Privacy Policy
Last updated
How We Collect, Use, Protect, and Respect Your Data
Effective Date: July 2026
Version: 1.3
Applies To: tavalearning.ai and all subdomains; the TAVA web application; the TAVA browser extension; all TAVA APIs and services
Governing Entity: TAVA Learning Inc., United States (Delaware)
Regulations: FERPA · COPPA
Privacy Contact: support@tavalearning.ai
Related Documents: Terms of Service (tavalearning.ai/terms) · Data Processing Agreement (available on request)
Our Five Privacy Commitments - Read This First
Your Topics are always private. No institution, employer, teammate, TAVA employee, or anyone else can ever see the content of your Topics. This is an absolute technical and architectural boundary. Your data is never used to train AI models. You control what becomes visible - only work you deliberately move from a Topic into a Project is ever shared with collaborators. We do not sell your data, ever, to anyone, for any purpose. You have rights over your data: access what we hold, correct it, export it, and delete the Content you create yourself, at any time. We will respond within one business day on average.
This Policy is a legal document and a binding commitment. Please read it in full.
Table of Contents
2. Scope of This Privacy Policy
3. The Data We Collect and Why
4. The Two-Space Architecture - Topics vs. Projects
7. Data Sharing and Sub-Processors
10. FERPA - Student Educational Records
12. Cookies and Tracking Technologies
15. Changes to This Privacy Policy
1. Who We Are
TAVA Learning Inc. ("TAVA," "we," "us," or "our") is a US corporation developing and operating the TAVA platform. TAVA is an AI-powered research and learning workflow platform that enables students, educators, enterprise teams, and knowledge workers to collaborate with artificial intelligence and each other, while preserving intellectual integrity, traceability, and human agency.
For users accessing the Services directly (individual and team subscribers), TAVA Learning Inc. is the data controller. For users accessing the Services through an institutional agreement, TAVA Learning Inc. acts as data processor on behalf of the institution with respect to individual records. The specific allocation of responsibilities is set out in the Data Processing Agreement (DPA) executed with each institution.
2. Scope of This Privacy Policy
This Privacy Policy applies to all data we collect when you:
- Visit the TAVA website at tava.ai and any subdomains
- Create an account or use the TAVA web application
- Install and use the TAVA browser extension
- Access TAVA through an institutional integration
- Contact us by email, form, or other means
- Participate in pilots, surveys, or research programs
This Policy does not apply to third-party services you access through TAVA integrations (e.g., Google Docs). Those services have their own privacy policies.
This Policy should be read alongside our Terms of Service (tava.ai/terms). Where an institutional agreement or Data Processing Agreement exists, that document governs the institutional data relationship and supplements this Policy.
3. The Data We Collect and Why
We collect the minimum data necessary to provide the Services:
Account Data — Your email address, and a display name if you choose to provide one at registration, along with your password (hashed) for authentication. This is the only personal data TAVA collects directly from individual account holders - we do not collect or require your full name.
Institutional Roster Data — Name, email, and role, as provided by your institution's or organization's system of record (for example, an LMS course roster, or an employer's HR or identity system via SSO/SCIM), only received when that integration is active. Used to provision accounts, sync rosters or team membership, and enable manager-teammate or faculty-student project relationships.
Content Data — Notes (all six origin types), Topics, Projects, uploaded documents, generated documents, bookmarks, screenshots, translations, and AI prompts and responses within the platform. Created through your use of the Services, and used to provide the Services, enable collaboration within Projects, and generate the audit trail.
Provenance Metadata — For every Note: origin method, author, timestamp, source URL or document reference, and LLM provider used (if applicable). Automatically generated by the platform to power the audit trail, enable contribution analytics, and support faculty or manager dashboards.
Usage and Engagement Data — Actions within the platform: Notes added, documents generated, collaboration events, LLM queries within Projects, and engagement timeline entries (Active Work Time, excluding idle time). Automatically generated by platform activity, used to provide platform features and improve the Services.
