Last updated: May 2026

Tusile ("we", "our", or "the app") is a chat and voice application. This policy describes what data we collect, how we use it, and your choices.

Architecture note. Tusile has two layers: Tusile Core (operated by us) handles accounts, friends, direct messages, and server discovery. Community servers may be self-hosted by independent operators, or hosted by Tusile directly on our managed infrastructure ("Tusile-hosted servers"). This policy covers Tusile Core and Tusile-hosted community servers. Self-hosted community server operators are separate data controllers for the content on their servers.

1. Data we collect and use (Tusile Core)

1.1 Account and profile

• Email address — Used to create and sign in to your Tusile account.
• Display name and optional avatar — Your global Tusile identity. Shown to other users in DMs and in community servers you join. You choose what to set.
• Password — Stored securely (hashed) and used only for authentication. We do not have access to your plain password.
• Friends list and blocks — Stored by Core so your social graph works across every community server.

1.2 Direct messages

• DM text and DM file attachments — Stored by Tusile Core so you and the other participant can read the conversation and view shared files.
• GIFs — The app can search and send GIFs via a third-party GIF search service (e.g. GIPHY). Search terms and chosen GIFs may be processed by that provider according to their privacy policy.

1.3 Presence

• Online status — Core stores and shares whether you are online or offline so friends and members of community servers you join can see your activity.

1.4 Technical and usage data

• Device and app — We may receive technical information (e.g. app version, platform) to support and improve the service.
• Logs — Core and its hosting providers may keep limited logs (e.g. IP, timestamps) for security and operation. We do not sell this data.
• Product analytics — We use PostHog to collect anonymous usage events (e.g. which pages are visited, which features are used) to understand how the service is used and improve it. No message content or personal conversations are included. You can opt out at any time by enabling "Do Not Track" in your browser.

2. Data handled by community servers

2a. Self-hosted community servers (not by us)

When you join a self-hosted community server you agree that the server's operator handles the following on their own infrastructure:

• Channel messages and file attachments — Stored in the operator's database and object storage (local disk or their own S3 bucket), not by Tusile Core.
• Per-server nickname and per-server avatar (where supported) — Stored on the community server, not on Core.
• Roles, permissions, invites, bans, and moderation state — Managed by the server's operator.
• Voice and video — Your microphone, camera, and screen-share streams are relayed in real time by the LiveKit instance running on that community server. Voice is not recorded by Tusile Core and is not stored by LiveKit in the default configuration; check with the operator if you need specifics.

For retention, deletion, export, moderation, and breach notification of this data, contact the operator of the specific community server. Tusile does not have access to content stored on community servers it does not operate.

2b. Tusile-hosted community servers (operated by us)

When you join or own a free-tier server hosted by Tusile on our managed infrastructure, Tusile is the data controller for the following content:

• Channel messages and file attachments — Stored on our infrastructure.
• Per-server nickname and per-server avatar — Stored on our infrastructure.
• Roles, permissions, invites, bans, and moderation state — Stored on our infrastructure.
• Voice and video — Relayed in real time via our LiveKit instance. Not recorded or stored.

For these servers, your rights (access, correction, deletion) apply to us directly — contact us as described in Section 10. Server owners may delete their hosted server and all associated content at any time from within the app. We retain content on hosted servers as long as the server exists; we may also remove content or servers that violate our Terms of Service.

3. How we use your data

We use the Core data above to:

• Create and manage your Tusile account and global profile.
• Deliver direct messages, friend updates, and presence to you and the other participants.
• Register community servers for discovery and validate licenses.
• Enforce our terms, prevent abuse, and comply with the law.
• Operate, secure, and improve Core and the client apps.

We do not sell your personal data to third parties.

4. Who can see your data

• Other Tusile users — Your display name, avatar, and online status are visible to your friends and to members of community servers you join. DM contents are visible only to participants of that DM.
• Self-hosted server operators — When you join a self-hosted community server, that operator (not Tusile) can see content you post to that server's channels, your membership, and any roles assigned to you.
• Tusile (hosted servers) — When you join a Tusile-hosted server, we can see content posted there, as described in Section 2b. We do not sell or share this content with third parties.
• Core service providers — We use third-party services to run Core (e.g. hosting, database, auth). They process Core data on our behalf under agreements that limit use to providing the service.

5. Data retention

• Account and profile (Core) — Kept until you delete your account (see Section 7).
• Direct messages and DM files (Core) — Kept so long as the DM exists, in line with our backup and retention practices.
• Self-hosted server content — Retention is set by the community server's operator. Contact them for their retention policy and for deletion requests of content on their server.
• Tusile-hosted server content — Retained while the server exists. Server owners can delete the server (and all its content) at any time from the app. Members may contact us to request deletion of their messages on hosted servers.
• Voice — Not recorded by Core; relayed in real time by the community server's LiveKit instance.
• Logs — Retained only as long as needed for security and operations.

6. Security

We use industry-standard measures (e.g. encryption in transit, secure auth) to protect your data. No system is completely secure; we encourage strong passwords and safe use of the app.

7. Your rights and choices

• Access and correction — You can view and update your profile (e.g. display name, avatar) in the app.
• Deletion — You may request deletion of your account and associated data. Contact us (see below). After deletion, we remove or anonymize your data within a reasonable time, except where we must keep it for legal or safety reasons.
• Voice — You can leave a voice channel at any time to stop transmitting your voice.
• Local data — On your device, the app may store preferences and cache (e.g. for faster loading). You can clear app data or uninstall to remove it.

If you are in the European Economic Area or the UK, you may have additional rights (e.g. access, portability, restriction, objection) under applicable data protection laws.

8. Children

The app is not directed at children under 13 (or higher age where required). We do not knowingly collect data from such users. If you believe a child has provided us data, please contact us so we can delete it.

9. Changes to this policy

We may update this policy from time to time. We will post the revised version (with a new "Last updated" date) in the app or on our website. Continued use of the app after changes means you accept the updated policy.

10. Contact

For privacy-related questions, account deletion, or data requests:

• App / developer: Tusile (Karol Rzotki)
• Email or support: krzotki@gmail.com

If you are in the EEA/UK and have a complaint, you may also lodge it with your local data protection authority.