PRIVACY POLICY

Effective date: 30 June 2025

Last updated: 30 June 2025

WHO WE ARE

Tav is the trading name of Shaegan Labs LLC ("Tav," "we," "our," "us").

Mailing address: 312 W. 2nd St #1570, Casper, WY 82601, USA

Privacy-contact email: support@tav-ai.com

SCOPE OF THIS POLICY

This Policy explains how we collect, use, disclose, and retain information when you:

  • create an account or log in with an email magic link or Google OAuth
  • chat with AI characters or generate images
  • visit any website or mobile interface we operate (the "Service")

INFORMATION WE COLLECT

Account & Authentication Information

‒ Email address, Google OAuth ID, optional avatar (via Clerk)

Service Content

‒ Text prompts, chat messages, generated images

Usage & Device Information

‒ IP address, browser or operating-system details, timestamps, request metadata

Analytics

‒ First-party cookies or local-storage identifiers set through PostHog

Payment

‒ Stripe customer and payment tokens, plan choice, transaction identifiers (no card numbers)

HOW WE USE INFORMATION

  • Provide and maintain the Service, including routing prompts to AI models via OpenRouter and FAL
  • Authenticate users through Clerk
  • Process payments and manage subscriptions with Stripe
  • Measure performance and improve usability via PostHog analytics
  • Detect and prevent abuse such as spam or security threats
  • Comply with legal obligations

We do NOT reuse user messages or images to fine-tune our own models and we do NOT sell personal data.

SHARING AND DISCLOSURE

  • Infrastructure providers (Vercel hosting, Convex database) – store and deliver the Service
  • AI model APIs (OpenRouter, FAL) – receive the text and image data you submit to generate responses
  • Stripe – payment processing
  • PostHog – first-party product analytics
  • Legal authorities – when required to comply with law or to protect rights, safety, or property

All third-party processors are contractually bound to use data only on our instructions.

COOKIES AND TRACKING

We place first-party cookies or local-storage tokens solely for analytics and session management. No cross-site advertising cookies are used.

DATA RETENTION

Account data, messages, and images are stored indefinitely until you delete them or delete your account in the settings. Deletions are applied to our production systems with no backups retained for that user-generated content.

YOUR RIGHTS

  • Access and portability – export your data at any time
  • Deletion – delete individual chats or your entire account
  • Correction – update your email or profile information through Clerk
  • Objection or restriction – ask us to limit specific processing where applicable law grants that right

CHILDREN'S PRIVACY

The Service is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us so we can delete it.

SECURITY

We use TLS encryption in transit and encryption at rest within our infrastructure providers. No end-to-end or zero-knowledge encryption is offered.

DATA INCIDENTS

If a data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you as required by applicable law.

INTERNATIONAL TRANSFERS

Our servers are located in the United States. By using the Service from outside the U.S., you consent to the transfer and processing of your information in the U.S. and any other country where our providers operate.

CHANGES TO THIS POLICY

We may update this Policy at any time. Material changes will be posted on our website with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised Policy.

GOVERNING LAW

This Policy and any related disputes are governed by the laws of the State of Wyoming, USA, without regard to conflict-of-law principles.