Technical and Device Data — Browser type and version, operating system, IP address, device type, session identifiers, error logs, and performance metrics. Automatically collected when you access the Services, used to maintain platform security, diagnose technical issues, and detect and prevent unauthorized access.
Communication Data — Emails you send to TAVA, support tickets, feedback submissions, and survey responses. Provided when you contact us, used to respond to your inquiries and improve the Services.
Payment Data — Billing name, billing address, and the last four digits of your payment card. Full payment card details are never stored by TAVA. Provided when you subscribe, used to process subscription payments and manage billing.
Cookie and Tracking Data — Session cookies, authentication tokens, and preference cookies. No advertising or cross-site tracking cookies. Automatically collected by your browser, used to maintain your login session, remember your preferences, and ensure platform security.
4. The Two-Space Architecture - Topics vs. Projects
Topics Are Always Private. This Is a Technical Guarantee, Not Just a Policy.
Topics are stored in a dedicated, user-scoped data partition. There is no database join path, no API endpoint, and no administrative interface that allows any other party - including colleagues, institutional administrators, or TAVA employees - to access the content of your Topics. This is not a permission setting you can accidentally change. It is how the platform is built.
Topics — Private Thinking Space. Your private research sandbox, used to explore ideas, ask questions, clarify material, and draft early thoughts, freely and without judgment. Who can see it: you only, absolute and non-negotiable - not managers, not teachers, not teammates, not institutional admins, not TAVA staff. Audit trail: none visible to any third party; your Topic activity is stored only for your own retrieval. AI queries inside Topics are processed to generate your response and stored only in your private Topic space, never visible in any manager, faculty, or shared dashboard. Data enforcement is applied at the database schema level: no foreign key relationship exists between Topic tables and any manager, teacher, collaborator, or institutional access table.
Projects — Collaborative Workspace. Your shared, accountable workspace, used for curated work you deliberately choose to share - Notes promoted from Topics, documents generated, uploaded materials, and collaboration. Who can see it: you and the collaborators you explicitly invite, at the roles you assign; for institutional or enterprise accounts, faculty or managers with elevated access can see Project-level work when permitted. Audit trail: full audit trail of Notes added, documents generated, collaboration events, LLM usage, and engagement timeline, visible to authorized Project members and to faculty or managers. AI queries inside Projects are recorded in the Project audit trail and visible to Project collaborators and, for institutional or enterprise accounts, to faculty or team leaders. Data enforcement is applied at the API and database level: role-based access is validated on every request before any Project data is returned.
4.1 What Moves from Topics to Projects
Content moves from your private Topic space to a shared Project space only through your deliberate action. You must explicitly add a Note from a Topic to a Project. Promotional actions are logged in the Project audit trail with a timestamp and author attribution. They are never logged in a way that makes unpromoted Topic content visible.
5. How We Use Your Data
Providing the Services — Storing and retrieving your Notes, Topics, Projects, and documents; powering research tools; enabling collaboration; generating the audit trail; running AI features within your workflow. Uses Content Data, Provenance Metadata, and Usage Data.
Account Management — Creating and maintaining your account; authenticating your identity; managing your subscription; sending service-critical communications. Uses Account Data and Payment Data.
Faculty, Manager, and Institutional Dashboards — Generating contribution analytics, engagement timelines, alignment scoring, and weighted contribution scores visible to authorized faculty or managers within Projects (never Topics). Uses Usage Data, Provenance Metadata, and Project-level Content Data.
Security and Fraud Prevention — Detecting and preventing unauthorized access, abuse, and fraud; maintaining audit logs for security purposes. Uses Technical Data, Account Data, and Usage Data.
Platform Improvement — Diagnosing bugs and performance issues; analyzing aggregate usage patterns to improve features. Uses Technical Data and Usage Data, aggregated and de-identified where possible.
Legal Compliance — Complying with applicable laws and regulations (FERPA, COPPA); responding to lawful legal process. Uses any data categories as required by applicable law.
Communications — Responding to support requests; sending product update announcements (opt-out available); notifying you of material changes. Uses Account Data and Communication Data.
