Tarren
Download
Why Tarren Features Use cases Pricing Security

Privacy Policy

Effective June 9, 2026 · Last updated June 9, 2026

This Privacy Policy explains how Better Flow Ai, LLC, the company that provides the Tarren application and services ("Tarren," "we," "us"), collects, uses, shares, and protects information about you when you use the Tarren desktop application and related services (the "Service"). It also describes the rights you have over your information. If you use Tarren under a contract between Tarren and your employer or organization, that contract may modify how this Policy applies to you.

1. Quick summary

The short version:

  • You own your meetings, transcripts, summaries, and contacts. We process them on your behalf to make the product work.
  • Your Content powers your AI features. Your meetings, transcripts, and summaries live in your Tarren account. To generate transcriptions, summaries, action items, and answers, we send the Content needed to AI providers acting on our behalf (see Section 5). AI output can be imperfect — always review it.
  • We do not sell your personal information.
  • We are not currently HIPAA-compliant. Please don't put protected health information (PHI) into Tarren until we publicly announce HIPAA support.
  • Your data lives in the United States by default. Users outside the U.S. have their data transferred to the U.S. under appropriate safeguards.

The full details are below. Skip to Section 9 if you want to access, export, or delete your data.

2. Information we collect

2.1 Information you give us

  • Account information — name, email address, password, time zone, optional profile photo, and information about the organization you say you belong to.
  • Subscription and payment information — your selected plan, billing address, and a tokenized reference to your payment method. Card numbers are entered into a payment-processor-hosted form and are not stored on Tarren systems. We retain the card brand, last four digits, expiry, and cardholder name for display.
  • Content you submit — meeting recordings and the transcripts, summaries, action items, and decisions produced from them; documents (templates and instances); contact and company records; calendar events linked at your direction; email metadata and message bodies you bring into Tarren by acting on them; and any messages you write inside the Service (including share notes).

2.2 Information generated by your use of the Service

  • AI output — transcriptions, summaries, action items, document fills, and conversational answers produced from your Content.
  • Sharing records — who you share Content with, the scope, when, view counts, and revocation history.
  • Usage information — pages and features used, session duration, integration activity, and error reports.
  • Device information — operating system, app version, and a unique device identifier used for license and session purposes.

2.3 Information from connected third-party services

When you connect a third-party service to your account, we receive information from that service according to the OAuth scopes you grant. Currently:

  • Google Calendar — events, attendees, descriptions, and locations.
  • Gmail — message metadata for your relationship graph, and the message bodies of threads you act on through Tarren.
  • HubSpot — contacts, companies, deals, and activities, subject to your chosen integration mode.

We request the narrowest scopes needed for each feature, and you can disconnect any integration at any time from Settings.

2.4 Information we do not collect

  • We do not collect biometric data.
  • We do not collect precise GPS location.
  • We do not run third-party analytics SDKs that track you across other applications.
  • We do not collect information from people who are not Tarren users except as needed to deliver the Service to a user — for example, the email address of a person you share a meeting with.

3. How we use information

We use the information we collect to:

  • provide, maintain, and improve the Service;
  • authenticate you and authorize access to your workspace;
  • process subscription payments and prevent fraud;
  • generate the AI output you have requested;
  • send you service communications (account, billing, security, product updates);
  • send you optional digest or notification emails you opt into;
  • operate your relationship graph (People & Companies);
  • detect, investigate, and prevent abuse, fraud, and security incidents; and
  • comply with legal obligations and enforce our Terms.

We will not use your Content for any purpose other than to deliver the Service to you, except where we have your separate, explicit consent.

4. AI processing

4.1 What is sent to AI providers

  • Audio captured during a recording is streamed to our speech-to-text provider for transcription.
  • Transcripts and meeting context are sent to our large-language-model provider for live assistance, summarization, action-item extraction, document fill, and the conversational agent ("Ask Tarren").
  • Embeddings of transcripts and summaries are stored as vectors in our database so the conversational agent can retrieve relevant context. Embeddings are generated by a third-party embedding provider.

4.2 How AI providers handle your Content

We send only the Content needed to produce the feature you asked for, and we configure our provider accounts using the privacy and data-handling controls each provider makes available to us. Each provider's handling of Content is governed by its own terms, which we review before engaging it; the providers we currently rely on are listed in Section 5. If your organization requires specific contractual commitments for AI data handling before you use AI features, contact us at andrewkidd@betterflow.ai.

4.3 We do not train our own models on your Content

Tarren does not train, fine-tune, or otherwise build machine-learning models from your Content.

4.4 AI output can be inaccurate

AI output may be wrong. Transcriptions miss words, mis-attribute speakers, and struggle with accents, technical vocabulary, overlapping speakers, low-quality audio, and non-English speech. Summaries and action items can mis-state, omit, or invent details. Always review AI output before relying on it.

5. Sub-processors

We rely on the following sub-processors to operate the Service. We update this list when we add or remove one.

