.

1.2 Session Data

During mediation sessions, we process and store: transcripts (text only), conflict analysis primitives (actors, claims, interests, constraints, leverage, commitments, events, narratives), emotion timeline data, session metadata (title, type, duration, phase progression), and any agreements drafted within the platform.

1.3 Payment Information

Billing is processed exclusively by Stripe Inc. We store only your Stripe customer ID. We never store, process, or have access to credit card numbers, CVVs, or full card details. Stripe's privacy policy governs payment data processing.

1.4 Usage and Analytics

We collect anonymized, aggregated usage metrics including session counts, feature usage frequency, performance data, and error logs. These metrics cannot be traced back to individual users or session content.

1.5 Device and Technical Data

We collect browser type, operating system, IP address (for rate limiting and security only — not stored long-term), and WebSocket connection metadata necessary for real-time mediation functionality.

2. Audio Data and Recording Controls

Live audio is streamed for real-time processing by default.

Audio streams from your browser microphone through our WebSocket server to the Google Gemini Live Audio API in real time. Optional recording features may store audio only when explicitly enabled with participant consent and are governed by configured retention controls. Transcripts and structured conflict primitives may be stored as case data for reports, exports, and user-controlled deletion.

3. How We Use Your Data

We process your data under the following lawful bases (GDPR Article 6):

PurposeLegal Basis
Provide mediation serviceContract performance
Generate session reports and analysisContract performance
Process paymentsContract performance
Send service communicationsLegitimate interest
Detect and prevent abuseLegitimate interest
Improve service qualityLegitimate interest
Marketing communicationsConsent (opt-in only)

4. AI Processing and Your Data

Your session transcripts are processed by Google Gemini (via Vertex AI) for real-time mediation assistance and conflict analysis.

  • No training: Your data is NOT used to train, fine-tune, or improve any AI models
  • No retention by Google: We use Vertex AI's enterprise API tier which does not retain customer data for model improvement
  • No automated decisions: The AI provides analysis and suggestions only — all decisions rest with human participants
  • Safety guardrails: 7 safety rules actively filter content to prevent harmful outputs, including detection of domestic violence, child abuse, and self-harm indicators

5. Data Storage and Security

  • All data stored in Google Cloud Firestore with AES-256 encryption at rest
  • All data transmitted with TLS 1.3 encryption in transit
  • Access controlled through Firebase Authentication with per-user token verification
  • Infrastructure runs on Google Cloud Run with automatic security patching and container isolation
  • Rate limiting and circuit breakers protect against abuse and DDoS
  • Immutable audit logging for all sensitive operations (account deletion, role changes, billing events)

6. Data Sharing and Sub-processors

We do not sell, rent, or share your personal data. We use the following sub-processors:

ProviderPurposeData Processed
Google Cloud / Vertex AIAI processing, hostingTranscripts (real-time, not retained)
Firebase (Google)Authentication, databaseAccount info, session data
Stripe Inc.Payment processingBilling details (Stripe-managed)
Google Cloud RunApplication hostingRequest/response data

Data may also be disclosed if required by law, subpoena, or court order, or to protect the safety of our users when automated systems detect potential harm.

7. International Data Transfers

Our infrastructure is hosted in the United States (Google Cloud, us-east1 region). If you are located outside the United States, your data will be transferred to and processed in the US. We rely on Google's Standard Contractual Clauses (SCCs) and Stripe's Data Processing Agreement for lawful international transfers under GDPR Chapter V.

8. Your Rights

Under GDPR (EU/EEA), CCPA (California), LGPD (Brazil), and equivalent regulations, you have the following rights:

AccessExport all your data from Settings > Data Export, or request a full copy via email
RectificationUpdate your profile information at any time through account settings
Erasure (Right to be Forgotten)Delete your account and ALL associated data (Settings > Delete Account). Erasure is permanent and completes within 30 days
Data PortabilityDownload your session data, transcripts, and reports in JSON, Markdown, or PDF format
Restrict ProcessingRequest limitation of specific data processing activities
ObjectObject to processing based on legitimate interest — we will cease unless we have compelling legitimate grounds
Withdraw ConsentWithdraw consent for optional processing (e.g., marketing) at any time without affecting prior processing
Non-Discrimination (CCPA)We will not discriminate against you for exercising your privacy rights

To exercise any right, email privacy@tacitus.me. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Cookies and Local Storage

CONCORDIA uses minimal browser storage:

ItemTypePurposeDuration
Firebase Auth tokenEssentialAuthenticationSession
Cookie consent preferenceEssentialRemember your choice1 year
Session draft stateFunctionalResume interrupted sessions7 days
User preferencesFunctionalUI settings, languagePersistent

We do not use tracking cookies, advertising pixels, or analytics cookies from third parties.

10. Data Retention

  • Active accounts: Session data retained for the lifetime of your account
  • Account deletion: All personal data permanently erased within 30 days
  • Shared reports: Time-limited share links expire after 7 days
  • Audit logs: Retained for 2 years for security and compliance, then anonymized
  • Aggregated analytics: Anonymized, non-identifiable data may be retained indefinitely

11. Children's Privacy

CONCORDIA is not directed at children under 13. We do not knowingly collect data from children under 13. In educational settings (ages 13-18), the school administrator acts as the account holder and is responsible for obtaining appropriate parental/guardian consent in compliance with COPPA and applicable local laws. If we learn that we have collected data from a child under 13 without parental consent, we will delete it promptly.

12. Data Protection Officer

For privacy concerns, data requests, or to file a complaint:

Data Protection Contact

Email: privacy@tacitus.me

Entity: TACITUS

You also have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, or the relevant EU Member State DPA).

13. Changes to This Policy

We will notify you of material changes via email and in-app notification at least 30 days before they take effect. Non-material changes (clarifications, formatting) may be made without notice. The “Last updated” date at the top reflects the most recent revision.