Privacy Policy

Effective June 3, 2026

Tavi Labs, Inc. ("Tavi Labs", "we", "us", "our") operates the Tavi mobile application (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Tavi, you agree to this Policy.

1. Information we collect

Information you provide

Photos (optional). If you choose to add a photo to personalize your experience, it is uploaded to our servers, processed by an AI model, and stored so we can generate and revisit your reflections. You can delete all your data at any time from Settings → Delete account.
Profile and onboarding answers. Name, birthday, wake-time preference, and personality answers you enter in onboarding.
Account identifiers. If you sign in with Apple or Google, we receive a stable user identifier and (where available) your name, email, and profile picture.
Chat messages. Conversations you have with the in-app AI assistant are stored to provide history and context.

Information collected automatically

Device identifiers. A pseudonymous device ID, timezone offset, and operating system version, used to deliver personalized daily content and analytics.
Push tokens. If you enable notifications, your Expo / Apple Push token is stored so we can send daily reading reminders.
Subscription status. Subscription state is received from our payments provider (Superwall / Apple) to unlock premium features.
Usage analytics. Pseudonymous product events (screens viewed, features used) to improve the product. We do not send your email or photos to analytics.

2. How we use information

To generate and deliver your daily reflections and personalize them to you.
To authenticate you and keep your account secure.
To send notifications you've opted into.
To process subscriptions and prevent abuse.
To debug, monitor, and improve the Service.

3. Sharing your information

We share data only with vendors that help us run the Service:

OpenRouter / model providers (Anthropic, OpenAI): for AI generation. Your reflection inputs (and any photo you add) are sent for inference.
Cloudflare R2: object storage for any images you add.
MongoDB Atlas: primary database hosting.
Apple, Google: sign-in providers.
Superwall: paywall and subscription management.
PostHog: pseudonymous product analytics. We do not send your email or photos to PostHog.
Expo Push: notification delivery.

We do not sell your personal information.

4. Data retention

We retain your data while your account exists. You can delete your account from Settings → Delete account at any time, which permanently removes your profile, readings, photos, and chat history within 30 days. Pseudonymous analytics may persist indefinitely after account deletion, but is not tied to your email or photos.

5. Your rights

Depending on where you live (EEA, UK, California, and other jurisdictions), you may have the right to access, correct, delete, port, or object to processing of your personal information. You can exercise most of these rights directly in-app via Settings, or by emailing us at the address below.

6. Children

Tavi is not intended for anyone under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

7. Security

We use industry-standard measures (TLS in transit, encryption at rest with our cloud providers) to protect your information. No system is 100% secure; please use a strong password on your sign-in provider account.

8. International transfers

Your information may be processed in the United States and other countries where our vendors operate. By using Tavi, you consent to these transfers.

9. Changes to this policy

We may update this Policy from time to time. Material changes will be announced in-app or via email. Continued use after changes means you accept the updated Policy.

10. Contact

Questions about this Policy or your data? Email app@usetavi.com, or write to Tavi Labs, Inc., attn: Privacy.