Privacy

Privacy Policy

Tholos AI is built so we cannot see your data, even if we wanted to. This policy explains the very small amount of information we do collect, and why.

Last updated: May 22, 2026

Summary

Tholos AI runs entirely on your device. Your documents, prompts, model outputs, audio recordings, and any other content you process with the software never leave your machine. We do not operate servers that handle that content, because the architecture does not require any.

The only personal data we process is what we need to (a) verify your license, (b) take payment, and (c) send you administrative email such as receipts and security notices. We do not run analytics on you, sell data, or share data with advertisers.

What we don't collect

To be explicit, Tholos AI does not collect, transmit, or store:

  • The contents of any document, file, image, or audio you load into the application
  • Your prompts, questions, or chats with local models
  • Model outputs, summaries, transcripts, or generated infographics
  • Your document index, embeddings, or knowledge base
  • Usage telemetry, feature analytics, crash dumps with user content, or behavioral data
  • IP addresses or geolocation beyond what is incidental to a single license check or update request
  • Anything described as "anonymous usage data"

Because none of the above is collected, none of it can be requested by us, leaked by us, or compelled from us.

What we do collect

License activation

When you activate a license, our activation server records:

  • The license key
  • A device fingerprint hash (a one-way hash derived from hardware identifiers, not the identifiers themselves)
  • The activation timestamp and approximate geographic region (country level, derived from IP)

This is the minimum required to enforce per-tier device limits and to prevent unlimited reuse of a single key.

Payment

Payments are processed by Stripe. We receive a payment confirmation, your billing email, and the last four digits and brand of your card. We do not receive or store full card numbers. Stripe's privacy policy governs their own handling of your payment information.

Update checks

If enabled, the application periodically checks for new versions by requesting a small JSON file from our update server. The request contains the current version number and operating system family (e.g. "Windows"); no license key, document content, or user identifier is included. Update checks can be disabled entirely, and are disabled by default in the Business tier's air-gap mode.

Support correspondence

If you email us at support@tholosai.com, we receive your email address and whatever you choose to write. We retain support correspondence for the period required to resolve the matter and to satisfy our record-keeping obligations.

Third parties

The only third parties involved in the Tholos AI service are:

  • Stripe — payment processing
  • Our infrastructure provider — hosting the licensing and update servers (network operator only; they do not have access to plaintext data)
  • Our email provider — sending receipts and security notices

We do not use advertising networks, behavioral analytics platforms, session-replay tools, or any third-party telemetry SDK inside the Tholos AI application. The desktop binary makes no outbound network calls beyond license activation, optional update checks, and any outbound connection you explicitly initiate.

Retention

License records are retained for as long as your license is active and for a reasonable period thereafter for tax, accounting, and anti-fraud purposes (typically 7 years, in line with Singapore statutory requirements). Support emails are retained for up to 3 years. Payment records are retained by Stripe per their policy.

Your rights

Depending on where you live, you may have rights under laws including Singapore's Personal Data Protection Act (PDPA), the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). These typically include rights to access, correct, delete, or port the personal data we hold about you, and to object to certain processing.

Because we hold very little about you, requests are usually simple to fulfil. To exercise any of these rights, email support@tholosai.com from the address associated with your license. We will respond within 30 days.

We do not transfer personal data outside the jurisdictions of our infrastructure provider, except where required to deliver email to you, process payment, or comply with applicable law.

Changes to this policy

If we materially change this policy, we will update the "Last updated" date above and, for existing license holders, send a notice by email at least 30 days before the change takes effect. Continued use of the software after the effective date constitutes acceptance.

Contact

Tholos AI is published by FoxAVideo Tech Pte. Ltd., Singapore.

For privacy questions or requests, email support@tholosai.com.