Privacy Policy

Version: 0.1 DRAFT Effective Date: April 15, 2026 Last Updated: April 15, 2026

DRAFT NOTICE: This document is currently under legal review. It will be finalized before public launch. Please contact support@viralhostdigital.com with any questions.

1. Introduction

Viral Host Digital LLC (“we”, “us”) respects your privacy. This Privacy Policy explains what information Tendril collects, how it is used, and your rights regarding that information.

Tendril is designed with privacy as a first principle. The core application runs entirely on your local device. Project code, agent output, and conversation history never leave your machine unless you explicitly configure third-party API integrations.

2. Information We Collect

2.1 Locally Stored Only (Never Transmitted to Us)

The following is stored only on your device under ~/.tendril/:

• Project state, subtasks, agent messages
• Conversation history with Tendy (the chat assistant)
• Knowledge graph index of your connected projects
• Settings including BYOK API keys (encrypted via OS keychain)
• Screenshots and file edits made by agents

We have no access to this information. It is never sent to our servers.

2.2 Information Transmitted for Licensing

If you activate a Pro license, we receive:

• Your license key (to validate purchase)
• A machine identifier (hashed hardware fingerprint to bind the license to your device)
• License activation timestamps

This information is transmitted to our licensing API during initial activation and daily refresh checks.

2.3 Optional Telemetry (Opt-In Only)

If you opt in to anonymous usage telemetry, we may collect:

• Aggregate feature usage counts (how often settings are opened, how many projects exist)
• Error reports (stack traces with no personal content)
• Version information

Telemetry is off by default. You can enable or disable it at any time in Settings.

2.4 Information Transmitted to Third-Party LLM Providers

When you use BYOK (Bring Your Own Key) integration with Anthropic, OpenAI, or Google, your prompts and project file contents may be sent directly from your device to those providers. This transmission happens between your device and the third-party provider — we do not intercept, store, or relay it.

Each provider has its own privacy policy governing how they handle this data:

• Anthropic: https://www.anthropic.com/privacy
• OpenAI: https://openai.com/privacy
• Google: https://policies.google.com/privacy

3. How We Use Information

We use the limited information we collect to:

• Validate licenses and provide Pro tier access
• Fix bugs and improve the Software (telemetry, if enabled)
• Comply with legal obligations

We do not sell, rent, or share your information with third parties for marketing purposes.

4. Data Retention

• License activation records: retained for the duration of your license plus 3 years for tax and audit purposes
• Telemetry data (if opted in): retained for 12 months, then aggregated and anonymized
• Local data: retained on your device until you delete it

5. Your Rights

Depending on your jurisdiction, you may have the following rights:

GDPR (EU users)

• Right to access your personal data
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

CCPA (California users)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination

To exercise any of these rights, contact support@viralhostdigital.com.

6. Security

We implement reasonable technical and organizational measures to protect information we hold:

• API keys stored locally are encrypted using your operating system’s keychain (macOS Keychain, Windows DPAPI, Linux libsecret)
• License activation uses HTTPS (TLS 1.2+)
• Our licensing servers follow industry-standard security practices

However, no system is perfectly secure. You are responsible for securing your local device.

7. Children’s Privacy

Tendril is not directed at children under 13. We do not knowingly collect information from children under 13.

8. Changes to This Policy

We may update this Policy from time to time. Changes will be posted here and in the Software. Continued use after changes constitutes acceptance.

9. Contact

Privacy questions or requests: support@viralhostdigital.com

Data controller: Viral Host Digital LLC Puerto Rico, USA