Privacy Policy

Last updated: May 28, 2026

This policy describes what data Tape (“we”, “us”) collects when you use the macOS app or the services at usetape.app.

Plain-English summary

• Your audio recordings and transcripts stay on your device. We do not upload them.
• If you connect a Google Calendar, we store the tokens needed to fetch your events on our server, encrypted. The events themselves are fetched on demand and not retained.
• We do not sell or share your data with advertisers. We do not use it for ads at all.
• You can disconnect calendar or delete your account at any time from the app.

What stays only on your Mac

Audio (microphone, and optionally system audio), speech-to-text transcripts, speaker labels, notes, and tape metadata are written to local storage on your Mac. Speech-to-text and speaker labeling run entirely on your device. None of this is uploaded.

macOS protects this storage under your user account. If you uninstall Tape, this local data is removed along with the app.

What touches our server

Our server handles two things only: sign-in and calendar.

Account

When you sign in with Google, we create an account record containing your email address and display name. Nothing else from your Google profile is stored. A session token is issued to the app and stored securely on your Mac; it expires after a limited period and you can revoke it at any time by signing out.

Calendar (optional)

• If you choose to connect Google Calendar, the app sends a one-time authorization code to our server. The server exchanges it for the tokens needed to read your events.
• These tokens are encrypted at rest before being stored. Encryption keys are managed separately from the database.
• We request the calendar.readonly and calendar.events.readonly scopes only. These are read-only — Tape cannot create, modify, or delete events.
• When the app asks for events, the server fetches them from Google on demand and returns them to the app. Event details (titles, attendees, times, links) are not persisted on our server.

Sub-processors

We rely on a small set of third-party service providers to operate the Service. Each is bound by data protection terms appropriate to its role (including a Data Processing Addendum under the GDPR where applicable):

• Google LLC — sign-in and read-only access to your Google Calendar.
• Google Cloud Platform — hosting our server and managing the encryption keys for stored authentication tokens.
• Neon, Inc. — operating the database that holds account records and encrypted authentication tokens.
• Cloudflare, Inc. — hosting this website.

When we add a new sub-processor, we update this list before the change takes effect.

Use of Google user data

Tape’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google Calendar data only to display upcoming events inside the Tape app, so you can start a recording for the one you’re joining.
• We do not transfer this data to others except as needed to provide or improve the user-facing features of the Tape app, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use this data to serve advertisements.
• We do not allow humans to read this data unless we have your affirmative agreement, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.

Data retention

• Account record (email, display name): kept until you delete your account.
• Calendar authentication tokens: kept until you disconnect the calendar or delete your account, whichever is sooner.
• Session tokens: limited duration; revocable at any time by signing out.
• Calendar event details: not retained on our server; fetched on demand.
• Server backups: retained for up to 30 days, then permanently deleted.
• On-device recordings, transcripts, and notes: kept on your device for as long as you choose; removed when you delete them in the app or uninstall it.

Your rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to fix inaccurate information.
• Deletion — ask us to delete your personal information.
• Portability — receive your data in a structured, machine-readable form.
• Restriction or objection — ask us to limit or stop certain processing.
• Withdraw consent — where processing is based on consent, withdraw it at any time.
• Complaint — lodge a complaint with a supervisory authority in your country.

We respond to verified requests within 30 days. To exercise any of these rights, email or@usetape.app, or use the controls in the app’s Settings.

Lawful basis for processing (EEA, UK, Switzerland)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — providing the Service, including account management and processing your calendar requests.
• Consent — storing tokens for the optional Google Calendar connection. You can withdraw consent at any time by disconnecting the calendar in the app.
• Legitimate interests — security, fraud prevention, and protecting the Service against abuse.
• Legal obligation — where required to comply with applicable law.

California residents

We do not sell personal information and we do not share personal information for cross-context behavioral advertising, as those terms are defined under California law. We have not done so in the prior twelve months.

EU representative

We have not appointed a representative in the European Union under Article 27 of the GDPR at this time, given our limited processing activities. If this changes, we will update this policy.

How to revoke access or delete your data

• Disconnect calendar: in the app, Settings → Calendar → remove the account. The server deletes the stored tokens immediately.
• Sign out: the session is invalidated on the server.
• Delete your account: Settings → Account → Delete account. The server removes your user record, sessions, and all stored tokens. Local recordings on your Mac are separate — delete the app to remove those.
• You can also revoke Tape’s access from your Google account permissions page.

Children

Tape is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Security

All network traffic to our server uses HTTPS. Authentication tokens are encrypted at rest using industry-standard encryption.

Changes

If we make material changes to this policy we will update the date at the top and, where appropriate, notify users in the app before the change takes effect.

Contact

Questions about this policy or your data: or@usetape.app.