Privacy Policy
Effective date: July 2026
1. Controller
The controller responsible for data processing on this website is Colin Schibli, Leemattenstrasse 36, 5442 Fislisbach, Switzerland (full contact details).
2. What data we collect
- Account information: email address, display name, chosen password (stored as a bcrypt hash).
- Usage data: prompts sent, models used, credit balances, timestamps — used to provide the service and display analytics to you.
- API keys: encrypted at rest using AES-256. Never logged or exposed to the browser.
- Technical logs: IP address, browser type, pages visited — retained for 30 days for security purposes.
- Payment data: handled entirely by our payment processor (Stripe). We do not store card numbers.
3. Purpose and legal basis
We process your data to:
- Provide, maintain and improve the Tavory AI service (Art. 6 para. 1 lit. b GDPR — contractual necessity).
- Detect and prevent fraud or abuse (Art. 6 para. 1 lit. f GDPR — legitimate interests).
- Send transactional emails such as usage alerts (Art. 6 para. 1 lit. b GDPR).
- Comply with legal obligations (Art. 6 para. 1 lit. c GDPR).
4. Third-party processors
We work with the following sub-processors:
- Vercel — hosting and edge infrastructure (USA/EU).
- Neon — PostgreSQL database (EU).
- Stripe — payment processing (USA/EU).
- OpenRouter / AIMLAPI — AI model routing. Prompts may be forwarded to model providers per your selected model. See each provider's privacy policy.
5. Data retention
We retain account data for as long as your account is active. After account deletion, data is purged within 30 days except where required by law. Usage logs are retained for 12 months.
6. Your rights
Under the GDPR and Swiss revDSG you have the right to access, rectify, erase, restrict or port your data, and to object to processing. To exercise any right, email info@tavory.app. We respond within 30 days.
7. Cookies
We use only strictly necessary cookies (session token, CSRF token). We do not use any tracking or advertising cookies. No cookie banner is shown because no consent is required.
8. Changes to this policy
We may update this policy. Material changes will be communicated by email or an in-app notice at least 14 days before taking effect.
9. Contact
Questions about privacy? Contact info@tavory.app or write to: Colin Schibli, Leemattenstrasse 36, 5442 Fislisbach, Switzerland.