Privacy Notice

Who this is for

Tavi is a learning coach for children ages 7–14. Because our audience includes children under 13, we treat every session as subject to the Children's Online Privacy Protection Act (COPPA). A parent or legal guardian must provide verifiable consent before their child uses Tavi.

How parental consent works

Today Tavi is invite-only. A parent requests access on the waitlist form, attests that they are the child's parent or guardian, and accepts this notice. We then email the parent the invite code — and the act of redeeming that code confirms the consent ("email-plus"). We record a permanent consent entry containing the parent's email, timestamp, IP, and the policy version accepted.

If a parent wishes to withdraw consent, request a copy of their child's data, or have it deleted, they can email hello@meettavi.com or use the data-request form we'll send to them at /parent/data (linked from the invite email).

What we collect about children

The list below is generated from the data-surface registry that the engineering team maintains alongside the code (src/lib/privacy.ts), so it can't drift from what the app actually does.

• openai-inference

  Outbound chat-completion requests to OpenAI for coaching dialogue, intent classification, and photo-to-problem extraction. Requests include `store: false` so OpenAI does not retain prompts.

  Fields: problemText, studentMessage, coachStrategy, photoPixels
  Retention: Not stored (held only during a request).
  Third parties: OpenAI
• profiles

  Profiles registered under an invite code. Each is a display name + avatar + role (kid or parent). Parent profiles may have a hashed PIN; kid profiles never do.

  Fields: profileId, name, avatar, role, pinHash (parent only), createdAt
  Retention: Up to 400 days.
  Third parties: Upstash
• profile-session-transcript

  Per-profile saved coaching session. Contains the chat transcript (trimmed to 200 messages), the problem text, and the solver state so a kid can resume where they left off.

  Fields: sessionId, profileId, messages, problemText, solverState
  Retention: Up to 7 days.
  Third parties: Upstash
• profile-session-index

  Summary list of a profile's recent sessions, used to render the 'saved sessions' picker.

  Fields: sessionId, profileId, problemText, outcome, startedAt
  Retention: Up to 7 days.
  Third parties: Upstash
• profile-session-inprogress

  Pointer to a profile's most recent unfinished session so the app can resume it on return.

  Fields: sessionId
  Retention: Up to 7 days.
  Third parties: Upstash

What we collect about parents

• resend-transactional

  Outbound transactional email (invite code delivery + admin notifications) sent via Resend. Contains parent email addresses only.

  Fields: email, subject, htmlBody
  Retention: Up to 30 days.
  Third parties: Resend
• beta-interest

  Parent email addresses from the waitlist form. Each entry is linked to a consent record captured at submit time.

  Fields: email, requestedAt, consentId
  Retention: Up to 365 days.
  Third parties: Upstash, Resend
• parental-consent

  Verifiable parental consent records captured when a parent submits the waitlist form and attests to being the child's parent or guardian. Retained permanently, as required by COPPA §312.8.

  Fields: consentId, email, method, policyVersion, ip, userAgent, attestsAdult, ts
  Retention: Retained — COPPA §312.8 requires operators to maintain parental consent records for as long as the child's data is retained
  Third parties: Upstash

Operational data (no child PII)

• invite-codes

  Admin-issued invite codes that gate access to the app. Stores the code string, a human-readable label (e.g. family name), daily session limit, and creation time. No child PII.

  Fields: code, label, dailyLimit, createdAt
  Retention: Retained — Codes are revoked manually from /admin when no longer in use
  Third parties: Upstash
• invite-usage-count

  Per-code, per-day counter used to enforce daily session limits.

  Fields: count
  Retention: Up to 2880 minutes.
  Third parties: Upstash
• session-audit-log

  Per-session operational log used for the admin usage dashboard. Records the invite code, problem text, start time, outcome, and an opaque profileId — not the profile name.

  Fields: code, sessionId, problemText, startedAt, outcome, profileId
  Retention: Up to 30 days.
  Third parties: Upstash
• anonymous-session-cache

  Short-lived cache of a coaching session started without a profile. Holds the current problem and solver state so the coach can respond to follow-up messages. Not tied to a child.

  Fields: sessionId, problemText, solverState
  Retention: Up to 60 minutes.
  Third parties: Upstash
• bug-report-dedupe

  Short-lived dedupe and rate-limit counters for bug reports and server-side auto-reports. No PII.

  Fields: dedupeHash, ratelimitCount
  Retention: Up to 60 minutes.
  Third parties: Upstash, GitHub

Third parties that help us operate Tavi

The following service providers process data on our behalf under their standard API terms. We do not sell, rent, or disclose child data for advertising.

• Upstash — Redis database that stores sessions, profiles, and consent records.
• OpenAI — powers the coaching dialogue and the photo-to-problem extractor. All calls pass store: false so prompts are not retained by OpenAI.
• Resend — delivers the invite email to parents.
• GitHub — receives bug reports (no child names; chat content only, as part of a report the user or operator initiated).
• Vercel — hosts the application and collects aggregate performance metrics.

Outbound network calls are limited to: api.openai.com, api.resend.com, api.github.com.

What we don't do

• We don't show ads.
• We don't sell or share data for marketing.
• We don't use behavioral tracking on child-facing routes.
• We don't condition your child's use of the app on providing more information than is reasonably necessary.

Security

Data is stored with our managed Redis provider over TLS. Access is limited to operators with a secret key. Admin routes are gated by an independent secret.

Contact

Parents may contact us at hello@meettavi.com with any COPPA-related question, including requests to review, delete, or refuse further collection of their child's data.