Legal
Effective date: 2026-06-09. Last updated: 2026-06-09.
Tention Media is run by The Munna Co Pty Ltd (ABN 14 660 483 581), an Australian company based in Victoria. We make a service that helps you plan, record, and share short pieces of content on social media. We're writing to you here as the controller of your personal information.
Legal entity: The Munna Co Pty Ltd
Registered address: 81 Watt Road, Mornington, Victoria 3931, Australia
Privacy contact: privacy@tention.app
Site: tention.app
For the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Australian Privacy Act 1988 (APPs), The Munna Co Pty Ltd is the data controller (and the APP entity) for the personal information described below. For the California Consumer Privacy Act (CCPA/CPRA), we are the business.
EU representative (GDPR Article 27): To be appointed before the first EU data subject signs up. Email privacy@tention.app for current status.
UK representative (UK GDPR Article 27): To be appointed before the first UK data subject signs up. Email privacy@tention.app for current status.
Data Protection Officer: We are not currently required to appoint a DPO under GDPR Article 37 (our processing does not meet the "large scale" or "regular and systematic monitoring" thresholds at our current size). We review this on every material change of processing activity or scale.
If you have questions about anything here, write to us at privacy@tention.app.
We collect what we need to run the service. We don't sell your personal information, and we don't share it with advertisers.
When you sign up, we collect your name, your email address, and authentication credentials (handled by our identity provider, not stored by us in plain form, see Section 4). We also keep what you tell us during onboarding about your role and your industry so we can tailor what the service offers you.
You can write your own guidelines inside the service. A guideline is a short label and a phrase or pattern in your words. Examples: "no specific dollar amounts," "always mention I'm not licensed in California," or your own tone preferences.
These guidelines are yours. We don't supply them, suggest them, or infer them from your industry. We store them while your account is active. You can delete any guideline at any time, and we hard-delete it from our database (no soft-delete, no edit history retained in the database).
When you record a video in the app, the file is stored against your account. While you have an active subscription, your recordings stay available to you in the app so you can re-edit them, schedule them, or share them later. If you cancel, recordings are retained for 30 days as a grace period and then deleted.
When you run a brand check on a recording (see Section 2.4), the audio is sent to a transcription service to produce a text transcript for the check. The transcript is held in memory only for the duration of the brand-check run and is not persisted in our database, our object storage, or our log pipeline. It exists long enough to produce the check report, and then it is gone.
The brand check is a feature that compares the words in your recording against the guidelines you have written yourself. It is a text-matching report. You see which of your guidelines, if any, matched, and the exact words from your recording that matched them.
We don't supply guidelines. We don't tell you what your guidelines should be. We don't rate, score, certify, sign off, or verify your content against any external standard. The report is the matches against your rules and nothing else. You decide what to do with each match.
For each brand-check run, we keep a small audit record in our database. The audit record contains a request identifier, a count of the guidelines checked, a count of matches found, a timestamp confirming that the transient audio file was deleted, and the model used. The audit record does not contain the transcript, the matched quotes, or the text of your guidelines.
After a brand check, we generate a short topic summary describing the subject of the recording (for example: "User filmed a 90-second video about offset accounts"). The summary is capped at 30 words and is constrained so that it does not include client names, dollar amounts, dates, addresses, medical conditions, or other personal information. We use the summary to improve what the service surfaces to you over time.
Topic summaries are retained for up to 12 months on a rolling basis. You can clear yours at any time from the app.
We record structured events for what you do in the app: prompts you opened, recordings you started, schedules you set, brand checks you ran, posts you published. We don't record what you typed or said inside those events beyond what is necessary to deliver the feature. We use these events to operate the service, debug it, and improve it.
If you connect a social media account (for example, to schedule a post), our publishing partner stores the credentials needed to publish on your behalf and returns metadata about each post (platform, post identifier, publishing time, engagement counts). We don't store the underlying social credentials ourselves. You can disconnect a social account from the app at any time.
When paid subscriptions are available, payments are handled by our payment processor. We don't see, store, or process your card details. We receive a customer reference and your subscription status from the processor.
