Privacy
What we collect & what we don't.
Last updated: 2026-06-24
Tavsin is local-first by design. The default mode is that your code, project memory, intelligence graph, traces, and outcomes stay on your machine. This page explains the exceptions — and your rights.
1. What lives on your machine
The free desktop app and CLI store everything in a SQLite file at <project>/.tavsin/project.sqlite. We never see this data. There is no telemetry, no analytics ping, no usage tracking. If your machine is offline, Tavsin still works (with whatever model providers you've configured to run locally).
2. What we collect when you create an account
If you use our hosted workspace (app.tavsin.xyz) or sign up for a paid tier:
- Email address and an optional display name, stored to identify your account and send transactional emails (verification, password reset, license keys, team invites).
- A password hash (scrypt + per-user salt). We never see your password.
- An audit log of security-relevant actions on your account: sign-ins (success + fail), password reset, tier changes, team create/invite/approve, account export, account deletion. Includes timestamp and (when behind a known proxy) IP address. Stored alongside your account record.
- Stripe customer ID if you upgrade to a paid tier. Stripe holds your payment details; we never see card numbers.
- The contents of your per-user project store — same SQLite as the local desktop, just hosted by us when you use the web workspace.
3. What we don't do
- We don't train models on your data, code, or project memory.
- We don't share your account data with third parties beyond the processors named below.
- We don't sell anything to advertisers.
- We add zero markup to your provider (Anthropic / OpenAI / Gemini) costs — you pay them directly, we never see your keys.
4. Processors we use
- Stripe — payments & subscriptions. Stripe stores card details under PCI compliance; we hold only the customer ID.
- Resend — transactional email delivery (verify / reset / license / team invite). Resend processes the email + the message body; messages are not used for marketing.
- Backblaze B2 — encrypted backups (restic) of the workspace SQLite stores. Encrypted with a passphrase you control on self-host; on the hosted plan, with a key only we hold.
- Cloudflare — DNS & CDN for
tavsin.xyz. Sees IP addresses of marketing-page visitors per Cloudflare's privacy policy.
Switching providers in the future would update this list.
5. Your rights
If you have an account with us:
- Export everything:
GET /api/account/exportfrom your workspace, or email privacy@tavsin.xyz and we'll send your full account dump (user record, audit log, project SQLite). No questions asked. - Delete everything:
DELETE /api/accountwith your password confirms account removal. Account record, sessions, audit log, and project store directory are hard-deleted. Stripe records are retained as required by tax law; on request we'll close the customer record there too. - Correct data: change your display name in the workspace any time.
- Restrict processing: cancel your subscription and we stop processing beyond what's legally required to finalize billing.
- Complain: GDPR-region users can complain to their local data-protection authority.
6. Where data lives
The hosted workspace runs on infrastructure in Germany (Hetzner). Marketing-site assets are served via Vercel's edge (multiple regions). Stripe and Resend operate globally; both are GDPR-compliant.
7. Cookies & tracking
The marketing site sets no cookies. The hosted workspace stores your session token in localStorage and a deep-linked plan/invite in sessionStorage. Both are removed on sign-out. No third-party trackers run on either site.
8. Changes
If we change what we collect, we'll update this page and email account holders. Material changes never apply retroactively.
9. Contact
Privacy questions: privacy@tavsin.xyz. General contact: hello@tavsin.xyz.