Privacy Policy — Tusab

Version: 1.1

Effective Date: June 18, 2026

Controller: CriAugu — CNPJ 65.131.075/0001-57

Website: https://tusab.solutions

Contact: criaugu.tec.design@gmail.com

1. Presentation

Tusab is a personal knowledge management (PKM) system with on-premises AI, developed and marketed by CriAugu. This Policy describes how we collect, use, store, and protect your data, in accordance with the General Data Protection Law (LGPD — Law No. 13,709/2018) and the GDPR (EU Regulation 2016/679), where applicable. Tusab’s core principle is “local-first”: your data remains on your device. CriAugu does not have servers that store your content, your conversations, or your knowledge bases.

2. Data Collected

2.1 Locally processed data

The data below is processed exclusively on the user's machine and is never sent to CriAugu servers:

• YouTube transcripts: Used for the personal base. Stored in: <data>/cerebro/<channel>/youtube/

• PDFs, DOCX, and TXTs: Used to enrich the base. Stored in: <data>/cerebro/<channel>/documents/

• Manual texts: Used to enrich the base. Stored in: <data>/cerebro/<channel>/texts/

• WhatsApp conversations: Used to enrich the base. Stored in: <data>/cerebro/<channel>/conversations/

• Meeting transcripts: Used to enrich the base. Stored in: <data>/cerebro/<channel>/transcripts/

• BM25 Index: Used for local search. Stored in: <data>/cerebro/<channel>/index/

• Agent settings: Saves user preferences. Stored in: <data>/config/agent_config.json

• Chat history: Gives context to the conversation. Stored in RAM (completely deleted when closing the app).

2.2 Third-party API keys

The user may optionally provide API keys from external providers (Groq, OpenAI, Google Gemini, Anthropic).

• They are stored locally via Electron's safeStorage or in config/agent_config.json.

• They are never transmitted to CriAugu.

• They are used directly from your device to connect to the providers.

• The security of these keys is the user's responsibility.

⚠️ Attention: We recommend not including the config/ folder in automatic cloud backups without additional encryption.

2.3 Usage Telemetry (Optional)

With the user's express consent (via a prompt on the first run), we collect anonymous usage events to improve the system:

• App open: Collects the date, time, and app version.

• Extraction start: Collects the types of content that were selected.

• Indexing started: Only the event is recorded (no content data is collected).

• Chat sent: Records only the usage modality and which provider was used.

• Configured provider: Only the name of the chosen provider (e.g., "gemini"). We do not collect: message content, URLs, video titles, file names, API keys, or any personally identifiable data. Consent can be revoked at any time in the settings.

2.4 Google Drive Integration (Optional)

If Google Drive synchronization is enabled:

• Authentication occurs directly with Google's servers.

• The access token is stored locally in config/token.json.

• CriAugu does not have access to the token or your Drive files.

• The requested scope is the minimum necessary, restricted to the specific Tusab folder.

3. Legal Basis for Processing (LGPD / GDPR)

Below we explain the legal justification for each type of processing:

• Knowledge base processing: Supported by Consent (LGPD) and Contract Execution (GDPR).

• AI agent configuration: Supported by Legitimate Interest (LGPD and GDPR).

• Usage telemetry: Supported by Explicit Consent (LGPD and GDPR).

• API key storage: Supported by Legitimate Interest (LGPD) and Contract Execution (GDPR).

4. International Data Transfer

When using external AI providers (OpenAI, Google Gemini, Anthropic, Groq), the content of your queries (questions and context) is transmitted to the servers of these companies, which may be located outside of Brazil. Tusab displays an explicit warning when configuring them. By proceeding, the user accepts the terms of the respective provider:

• OpenAI: https://openai.com/privacy

• Google (Gemini): https://policies.google.com/privacy

• Anthropic: https://www.anthropic.com/privacy

• Groq: https://groq.com/privacy-policy The use of the default local provider (Ollama) does not generate any data transfer, keeping processing 100% on your own machine.

5. Data Subject Rights

In accordance with the LGPD (Art. 18) and GDPR (Art. 17), since processing is local, you have full control over your data:

• Access and Correction: The data remains in local folders on your computer, accessible and editable directly in the operating system or in the app.

• Deletion: This can be done via the application interface or by deleting local files.

• Portability: Files are saved in open formats (.txt, .json, .csv), always ready for export.

• Revocation and Opposition: Simply disable tracking in the settings or simply uninstall the application to end any processing. Questions can be sent to the email: criaugu.tec.design@gmail.com

6. Data Security

• Atomic writing: Prevents the corruption of your files in case of failures or power outages.

• Local API protection: The local API (127.0.0.1:8001) has a token generated at each startup and CORS restriction to prevent external access or unauthorized processes.

• Rate limiting: Request limit per minute to prevent system abuse.

• Isolation (Electron sandbox): The interface code runs isolated and does not have direct access to your operating system.

• Key Protection: Use of the system vault (Windows DPAPI / macOS Keychain) to safely save keys. We also recommend full disk encryption (BitLocker / FileVault).

7. Data Retention

• Your Knowledge Base (cerebro/): Indefinite retention (You have full control to delete it whenever you want).

• Your Settings (config/): Indefinite retention (You have full control to delete it whenever you want).

• Chat history (RAM): Retained only during the session duration (Automatically cleared when closing the app).

• Telemetry (PostHog): Retained for up to 12 months, but collection stops immediately if you revoke consent.

• Drive Token: Maintained until revocation (Manual deletion or via the app by the user).

8. Cookies and Tracking

Tusab is a desktop application and does not use cookies. Anonymous telemetry, when authorized by you, uses a randomly generated identifier (via PostHog SDK) that has no link to your personal data.

9. Minors

The system is not intended for children under 16. We do not intentionally collect data from minors. If you believe a minor's data has been processed, please contact us for proper deletion guidance.

10. Changes to this Policy

This policy may be updated. In case of material changes, you will receive a notification when opening the application. The latest version will always be available at https://tusab.solutions.

11. Contact and Data Protection Officer (DPO)

Responsible Company: CriAugu — CNPJ 65.131.075/0001-57
Data Protection Officer: Augusto Brasil
Contact email: criaugu.tec.design@gmail.com
Official Website: https://tusab.solutions
LinkedIn: https://linkedin.com/in/augustoalvesbrasil