What we will never do: We will never use your data to train AI models. We will never sell your data. We will never use your Content for advertising or marketing purposes.
6. AI Features and Data
6.1 How AI Features Work
TAVA integrates AI language models to power research assistance, Note generation, document creation, and gap analysis features. When you use an AI feature, your prompt or query is sent to an AI model provider for processing. The response is returned to TAVA and stored as part of your workflow, in your Topic or Project, depending on where you initiated the query.
6.2 The Zero Training Data Commitment
No User Data Is Ever Used to Train AI Models
TAVA's agreements with all AI model providers explicitly prohibit the use of user data - including prompts, queries, responses, Notes, Topics, and any other platform content - to train, fine-tune, or improve AI models. This commitment is contractually binding on our AI providers.
6.3 Current AI Providers
OpenAI (Azure-hosted) — Primary LLM provider for Ask LLM, document generation, Boost Insight, and What Am I Missing? Data sent: your prompt text and sufficient context to generate a response, with no personal identifiers included beyond what you include in your query.
Anthropic Claude (in development) — Additional LLM provider for multi-LLM comparison features. Data sent: prompt text and context only.
6.4 AI Provenance and Attribution
Every piece of content generated with AI assistance within TAVA carries a provenance record: the LLM provider used, the timestamp, and the authoring user. AI-generated content in Topics carries provenance metadata visible only to you. In Projects, this attribution may be visible to authorized collaborators and faculty or managers.
6.5 AI Output Accuracy
Important:
AI language models can produce inaccurate, incomplete, outdated, or fabricated content - including hallucinated citations. TAVA's Source Review Protocol requires you to verify all sources before finalizing documents. You are responsible for reviewing AI-generated content for accuracy.
7. Data Sharing and Sub-Processors
7.1 We Do Not Sell Your Data
TAVA does not sell, rent, or trade your personal data to any third party for any purpose. TAVA's products are ad-free. We do not generate revenue from your data.
7.2 When We Share Data
- With sub-processors (technology providers) who process data on our behalf to provide the Services
- With your institution, if you access the Services through an institutional agreement - limited to Project-level data
- With your collaborators and authorized Project members - limited to data within the Projects you share with them
- With authorized faculty members or managers - limited to Project-level data
- When required by law, regulation, or valid legal process
- In connection with a merger, acquisition, or sale of TAVA - subject to the protections in Section 7.4
7.3 Sub-Processors
Microsoft Azure (United States) — Cloud hosting (API, database, Service Bus, Active Directory, Azure OpenAI). Data categories: all platform data categories.
OpenAI, Azure-hosted (United States) — AI language model processing for LLM-powered features. Data categories: prompt text and query context.
Anthropic, planned (United States) — Additional LLM inference provider. Data categories: prompt text and query context.
Platform engineering and development teams — Limited access to production data for debugging only, under a signed DPA. Data categories: technical data and limited content data for debugging under access controls.
Payment Processor — Stripe or equivalent (United States) - Subscription payment processing. Data categories: billing name, billing address, and payment card data.
Email Service Provider, to be confirmed (United States) — Transactional email delivery. Data categories: account data (email address, name).
7.4 Corporate Transactions
If TAVA is acquired, merged with another company, or if we sell all or substantially all of our assets, your data may be transferred to the acquiring entity. We will provide at least 30 days' notice before any such transfer and will require the acquiring entity to honor this Privacy Policy or provide you with equivalent protections.
7.5 Legal Process and Government Requests
We may be required by law to disclose your data in response to a valid court order, subpoena, or warrant. When legally permitted, we will notify you before disclosing your data to a government authority. We will not disclose more data than legally required.
Topic content: Because Topic content is stored in a user-scoped partition accessible only by the account holder, TAVA's ability to produce Topic content in response to legal process is architecturally constrained.
8. Data Retention
We retain your data only for as long as necessary to provide the Services, comply with legal obligations, and fulfill the purposes described in this Policy:
Account Data — Your email address is retained for as long as your account exists and is not deleted upon account closure, for security, fraud-prevention, and record-integrity purposes. This is limited to your email address; TAVA does not hold your name or other personal identifiers.
