Tuva Tuva AI
Home Terms
Legal

Privacy Policy

Effective Date: July 13, 2026

This Privacy Policy applies to our websites, applications, services, and other offerings that link to this policy (collectively, the “Services”). It explains how Tuva AI, Inc. (“Tuva,” “we,” “our,” or “us”) collects, uses, and protects your personal data. In this Privacy Policy, “Personal Data” means information that identifies or reasonably can be linked to a particular individual. By using our Services, you accept the practices described in this Privacy Policy. If you access the Services through an organization (such as a university or employer) that has a separate agreement with us, that organization’s privacy policy governs its use of your data, and we process data on that organization’s behalf under the terms of our agreement with them. This Privacy Policy does not cover the practices of companies we don’t own or control.

How We Handle Your Data

Tuva is built on a local-first architecture. Your research data, files, datasets, and knowledge bases are stored on your device. When you use Tuva’s AI features, the content of your messages is not logged or retained on Tuva’s infrastructure. Tuva maintains only a lightweight routing layer that forwards your messages to a third-party LLM provider and returns the response; your messages pass through our systems only for the time required to do so (see “Third-Party LLM Providers” below).

Personal Data We Collect

We do not store your research data, file contents, knowledge bases, or datasets. The Personal Data we collect is limited to what is necessary to operate the Services:

Category of Personal Data Examples of Personal Data We Collect
Account Information Name, email address (.edu or other), organization
Authentication Data Login credentials, session tokens
Billing Data Payment method, transaction history
Usage Metadata Session timestamps, feature usage, error logs
Device Information Operating system, IDE and extension version, IP address
Cookies Cookies and similar technologies, if and when used on our website (tuva.ai) for analytics and session management
AI Input Data Content you include in prompts when using AI features, routed transiently through our infrastructure to a third-party LLM provider; not logged or retained by Tuva after a response is returned
Customer Support Data Support inquiries and communications
Feedback Data Product feedback you choose to submit and, only with your explicit consent, content from the specific interaction your feedback concerns

Where We Get Your Data

We collect Personal Data directly from you (when you create an account, subscribe, or contact us) and automatically through your use of the Services (including usage metadata collected by the extension and any cookies used on our website).

How We Use Your Data

We use your Personal Data to:

  • Provide and improve the Services, including managing your account, processing billing, and providing support
  • Communicate with you about the Services, including product updates and service announcements
  • Respond to your inquiries
  • Prevent fraud and protect the security of our systems and Services
  • Fulfill legal obligations, protect the rights and safety of you and others, enforce our agreements, and resolve disputes

We will not use your Personal Data for materially different or unrelated purposes without providing you notice.

How We Share Your Personal Data

We share your Personal Data with the following categories of recipients:

  • Service providers that help us operate the Services, including hosting, payment processing, and customer service vendors
  • LLM API providers — see “Third-Party LLM Providers” below for details on how data flows to these providers
  • Analytics partners that help us understand how users interact with our website and, if you opt in, the Services (see “Product Analytics and Session Replays” below)
  • Third parties you authorize through the Services
  • Government authorities or law enforcement in response to valid legal process
  • Acquirers or successors in connection with a merger, acquisition, bankruptcy, or similar transaction

We do not sell your Personal Data. We may de-identify or aggregate Personal Data so it no longer identifies you and use or share it for any lawful business purpose.

Cookies and Tracking

Our website (tuva.ai) does not currently use cookies or similar tracking technologies. If we introduce them (for example, in connection with a web-hosted version of the Services), we will use them for analytics and session management, update this Privacy Policy, and provide any notice or consent mechanism required by applicable law. The Tuva extension itself does not use cookies.

You can opt out of marketing emails by clicking the “unsubscribe” link in any marketing email or by contacting us at privacy@tuva.ai. We may still send you transactional messages about your account.

Product Analytics and Session Replays

With your explicit consent, we collect product analytics through a third-party analytics provider to understand how users interact with the Services. When enabled, we collect feature interaction events (such as creating a project, sending a chat message, or submitting feedback), session length, and platform error events. These events are recorded at the interaction level, are associated with your account, and do not include the content of your messages, files, or research data.

With the same consent, we may also record session replays that show how you navigate the Services. Session replays are configured to mask input fields, passwords, and on-screen text content.