We collect log events and error reports to operate the service. Before any log or error reaches our third-party log and error services, it passes through an allowlist that strips out the kinds of fields that could contain personal information (transcript text, matched quotes, guideline text, topic summaries). Only event metadata reaches those providers.
On our marketing site at tention.app. A small number of cookies, kept deliberately short.
Essential cookies keep the site working. They remember things like which page you're on, your accessibility settings, and whether you've already responded to the cookie banner. They don't need your consent, and the site doesn't work properly without them.
Analytics cookies from Google Analytics 4 and Google Search Console. We use these to see which pages people read, how they found the site, and where to improve it. We configure them with Google Signals off, IP anonymisation on, and advertising features disabled. Default retention is 14 months. These cookies don't load until you've accepted them through the cookie banner on your first visit. You can change your choice any time through the "Cookie settings" link in our footer.
Global Privacy Control (GPC). If your browser sends a Global Privacy Control signal, we treat it as an opt-out of the analytics cookies and as an opt-out of "sale" or "sharing" under the CCPA/CPRA, which is moot for us because we don't sell or share personal information for advertising in any case.
Where the law requires your prior consent for non-essential cookies (the EU, UK, and an increasing number of other places), we won't load them until you've accepted. Where the law doesn't require prior consent (currently most of Australia and the US), we offer the same banner so the choice is yours.
We don't run advertising trackers, retargeting pixels, social-media pixels, or cross-site profiling tools on the marketing site.
In the product apps (web and mobile). The web app uses session and authentication cookies (managed by our identity provider) to keep you signed in. The mobile app uses secure on-device storage for the equivalent purpose. The mobile app also uses an in-app product analytics SDK that records structured events (which screen you're on, which buttons you tap) so we can debug and improve the product; it does not record what you type or say, and does not enable session-replay video. Neither app runs advertising trackers.
For a deeper breakdown of every cookie used on the marketing site (provider, lifetime, purpose), see our cookie settings panel.
Each of the things we collect maps to a legal basis under the GDPR and UK GDPR, and an authorised purpose under the Australian Privacy Act.
Create and manage your account. GDPR / UK GDPR: contract, necessary to provide the service you asked for. Australian Privacy Act: directly related to the primary purpose of collection.
Store guidelines you've written. Contract: core to the service.
Brand-check your recording. Contract: you submit a recording for this purpose.
Keep recordings while you're subscribed. Contract: the service holds your work so you can use it again.
Topic summaries. Legitimate interest: improves what we offer you; constrained to non-personal information.
Brand-check audit record. Legitimate interest: service integrity, dispute resolution.
Social posts and connected accounts. Contract: feature you opted into.
Logs and errors. Legitimate interest: operating a secure, working service.
Marketing site analytics. Consent, where required by law (EU/UK); otherwise legitimate interest.
Payments (when live). Contract: necessary to bill you for the service.
We don't process anything for our own marketing or advertising purposes.
About automated processing (GDPR Article 22 / Article 13(2)(f)). The brand check uses automated speech-to-text transcription followed by a text comparison against the guidelines you have written yourself. The output is a list of quotes from your recording that match one or more of your rules, with a timestamp and the label of the rule each quote matched. The output does not include severity ratings, fix suggestions, certification, or regulatory citations generated by us. The system does not act on the output autonomously. You decide what to do with each match, and what (if anything) to publish. We do not consider this processing to constitute automated decision-making with legal or similarly significant effects within the meaning of Article 22 GDPR.
Most of the personal information we process about you is collected directly from you (Article 13). Two categories come from elsewhere:
Engagement metrics on posts you publish through the service (likes, comments, shares, views) come back to us from the social platforms via our publishing partner.
Product analytics events (which screen you opened, which feature you tapped) come from the app's own telemetry running on your device.
We don't otherwise collect personal information about you from third parties.
We use third-party service providers ("processors") to deliver the service. Each has a Data Processing Agreement (or equivalent) with us. They handle your data only on our instructions and only for the purpose we engaged them for. We don't sell your data, and we don't share it for advertising.
The processors fall into the following categories:
Application infrastructure. Cloud hosting, database, object storage, background-job processing. Primary application data is held in Australian regions; some edge services are global.
Identity and authentication. The provider that holds your sign-in credentials and manages your session.