Content Data (Topics, Notes, Projects, documents) — Duration of account plus 30 days after closure. Your intellectual work is yours; we delete it when you leave. Institutional accounts are subject to the institution's FERPA record-keeping obligations.
Provenance Metadata and Audit Trail — Duration of account, plus up to 7 years for institutional accounts, which may be subject to institutional FERPA record-keeping obligations.
Institutional Roster Data — Duration of the institutional or organizational agreement plus 90 days. Roster or team-membership data is re-synced on the applicable cycle (academic term or HR sync interval) and deleted 90 days after the agreement ends.
Payment Data — 7 years from the transaction date, as required by US tax and financial regulations.
Security Logs and Technical Data — 90 days standard, or up to 1 year for security incidents, used for security monitoring and incident investigation.
Communication Data — 3 years from last contact, retained to maintain support history.
Data during free trial (unpaid) — 30 days after trial expiry. Content is retained for 30 additional days after the trial, then permanently deleted.
9. Your Rights
TAVA gives you direct, self-service tools to view, correct, export, and delete your data within the platform itself, without needing to contact us. Contacting support@tavalearning.ai is reserved for complaints and matters you cannot resolve yourself using the tools below.
Access — Your email address and, if provided, your display name are visible directly in your Account settings at any time. Beyond your email address, TAVA does not hold personal data about you to access.
Correction — You can update your email address or display name at any time directly in your Account settings.
Deletion — You can delete your Content (Notes, Topics, Projects, and documents) yourself, at any time, directly within the platform - TAVA does not have access to this Content and cannot delete it on your behalf. Your account and associated email address cannot be deleted, for security, fraud-prevention, and record-integrity purposes, though this is limited to your email address, as TAVA does not hold your name or other personal identifiers.
Portability — You can export your Content (Notes, Projects, documents) in a machine-readable format directly from your Account at any time; we support JSON for structured data and PDF/DOCX for documents.
Withdraw Consent — Where processing is based on your consent (e.g., marketing emails), you can withdraw consent at any time using the unsubscribe link in any marketing email you previously chose to receive.
Complaint — If you believe we have violated your privacy rights, you are welcome to write to us first at support@tavalearning.ai so we can try to resolve your concern directly.
10. FERPA - Student Educational Records
This Section 10 applies only where TAVA is deployed by a US educational institution subject to FERPA. It does not apply to enterprise, business, or other non-educational customers, whose data handling is governed by the rest of this Policy and, where applicable, a separate commercial Data Processing Agreement.
10.1 TAVA's Role Under FERPA
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records at institutions that receive federal funding. When TAVA provides services to a US educational institution, TAVA acts as a "school official" with a "legitimate educational interest" under FERPA, 20 U.S.C. §1232g and 34 C.F.R. Part 99, functioning as a data processor on behalf of the institution.
10.2 What Constitutes an Education Record in TAVA
Under FERPA, the following data in TAVA constitutes education records when generated by or about a student within an institutional deployment:
- Notes intentionally added to a Project within a course context
- Documents generated within a Project
- Project-level contribution analytics and engagement data
- Faculty feedback and evaluation data within Projects
- Alignment scores and weighted contribution scores
Topic content is not an education record under FERPA because it is never shared with the institution and is inaccessible to school officials. Topic content constitutes the student's personal research notes, equivalent to a physical notebook that the school has no access to.
10.3 FERPA Rights
Students have the following rights under FERPA with respect to their education records in TAVA:
- The right to inspect and review their education records (Project-level data accessible through their Account)
- The right to request amendment of records they believe are inaccurate - submit requests to their institution's FERPA coordinator
- The right to consent to disclosure of education records to third parties, except where FERPA authorizes disclosure without consent
- The right to file a complaint with the US Department of Education regarding FERPA violations
10.4 FERPA Compliance
TAVA maintains FERPA-aligned practices including: student data access controls, no disclosure of education records without institutional authorization, data processing agreements with institutions, and student data deletion capabilities.