Analytics events and session replays are retained as described in the retention schedule below. You may withdraw your consent at any time in your settings. If you withdraw consent, we will stop all further collection and will delete the analytics events and session replays previously collected from you within 30 days, except for copies retained in backup systems pending scheduled deletion. Withdrawal does not affect aggregated, de-identified data that no longer identifies you.

AI and Your Data

Third-Party LLM Providers

Tuva’s AI features are powered by third-party large language model (LLM) APIs. When you use these features, prompts and context from your session are transmitted to the LLM provider through the Services to generate a response. Tuva currently uses third-party providers including Anthropic and OpenAI, and may route requests through a third-party routing service. We may add or change providers over time and maintain a current list of our sub-processors on our website.

Each provider’s handling of data transmitted through its API is governed by that provider’s privacy policy and terms of use. We select providers whose terms prohibit using API inputs to train their models. We encourage you to review the applicable provider’s policies.

No Training on Your Data

We do not use your content — including your queries, responses, or knowledge bases — to train AI models. We may use aggregated, de-identified usage data (such as feature adoption and error rates) to improve the Services. If we introduce any program that uses identifiable user content for product improvement, we will update this Privacy Policy and obtain your consent before any such use begins.

Feedback

If you submit feedback through the Services, we collect the content of your feedback. Content from a specific interaction is included with your feedback only if you expressly opt in at the time of submission, and by opting in you consent to our storing and using that content to operate and improve the Services. We will not use Feedback Data to train AI models without your explicit consent.

Bring Your Own Key

If you use your own API key to connect to an LLM provider, data processing for those requests is governed by your direct agreement with that provider, not this Privacy Policy. Tuva does not retain or log the content of requests made using your own API key.

Health Data

The Services are not designed to process protected health information (PHI), are not HIPAA-compliant, and are not intended for use with identifiable patient data.

Data Retention and Deletion

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Data Category Retention Period
Active Account and Profile Data Duration of account + 30 days after closure
Billing and Subscription Data 7 years after transaction (tax and accounting requirements)
Payment Information Duration of account or as required by payment processor
Usage Metadata 1 year
Feedback Data 2 years after submission, or upon earlier deletion request
Product Analytics and Session Replay Data 90 days, or upon earlier withdrawal of consent
Customer Service Records 2 years after resolution
Consent Records 3 years after consent given or withdrawn
Security Logs 1 year
Communication Preferences Until you opt out or close your account
Aggregated/De-identified Data Indefinitely

You can delete your account and request deletion of your Personal Data at any time through your account settings or by contacting privacy@tuva.ai. We will process deletion requests in accordance with applicable law, except where retention is required (such as for tax or accounting purposes).

If your account is inactive for 12 months, we may automatically close it. After you close your account (whether voluntarily or due to inactivity), we delete your data as described in this section, except for data we retain for legal, safety, or legitimate business purposes, including limited data to investigate harmful conduct and prevent banned users from creating new accounts.

Data Security

We use commercially reasonable technical and organizational measures to protect your Personal Data, including encryption of data in transit and at rest, access controls, and network security measures. We require our service providers who handle your data to maintain appropriate security measures.

In the event of a data breach affecting your Personal Data, we will notify you as required by applicable law. For security incidents or to report vulnerabilities, contact us at privacy@tuva.ai.

You can help protect your data by:

  • Choosing strong, unique passwords and enabling MFA when available
  • Keeping your account credentials confidential
  • Logging out after using shared devices
  • Promptly reporting any suspected unauthorized access to privacy@tuva.ai

Children’s Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect Personal Data from children under 13. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at privacy@tuva.ai so we can delete that information. If we learn that we have collected Personal Data from a child under 13, we will take steps to delete that information promptly.

Your Privacy Rights

If you have questions about your Personal Data or would like to request access, correction, or deletion, contact us at privacy@tuva.ai.

Changes to This Policy

We may update this Privacy Policy from time to time and will notify you of material changes by posting a notice on tuva.ai or sending you an email. Your continued use of the Services after changes are posted means you accept the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, contact us at privacy@tuva.ai.

Connect Twitter LinkedIn hello@tuva.ai
Terms Privacy Policy
© 2026 Tuva AI, Inc. All rights reserved.