Tacita FAQ

No. Tacita has no backend. Every message you write and every reply the model generates is computed and stored entirely on your phone. The app makes only three explicit, user-initiated network calls: downloading a model file, verifying an in-app purchase receipt with RevenueCat, and a one-shot reachability check at startup. None of those carry chat content.

Permalink

All chats, characters, and settings are stored as AES-256-GCM ciphertexts under a key derived from your password via PBKDF2-HMAC-SHA256 with 300,000 iterations. The salt is per-vault and kept in the platform secure store (Android Keystore, iOS Keychain). The master key lives only in RAM while the vault is unlocked and is wiped on lock or app exit.

Permalink

The conversations are gone. Tacita does not keep a backup, a recovery key, or any kind of backdoor. Your password is the only input that can derive the encryption key, and we never see it. This is the trade-off you accept in exchange for a vault nobody else can open.

Permalink

None. Tacita ships zero analytics SDKs, zero crash reporters, zero attribution frameworks, zero A/B testing pipelines. In release builds the app emits no logs at all. In debug builds — used only by the developer — it emits structured metadata lines (counts, durations, request IDs), never message content.

Permalink

A secret vault is an encrypted workspace that does not appear in the unlock screen list. It is reached exclusively by typing its password directly. There is no "wrong password" feedback, by design — an observer cannot tell whether a secret vault exists.

Permalink

No. Tacita has no cloud sync and no remote backup. On Android the app declares allowBackup=false and excludes its files from device-to-device transfer. On iOS every file is tagged NSURLIsExcludedFromBackupKey. Your encrypted vault never appears in any cloud backup of the device.

Permalink

Three things, all initiated explicitly by you: the model file when you install one (HTTPS download from Hugging Face), an anonymous in-app purchase receipt verification with RevenueCat when you buy Tacita Pro, and a single optional reachability check at startup. No identifier and no chat content rides any of those requests.

Permalink

The crypto contract is published on the marketing site and inside the app's legal screens, and the implementation is covered by golden-vector tests for the AES-GCM record layout, the PBKDF2 parameters, and the salt size. If any of those numbers change, the public claim and the test goldens change in the same release.

Permalink

Tacita ships with two curated Gemma 4 instruction-tuned GGUF models: Light (E2B, ~2.89 GiB on disk, 4 GB minimum device RAM) and Pro (E4B, ~4.64 GiB on disk, 8 GB minimum device RAM). Pro users can additionally browse and install other Gemma-family GGUFs (every generation: 1, 2, 3, 3n, 4) directly from Hugging Face inside the app.

Permalink

The inference engine is fllama, a Flutter binding around llama.cpp, executing quantised GGUF models. A runtime planner sizes the context window and KV-cache quantisation (f16 on flagships, q8_0 on mid-range) from the RAM the device actually has, so the same binary runs acceptably on a mid-range phone and at full context on a flagship.

Permalink

Only when you download a model, restore a purchase, or run a web search you explicitly invoked. After a model is on disk, every reply is computed locally; you can keep using Tacita with the radios off.

Permalink

Any Android phone with 4 GB of RAM or more can run the Light model; the Pro model wants 8 GB. The runtime planner adapts threads, KV-cache quantisation, and context to the device tier, so a Pixel 7a, a Galaxy A54, or a Pixel 8 Pro each get a working setup without manual tuning.

Permalink

GGUF is the file format used by llama.cpp to store quantised language-model weights. It packages a tokenizer, the model architecture, and the quantised tensors into a single file the inference runtime can mmap. Tacita downloads pre-quantised Q4_K_M GGUFs of the Gemma 4 family.

Permalink

Manual GGUF import from arbitrary local files is not supported. On Pro you can install any Gemma-family GGUF hosted on Hugging Face directly from inside the app's Discover screen — pasting the repository URL is enough. Other architectures are intentionally not supported because the runtime planner is calibrated for Gemma.

Permalink

No. Your messages never leave the device, so there is nothing for anyone — including Tacita's publisher — to train on. The model that ships is a pre-trained third-party Gemma 4 GGUF; it does not learn from you, and we do not collect a corpus to fine-tune it.

Permalink

Yes. Gemma 4's thought channel is parsed and rendered as a collapsible reasoning trace separate from the visible reply. On Pro, the model can also call web search mid-thought (capped at three calls per turn), read the result, and keep reasoning before it answers.

Permalink

Tacita imports the community-standard CCv2 (PNG / APNG with a tEXt chunk keyed "chara"), CCv3 (tEXt chunk keyed "ccv3"), CHARX (a ZIP envelope with card.json at the root), and raw JSON envelopes. Every documented spec field is preserved as a discrete persona field, including the lorebook, alternate greetings, and creator notes.

Permalink

Yes. Tacita imports cards you already have on your device — it does not browse, recommend, or distribute character files. Once imported, the persona, lorebook, and avatar are encrypted into your vault and used entirely on-device.

Permalink

Yes. The full character_book field from CCv2 / CCv3 is parsed and rendered. The activation engine is a pure function: it scans the last N messages, picks entries whose keys match (with optional secondary-key gating and one bounded recursive pass), substitutes {{char}} and {{user}} macros, sorts by priority, and budget-fills before splitting into pre-character and post-character buckets.

Permalink

Yes — up to 32 alternate greetings per card are preserved verbatim. When you start a new chat with a card that has more than one greeting, a picker appears so you can choose which one (or skip) and the chosen greeting is macro-resolved before it lands as the first message.

Permalink

Yes. Every documented spec field maps to a discrete persona field, every unknown top-level data.* key is preserved verbatim under a synthetic extensions bucket, and voice / TTS namespaces are moved to a hidden bucket so the regular UI does not surface them — but they are never destroyed. Round-trip preservation is part of the parser's test suite.