11. COPPA - Children Under 13
11.1 Age Requirement
TAVA is not directed to children under 13. Users must be at least 13 years of age to create an Account. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
11.2 Institutional Deployments with Minor Students
Where TAVA is deployed by an educational institution that includes students under 13, the institution is responsible for obtaining the parental consent required by COPPA and FERPA prior to provisioning student accounts. TAVA's institutional agreement and DPA address COPPA compliance requirements for such deployments.
11.3 If We Discover a Child Under 13
If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. Parents who believe their child under 13 has created an account without consent should contact support@tavalearning.ai immediately.
11.4 COPPA Compliance
TAVA maintains COPPA-aligned practices including age verification at registration, no behavioral advertising, no data retention beyond service delivery, and deletion procedures for underage accounts.
12. Cookies and Tracking Technologies
12.1 What We Use and Why
Authentication — Session token (TAVA), strictly necessary - Maintains your login session across pages. Duration: session, expires on logout or browser close.
Security — CSRF token (TAVA), strictly necessary - Prevents cross-site request forgery attacks and is required for platform security. Duration: session.
Preferences — User preferences (TAVA), functional - Remembers your interface preferences (e.g., dark/light mode, language setting). Duration: 1 year.
Analytics — provider to be confirmed, optional - Measures aggregate platform usage; no personally identifiable information is shared with analytics providers. Duration: 2 years.
12.2 What We Do Not Use
- No advertising or behavioral tracking cookies
- No cross-site tracking technologies
- No fingerprinting or device tracking beyond session management
- No social media tracking pixels
12.3 Browser Extension
The TAVA browser extension uses local browser storage to maintain your authentication session. The extension does not track your browsing activity on sites other than when you actively use the extension to capture research content. The extension only transmits data to TAVA's own servers.
12.4 Managing Cookies
Strictly necessary cookies cannot be disabled without breaking the Services. Optional analytics cookies can be disabled in your browser settings or by contacting support@tavalearning.ai.
13. Data Security
13.1 Security Measures
Encryption at Rest — AES-256 encryption for all stored data across Azure SQL and associated storage.
Encryption in Transit — TLS 1.2–1.3 enforced for all client-to-server communication. No plaintext connections accepted.
Data Isolation — Per-tenant data isolation at the database schema and row level. No cross-tenant data access is possible by design.
Access Control — Azure Active Directory identity management. Role-based access enforced at API and database layer. Two-space architecture enforced in database schema, with no join path to Topic data from any other access tier.
Security Incident Record — Zero security incidents in the past 6 months since current architecture was deployed.
Uptime — 99.94% operational uptime, above the 99.9% SLA target.
Data Request Resolution — 100% resolution rate on data requests; average response time of 1.2 business days.
13.2 Our Limits
No security system is perfect. We encourage you to use a strong, unique password for your TAVA account and to notify us immediately at support@tavalearning.ai if you suspect any unauthorized access.
14. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to individuals, we commit to the following notification timeline:
Affected Users — Within 72 hours of TAVA becoming aware of the breach. Content: nature of the breach, categories of data affected, likely consequences, measures taken or proposed, and contact information for further inquiries.
Institutional or Enterprise Administrators (institutional or business accounts) — Within 24 hours of TAVA becoming aware. Content: full breach notification as above, plus affected user count and scope within the institution or organization.
US State Regulators (where applicable) — As required by applicable state breach notification law.
Reports of suspected breaches should be sent to support@tavalearning.ai.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time as our practices evolve or as legal requirements change. When we make material changes, we will:
- Post a notice within the TAVA application
- Send an email notification to the address on your Account
- Update the effective date at the top of this Policy
We will not retroactively apply material changes to data we have already collected without your explicit consent.
16. Contact Information
For all questions regarding this Policy — including privacy requests (access, correction, portability), security incidents and breach reports, FERPA and student record inquiries, COPPA and parental consent concerns, general privacy questions, and institutional or enterprise Data Processing Agreement requests - please contact us at support@tavalearning.ai.
Effective July 2026 · Version 1.3 · tavalearning.ai/privacy