Sub-processor Role Region Notes
Supabase Database, authentication, file storage, edge functions United States Core infrastructure.
Anthropic Large language model for the assistant, summaries, document fill, and retrieval United States
Deepgram Speech-to-text transcription United States Used while a meeting is being recorded.
Google Calendar and Gmail access United States Only if you connect the integration.
HubSpot CRM integration United States Only if you connect it.
Cybersource (a Visa company) Subscription billing and card tokenization United States Card data does not pass through Tarren systems.
Resend Transactional email delivery United States System and account emails are content-free.

We will give at least 30 days' notice before adding a new sub-processor that processes Content. If you object to a new sub-processor, your sole remedy is to terminate your subscription before the change takes effect.

6. Sharing and disclosure

We share information only:

  • with sub-processors listed in Section 5, as needed to operate the Service;
  • at your direction — for example, when you share a meeting with another user, or connect a third-party integration you authorize to read or write data;
  • as required by law — in response to lawful legal process, or to protect rights, property, or safety where legally permitted; and
  • in a corporate transaction — as part of a merger, acquisition, sale of assets, or similar transaction. We will give you notice and the opportunity to delete your account before any transfer of your data.

We do not sell your personal information. We do not share it for cross-context behavioral advertising, and we do not use it to build a profile of you for resale.

7. Retention

  • Content is retained for as long as your account is active. You can delete individual recordings, transcripts, documents, contacts, and shares at any time.
  • Account data (name, email, settings) is retained while your account exists.
  • Sharing audit trails are retained for at least 90 days, and longer on workspaces that have extended audit retention.
  • Billing records are retained for at least seven years for tax and accounting compliance.
  • Backups are retained for up to 30 days after a record is deleted before final purge from backup media.
  • After account deletion, we retain residual data for up to 30 days to allow account recovery, then purge it from production systems and from backups within the backup retention window.

8. Security

We maintain administrative, technical, and physical safeguards designed to protect your information, including:

  • encryption in transit (TLS 1.2+) for all client-server traffic;
  • encryption at rest for stored Content;
  • an encrypted local cache on your device, keyed via your operating system's keychain;
  • role-based access control inside Tarren, with no production access without a business need; and
  • server-only secrets held in our backend environment and never shipped in the desktop application.

No security program is perfect. If we suffer a security incident affecting your information, we will notify you in accordance with applicable law, including the New York SHIELD Act and any other applicable state or federal breach-notification laws.

9. Your rights

Depending on where you live, you may have specific rights over your personal information. Tarren extends the following rights to all users regardless of jurisdiction, subject to our ability to verify your identity:

  • Access — request a copy of the personal information we hold about you.
  • Correct — fix inaccurate information through your account settings or by contacting us.
  • Delete — delete individual Content, or close your account to delete most data (some retention applies, as described in Section 7).
  • Portability — export your Content in machine-readable formats from Settings → Privacy → Export.
  • Object or restrict — opt out of optional communications and disable specific Service features.
  • Complain — lodge a complaint with a data-protection authority (for EU/UK users) or your state attorney general.

To exercise any right, contact andrewkidd@betterflow.ai or use the in-app controls under Settings → Privacy. We will respond within 30 days, or as required by applicable law.

9.1 California residents (CCPA / CPRA)

If you are a California resident, you have the rights above plus the right to: know the categories and specific pieces of personal information we have collected, used, or disclosed; opt out of sale or sharing for cross-context behavioral advertising (we do not do either, but you may submit a request anyway); limit the use of sensitive personal information (we limit ours to what is necessary to provide the Service); and not be discriminated against for exercising any of these rights.

9.2 EU and UK residents (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, Tarren acts as a controller for your account, billing, and security data, and as a processor when it handles Content at your direction.

  • Lawful bases include performance of a contract (delivering the Service), legitimate interests (security, abuse prevention, and product improvement that does not use your Content), and your consent (optional communications and third-party integrations).
  • Cross-border transfers to the United States are made under Standard Contractual Clauses together with supplementary measures such as encryption and access controls.
  • EU representative — where one is required, we will identify our designated representative here. Until then, contact andrewkidd@betterflow.ai.

10. Children's data

The Service is not directed to anyone under 13. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 13, we will delete it promptly. Contact andrewkidd@betterflow.ai if you believe we hold information from a child.

11. International transfers

Our infrastructure is hosted in the United States. By using the Service from outside the United States, you consent to the transfer of your information to the United States. For EU and UK transfers, we rely on Standard Contractual Clauses and supplementary security measures.

12. Cookies and tracking

The Tarren desktop application does not use third-party advertising cookies or trackers. Our marketing site at tarren.ai does not use advertising or cross-site tracking cookies and does not run third-party analytics; it sets only the strictly necessary cookies required for the site to function.

13. Changes to this Policy

We may update this Privacy Policy. We will announce material changes at least 30 days in advance by email and an in-app banner, with a link to the prior version. Your continued use after the effective date of a change constitutes acceptance.

14. Contact