AI and processing. Providers that transcribe audio in memory, generate user-facing copy, and produce the brand-check report. The specific providers and the cross-border transfers involved are described in Section 5, because the cross-border transfer matters to your rights.
Payment processing (when paid subscriptions go live). The provider that handles your card details. We don't see or store card numbers.
Publishing partner. The provider that posts to your connected social media accounts when you've connected one.
Observability. Error monitoring and log aggregation. Both are configured so that the kinds of fields that could contain personal information (transcript text, matched quotes, guideline text, topic summaries) are stripped before the log or error reaches the provider.
Product analytics. Product-usage analytics in the mobile app, and marketing-site analytics on the public website (Google Analytics 4 and Search Console, see Section 2.10 for the cookie disclosure).
Mobile and marketing infrastructure. The platform that builds and delivers updates to the mobile app, and the platform that hosts the marketing site.
For each of the above we have selected the provider after a privacy and security review, and we have a Data Processing Agreement in place. We notify you of material changes to which providers we use at least 30 days in advance, by email to the address on your account and by updating this policy.
If you'd like the specific names of the providers in any of the categories above, write to us at privacy@tention.app and we'll provide the current list.
Some of our sub-processors are located outside Australia and the EEA/UK. Two transfers are worth calling out specifically.
When you run a brand check, the audio file is sent to OpenAI's Whisper API in the United States for transcription. This transfer is governed by OpenAI's API Data Processing Addendum, which incorporates the European Commission's Standard Contractual Clauses (SCCs). The audio file is deleted within seconds of the transcription returning. The transcript itself is not stored.
The transcript text is processed in memory by Google's Gemini API to generate the brand-check report and the topic summary. This transfer is governed by Google's Data Processing Addendum with SCCs. The transcript is discarded immediately after the report is generated.
We use Anthropic's Claude API to generate some user-facing copy in the app (for example, ideation prompts and writing suggestions). Claude does not receive your transcript, your recordings, or your brand-check report. This transfer is governed by Anthropic's Data Processing Addendum with SCCs.
Some of the other processors in the categories listed in Section 4 (identity, observability, product analytics, mobile build infrastructure, payment processing) are located in the United States or operate globally distributed services. Each has a Data Processing Agreement with Standard Contractual Clauses where applicable, and we send each only the minimum information needed for its function. Where a provider holds Data Privacy Framework (DPF) certification (currently OpenAI, Google, Anthropic), we additionally rely on the DPF as a transfer safeguard.
Steps we take under APP 8. For Australian users, where we disclose personal information to overseas recipients we take the following reasonable steps to ensure those recipients handle that information consistently with the APPs: Data Processing Agreements with each named processor; Standard Contractual Clauses or DPF certification where applicable; data minimisation, where we send only the minimum information needed for each function; transcript and audio deletion timelines described in Sections 2.3, 2.4, and 6; and a named-processor list provided on request via privacy@tention.app.
Training on your content. We don't use your content to train AI models. Our contracts with OpenAI (Whisper API) and Google (Gemini API) configure their services so your submitted content is not used to train their models. Our use of Anthropic (Claude API) is on commercial terms that exclude training on submitted data. Each provider may briefly retain submitted content for abuse monitoring or operational debugging under their published API terms; we do not have visibility into that retention beyond what each provider publishes.
Account information (name, email). While your account is active; deleted within 30 days of account deletion.
Guidelines you've written. While your account is active; hard-deleted on your action; otherwise removed within 30 days of account deletion.
Video recordings. While your subscription is active; 30-day grace period after cancellation, then deleted.
Transient audio (brand-check input). Deleted within seconds of transcription; 24-hour storage lifecycle policy as a backstop.
Transcripts. Not retained. Held in memory for the brand-check run only.
Topic summaries. 12 months on a rolling basis; deleted within 30 days of account deletion.
Brand-check audit records (metadata only: IDs, counts, timestamps). While your account is active; deleted within 30 days of account deletion.
App event data. Up to 24 months on a rolling basis; older events are deleted or aggregated.
Social post metadata. While your account is active.
Marketing site analytics (Google Analytics 4). 14 months; aggregated reporting kept longer.
Logs (routine, PII-redacted). 90 days.
Logs (brand-check audit events, PII-redacted). Up to 7 years for traceability.
