https://tact.center/privacy

1. Introduction

This Privacy Policy describes how Kelvin Yap Jia Hao, trading as Tact ("the Operator", "we", "us"), collects, uses, stores, and protects information in connection with the Tact browser extension and website at tact.center ("the Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service. This policy should be read alongside the Terms of Service.

We are committed to compliance with the Singapore Personal Data Protection Act 2012 (PDPA) and handle all personal data in accordance with its requirements.
2. What We Collect

We collect only the minimum information necessary to operate the Service.

Text content you submit: When you highlight text and request an analysis or rewrite, that text is transmitted to our backend API and then to Anthropic's Claude AI model for processing. This text is used solely to generate a response and is not stored, logged, retained, or used for any other purpose. It is discarded immediately after the response is delivered.

Email address: When you purchase a subscription, Paddle collects your email address as part of the payment process. We receive your email address from Paddle solely for the purpose of delivering your license key. Your email address is stored in our database associated with your license key and subscription record.

License key and subscription data: We store your license key, subscription tier, Paddle subscription ID, and subscription status (active or cancelled) in our database, hosted on Railway in the United States. This data is necessary to validate your subscription and enforce access controls.

Usage counts: We store aggregate usage counts (number of analyses and rewrites performed) associated with your license key or device identifier, for the purpose of enforcing usage limits. We do not store the content of individual analyses or rewrites.

Device identifier: For free tier users, a randomly generated device identifier is stored locally in your browser and transmitted with each request for the purpose of enforcing usage limits. This identifier is not linked to any personal information.

Waitlist email: If you submit your email address via the waitlist form on tact.center, that address is collected by Netlify Forms and stored by Netlify. We use it solely to notify you when the Service launches. You may request removal at any time by emailing [email protected].
3. What We Do Not Collect

We do not collect, store, or process any of the following:

The content of any text you highlight or submit for analysis or rewriting
Your browsing history or activity on any website
Your IP address beyond what is inherently transmitted in any HTTP request
Any analytics, telemetry, or behavioural tracking data
Payment card details of any kind - these are handled exclusively by Paddle


1. How We Use Your Information

We use the information we collect for the following purposes only:

To process your text through the Anthropic API and return a verdict and rewrite
To deliver your license key by email following a successful subscription purchase
To validate your subscription status and enforce access controls and usage limits
To process subscription lifecycle events such as cancellations via Paddle webhooks
To respond to support requests submitted to [email protected]


We do not use your information for marketing, profiling, advertising, or any purpose beyond those listed above.
5. Third-Party Services

The Service relies on the following third-party providers, each of whom processes data subject to their own privacy policies:

Anthropic: Processes text content submitted for analysis and rewriting. Anthropic's privacy policy is available at anthropic.com. Text submitted to the API is not retained by us after processing; Anthropic's own data retention practices are governed by their policy.
Paddle: Processes subscription payments and acts as Merchant of Record. Paddle collects and processes your email address and payment details in accordance with their privacy policy, available at paddle.com.
Railway: Hosts our backend API and Postgres database in the United States. Database contents include license keys, email addresses, subscription records, and usage counts.
Netlify: Hosts the tact.center website and collects waitlist form submissions. Netlify's privacy policy is available at netlify.com.
Resend: Used to deliver transactional emails (license key delivery). Your email address is transmitted to Resend for this purpose and subject to their privacy policy, available at resend.com.


1. Data Retention

Subscription records, license keys, and associated email addresses are retained for as long as your subscription remains active and for a reasonable period thereafter to handle support requests, refund claims, and legal obligations. Usage count records are retained on a rolling basis consistent with the applicable billing period.

Text content submitted for analysis or rewriting is not retained at all. It is processed in real time and discarded immediately upon delivery of the response.

To request deletion of your personal data, email [email protected] with your registered email address. We will action deletion requests within a reasonable timeframe, subject to any legal obligations that require retention.
7. Data Security

We take reasonable technical measures to protect the data we hold, including encrypted connections (HTTPS) for all data in transit, access controls on our database, and secret-based authentication for our API endpoints. However, no system is completely secure, and we cannot guarantee the absolute security of your data.
8. International Data Transfers

Our backend infrastructure is hosted in the United States via Railway. By using the Service, you acknowledge that your data (limited to subscription records, license keys, email addresses, and usage counts as described above) may be transferred to and stored in the United States. Text content you submit is transmitted to Anthropic's API and is not stored by us in any jurisdiction.
9. Your Rights

Depending on your jurisdiction, you may have rights in relation to your personal data, including the right to access, correct, or request deletion of data we hold about you. To exercise any of these rights, contact [email protected]. We will respond within a reasonable timeframe and in accordance with applicable law.
10. Data Protection Officer

Under the Singapore Personal Data Protection Act 2012 (PDPA), organisations that collect, use, or disclose personal data are required to designate a Data Protection Officer (DPO). The DPO for Tact is Kelvin Yap Jia Hao, who is responsible for ensuring compliance with the PDPA. All data protection enquiries, access requests, and correction requests may be directed to the DPO at hello@tact.center.
11. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact [email protected] and we will delete it promptly.
12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service following any changes constitutes your acceptance of the updated policy. Material changes will be communicated to active subscribers by email where reasonably practicable.
13. Contact

All privacy-related enquiries, requests, and notices should be directed to: hello@tact.center. We will use reasonable endeavours to respond within five (5) business days.