Permalink

Yes. Every spec field surfaces in the persona editor: name, description, personality, scenario, first message, alternate greetings, message examples, instructions, post-history instructions, tags, creator notes, and the lorebook. Edits are sanitised and capped on save, the same way they are on import.

Permalink

Yes. CCv3's creator_notes_multilingual map is preserved field-by-field. The persona editor surfaces every locale variant the card includes.

Permalink

The avatar bytes are content-addressed into the per-vault encrypted blob store and the persona is written into your vault. By default the import preview offers to securely shred the original file (one pass of overwrite with random bytes encrypted under a one-time key, then unlink) — the same primitive Tacita uses to wipe vaults.

Permalink

The free tier is €0 forever. Tacita Pro is €19.99 paid once — a lifetime in-app purchase. There is no subscription, no recurring charge, and no usage-based billing. Storefronts convert €19.99 to your local currency and apply regional taxes; the price you see at checkout is the price you pay.

Permalink

The Light model (Gemma 4 E2B), one persona, every conversation mode (Assistant, Chat, Roleplay), sampling presets, multiple vaults, secret vaults, branched conversations, and the full encrypted-storage stack. Banner ads appear on the free tier; interstitials are infrequent and capped.

Permalink

The Pro model (Gemma 4 E4B), unlimited personas, sealed web / image / video search, memory facts, the Discover surface for browsing additional Gemma-family GGUFs, advanced sampling controls, and removal of all banner ads.

Permalink

There is no time-limited trial. The free tier is the trial — every privacy and conversation feature works without paying, and you can decide whether the Pro model and the Pro-only conveniences are worth €19.99 once.

Permalink

Yes. Pro is restorable on every device signed into the same store account. The unlock state is fetched from RevenueCat by your platform's anonymous app-installation id; no email, no name, and no chat content is involved in restoration.

Permalink

Tacita Bridge is the link between Tacita on your phone and Tacita Desktop on your computer. The phone routes generations to the desktop's hardware (GPU / CPU) when paired, falling back to the on-device model when the desktop isn't reachable. Pairing is one-time via QR code; the encryption key never leaves your devices.

Permalink

Bridge is part of the Pro + Bridge bundle (€39.99 lifetime). If you already own Tacita Pro, you can add Bridge for €19.99. Both prices are one-time, with no subscription. Storefronts convert to your local currency and apply regional taxes; the Tacita Desktop binary itself is free and open source under MIT.

Permalink

Cloud chatbot apps round-trip every message to a server, log it for moderation and analytics, often train on it, and store conversations under the operator's encryption key. Tacita does none of that — every byte stays on your device, encrypted under a key derived from your password. The trade-off is that the model size is bounded by your device RAM, and you take on responsibility for what you generate.

Permalink

On a flagship phone, time-to-first-token is typically sub-second because there is no network round-trip. Sustained throughput is bounded by the device's CPU and memory bandwidth, not by a remote API quota. There is no rate limit and no queue.

Permalink

Tacita is a phone-first app, but it natively imports the same CCv2, CCv3, and CHARX character-card formats those desktop tools use, with full lorebook activation and alternate-greeting support. If you have card files you already use, Tacita opens them.

Permalink

The Tacita interface ships in 30 locales: English, Spanish, Portuguese, French, German, Italian, Dutch, Russian, Polish, Turkish, Ukrainian, Czech, Swedish, Danish, Norwegian Bokmål, Finnish, Greek, Romanian, Hungarian, Simplified Chinese, Traditional Chinese, Japanese, Korean, Hindi, Indonesian, Vietnamese, Thai, Arabic, Hebrew, and Persian. The model picks up the language you write in.

Permalink

Yes. Three of the supported locales — Arabic, Hebrew, and Persian — are right-to-left. Layout direction follows the active locale automatically.

Permalink

Yes. The UI follows your device locale by default and you can override it from Settings. The choice is persisted per-vault inside the encrypted settings file — never in plaintext shared preferences.

Permalink

Tacita is available on Google Play. An iOS App Store build is in development; sign up for the email nudge from the homepage if you want to be told when it lands.

Permalink

Not yet. The Android build ships first; the iOS port is in progress and will arrive on the App Store later. The privacy and crypto contract is identical on both platforms.

Permalink

Tacita is built for flagship-class phones. On Android: Pixel 7 and newer, Galaxy S22 Ultra and newer, OnePlus 10 Pro and newer, Xiaomi 12 Pro and newer — broadly, devices with 8 GB of RAM and Vulkan 1.2 graphics support. On iOS: iPhone 15 Pro and newer; iPhone 13/14 work but the experience is meaningfully better on the Pro models with 8 GB of RAM. The Play Store and App Store apply the hardware requirements automatically — if Tacita appears in your store, your phone meets the bar. Older or lower-end devices won't see it listed.

Permalink

The app's binary is shipped through the stores and the privacy contract is verifiable from the binary; the source is not currently published as an open-source project. The crypto primitives Tacita relies on (PBKDF2, AES-GCM, llama.cpp via fllama) are themselves open and well-audited.

Permalink

Tacita is published by an independent EU sole trader. Full trader identification (the kind required by the Digital Services Act and EU consumer law) is on the imprint page. The privacy contact is [email protected].

Permalink

Linux (.AppImage, .deb, .rpm) and Windows (.msi). macOS is coming soon. They are free downloads from gettacita.com. The mobile-side Bridge entitlement is part of the Pro + Bridge bundle on Google Play and the App Store.

Permalink

No. Pairing happens directly between your phone and your desktop on the same Wi-Fi via mDNS discovery and a Noise IK handshake. Both devices need to be on the same local network — there is no relay we operate.

Permalink