When you delete your account, we run a deletion across recordings, topic summaries, guidelines, and account data within 30 days, in line with our APP 12 obligations and GDPR Article 17.
The rights below are honoured for every user, regardless of where you live.
You can ask us to show you the personal information we hold about you; correct information that's wrong, out of date, incomplete, or misleading; or delete your account and the personal information attached to it.
You have these rights under Articles 15 to 22 of the GDPR:
Access (Article 15). A copy of your personal data.
Rectification (Article 16). Correction of inaccurate or incomplete data.
Erasure (Article 17). Deletion of your data where there's no overriding reason to retain it.
Portability (Article 20). Your data in a structured, machine-readable format.
Objection (Article 21). To processing based on legitimate interest.
Restriction (Article 18). In defined circumstances.
Automated decision-making (Article 22). We don't make legally significant automated decisions about you.
You also have the right to complain to your local data protection authority. In the UK that's the Information Commissioner's Office (ico.org.uk). In the EU that's your country's supervisory authority.
You have the right to know what personal information we collect, use, and share; delete your personal information; correct inaccurate personal information; limit the use of sensitive personal information; and not be discriminated against for exercising any of these rights.
We do not "sell" your personal information and do not "share" it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.
Categories of personal information collected (last 12 months). Identifiers (name, email, account ID); commercial information (subscription status when paid subscriptions go live); internet or network activity (in-app events, device type, IP-region for analytics); audio and electronic information (recordings while you're subscribed, transient audio for brand-check); professional or employment information (role and industry you tell us during onboarding); inferences drawn from the above (which topics tend to engage your audience).
Sources of personal information. Directly from you; from your device's app or browser; from social platforms (when you connect a social account, via our publishing partner) for engagement metrics on posts you've published through the service.
Business or commercial purposes for collection. Providing and operating the service; security; analytics and product improvement; legal and regulatory obligations; debugging.
Categories of third parties to whom we disclose personal information for business purposes. Cloud infrastructure providers; identity and authentication providers; AI / processing providers; observability providers; product analytics provider; publishing partner; payment processor (when paid subscriptions go live). Each is a service provider or contractor under the CCPA; none receive personal information for their own purposes.
Sensitive personal information (SPI). We collect, under the §1798.121(d) limited-purpose carve-out: account log-in credentials (held in plain form only by our identity provider, not stored in plain form by us) and audio recordings (used only to provide the brand-check report, then either retained while you're subscribed or deleted, depending on the category, see Section 6). We do not use SPI for any purpose outside the service.
We review this disclosure at least every 12 months.
Most of the actions above can be done directly from inside the app: view, export, edit, and delete. For anything else, write to us at privacy@tention.app and we'll respond within 30 days. If we need longer for any reason, we'll tell you why within those 30 days.
The service is not designed for, marketed to, or intended for anyone under 18. We require you to confirm at sign-up that you are 18 or older. We do not knowingly collect personal information from anyone under 18, and if we discover that an account holder is under 18, we close the account and delete the associated personal information. The service's content, voice, and audience (regulated professionals running their own social media presence) are not targeted at children. We do not believe the service is likely to be accessed by children as that test is applied under the UK ICO's Age Appropriate Design Code, but we will reassess on any material change of audience or feature.
We use vendor-managed encryption at rest (AES-256) across all our persistent storage, and TLS 1.2 or higher for everything in transit. Credentials are kept in 1Password and injected at runtime, never written to disk in plain form. Our log and monitoring pipelines redact personal information before it reaches third-party services. No system is perfectly secure, and we'll tell you if anything material changes.
We have an incident response plan and will notify affected users in line with our legal obligations: within 72 hours where the GDPR's notification window applies, and within the Notifiable Data Breaches scheme's window for Australian users.
We'll update this policy from time to time. For material changes that affect your rights or how we process your personal information, we'll give you at least 30 days' notice before the changes take effect, posted here and (where you have an account) sent to your registered email.
The Munna Co Pty Ltd
81 Watt Road
Mornington, Victoria 3931
Australia
Privacy email: privacy@tention.app
If you're in the EEA or UK and not satisfied with our response, you can complain to your local data protection authority. If you're in Australia, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).