Privacy Policy

Last updated: April 23, 2026

This policy explains what Tatin ("we", "us") collects, why, and what you can do about it. We try to keep this short and honest. If anything is unclear, get in touch.

The short version. We collect the minimum needed to let you sign in, have conversations, and get feedback. We don't sell your data. We don't show ads. You can delete your account at any time.

What we collect

Account information

Your email address, and a password hash if you sign up with email.
If you use Sign in with Apple or Google, the provider sends us a stable user ID and (optionally) an email. We never see your provider password.

Conversations and audio

The text you send and the replies you receive, so we can show your history and assess progress.
Voice recordings you make during speaking practice. Audio is sent to our servers to be transcribed and assessed, and kept alongside the conversation for your reference.
Pronunciation scores, grammar feedback, and goal progress derived from those conversations.

Technical data

Basic app telemetry: app version, OS version, device model, crash logs.
Access logs on our servers (IP address, request path, timestamp) for security and debugging. These are rotated on a short schedule.

What we don't collect

We don't collect your contacts, photos, calendar, or location.
The microphone is used only while you're actively recording a reply in a conversation.
We don't use third-party advertising or analytics SDKs that track you across apps.

How we use your data

To run the service: authenticate you, generate AI responses, transcribe your speech, score your pronunciation, and track goals.
To improve the product: understand which scenarios work, fix bugs, and tune feedback quality. Wherever possible we use aggregated or anonymized data.
To keep the service safe: detect abuse and enforce our terms.

Third-party services

Tatin relies on a small set of providers to deliver the experience. These providers process data on our behalf under their own agreements and are not allowed to use your content for their own purposes.

OpenAI — generates AI replies and grammar feedback. Messages you send during a conversation are transmitted to OpenAI.
Google Cloud — speech-to-text (transcribes what you say) and text-to-speech (synthesizes the AI's voice).
Microsoft Azure — pronunciation assessment (scores your spoken audio).
Sign in with Apple, Google Sign-In — optional authentication providers.
Hosting — our application servers and database run on infrastructure we operate in the European Union.

Where your data lives

Your account and conversation data are stored in our database, hosted in the European Union. Audio processing by Google and Azure may transit through their respective infrastructures; transcription results are stored in our database.

How long we keep it

Account data: as long as your account is active.
Conversations and audio: kept until you delete them, or until your account is deleted.
Server logs: typically 30 days.
When you delete your account, we remove your personal data within 30 days. Some records may be retained longer where required by law (e.g. tax records).

Your rights

You can:

Request a copy of the data we hold about you.
Correct inaccurate data.
Delete your account and all associated conversations (see how to delete your account).
Object to or restrict certain processing.
If you are in the EU / UK, lodge a complaint with your local data protection authority.

Children

Tatin is not directed at children under 13. If you believe a child has provided us with personal data, email us and we'll remove it.

Security

We use TLS for data in transit, hashed passwords, and access controls on our infrastructure. No system is perfectly secure — if we ever become aware of a breach affecting you, we'll let you know.

Changes to this policy

If we make material changes, we'll update the date at the top and, where appropriate, notify you in the app.

Contact

Questions, data requests, or complaints: use the contact form.