Tarsier

Privacy.

When you use Tarsier, your video goes directly from one of your devices to another across your home WiFi. The stream never touches our servers. We have no way to see, hear, or record it.

The only personal data we ever handle is the email you give us at checkout, and even that we store as a one-way hash — not the email itself.

Who we are

Tarsier is operated by the publisher named at the bottom of this page. You can reach us at hi@tarsier.live.

What we store about you

After you pay $5, we save three small things in our database:

• A one-way hash of your email (SHA-256). This is not reversible — we can check "does this hash match the hash of an email someone just typed?" but we cannot read your email back out.
• The Stripe payment ID (a token like pi_…). We use this only to verify with Stripe that the payment is still valid.
• The timestamp of the purchase.

If you complete checkout or restore your purchase while connected to a particular WiFi, we also record a one-way hash of that WiFi's public IP address. This lets other devices in your household auto-unlock without entering your email again. We store at most 5 such WiFi hashes per email, with the oldest evicted as new ones are added.

What we don't store

• The video stream — never. It travels peer-to-peer between your devices and never touches us.
• Your audio — never.
• Your email in readable form. Stripe holds the email; we hold only the hash.
• Your card details. Stripe holds these; we never see them.
• Your name, location, IP in plaintext, or any other identifier.
• Cookies. We use none.
• Analytics. We use none.

On your device

In your browser's localStorage, Tarsier keeps:

• A random ID we generate for your device (used to count your free trial). Cleared when you clear site data.
• A flag indicating whether this device is unlocked, plus a signature that ties the unlock to the device ID.
• A small number of innocuous app preferences (theme, layout).

None of this is sent to us except as part of normal API calls.

Who else touches your data

We use three processors:

• Stripe processes your payment. They hold your email, card details, and billing info. Stripe's privacy policy.
• Resend sends the restore email when you tap "Already paid?". They receive only the recipient address and the email body. Resend's privacy policy.
• Fly.io hosts our server. They run our infrastructure but do not access our data. Fly.io's privacy policy.

We don't share data with anyone else. No advertisers. No analytics platforms. No data brokers.

How long we keep things

• Purchase records: 3 years from the date of purchase, then automatically deleted.
• WiFi (IP hash) records: 90 days from the last time the WiFi was used to pay or restore.
• Free-trial usage counts: 90 days.
• Restore tokens: 15 minutes.

Your rights under GDPR

You have the right to:

• Ask what we hold about you. Since we hold only a hash, the answer is straightforward.
• Ask us to delete it. Email us with the address you used at checkout and we'll delete the matching row.
• Ask us to export it. We can send you the hash and timestamp.

Stripe will still hold its own records for tax and legal reasons — those are subject to Stripe's own retention and erasure policies.

Children

Tarsier is intended to be used by adults. It is not directed to children under 13 and we do not knowingly collect data from children.

Changes to this notice

We may update this notice. We'll change the "last updated" date below. Material changes will be announced inside the app for at least 30 days before taking effect.

Contact

hi@tarsier.live