Tavola← Legal

Legal

Privacy Policy

Last updated: June 2025

Tavola (“we,” “our,” or “us”) operates the Tavola AI Investment Platform at tavola.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform. By using Tavola, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

Account Information

Your name and email address, collected at registration. Password is hashed and never stored in plaintext.

Financial Profile

Investment goals, risk tolerance profile (conservative, balanced, growth, or aggressive), and investment preferences you provide during onboarding or settings updates.

Portfolio and Trading Data

Holdings, watchlist tickers, trade history, AI-generated recommendations you accept or reject, and AutoPilot configuration. This data is linked to your paper trading account via Alpaca Markets.

Usage Data

Pages visited, features used, session duration, browser type, device type, IP address, and interaction logs. This data helps us improve the platform.

Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full bank account details on our servers.

Communications

Any messages you send to our support team or through in-app chat features.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • ·To provide, operate, and maintain the Tavola platform and your account.
  • ·To generate personalized AI investment recommendations tailored to your risk profile and goals.
  • ·To execute paper trades on your behalf through Alpaca Markets when AutoPilot is enabled.
  • ·To analyze portfolio performance and generate insights and intelligence reports.
  • ·To process subscription payments through Stripe.
  • ·To send account-related notifications, security alerts, and service updates.
  • ·To improve our AI models, recommendation quality, and platform features.
  • ·To detect and prevent fraud, abuse, and unauthorized access.
  • ·To comply with applicable laws and legal obligations.

3. AI and Automated Decision Making

Tavola uses Claude AI, developed by Anthropic, PBC, to generate investment recommendations, portfolio analysis, and market commentary. When you request an analysis or enable AutoPilot, your portfolio data (holdings, watchlist, account balances) is transmitted to Anthropic's API to generate a response.

No personally identifiable information beyond what is necessary for portfolio analysis (tickers, quantities, market values) is included in prompts sent to Claude. Your name, email, and payment information are never transmitted to Anthropic.

Important: AI-generated recommendations are not financial advice. They are generated by a language model and may be inaccurate, incomplete, or inappropriate for your specific circumstances. All investment decisions remain your responsibility.

During the beta period, all trades executed through AutoPilot or manual execution are paper trades. No real money is at risk. Anthropic's data usage policies can be reviewed at anthropic.com/privacy.

4. Third-Party Services

We share your data with the following trusted service providers, solely to operate the platform:

Supabase, Database and Authentication

Your account data, portfolio holdings, watchlists, trade history, and AI insights are stored in Supabase. Row-Level Security (RLS) ensures each user can only access their own data.

Alpaca Markets, Brokerage and Trading

Your paper trading account is held at Alpaca Markets. Portfolio positions, account balances, and order history are synced from Alpaca's API. During beta, all accounts are paper trading accounts only.

Stripe, Payment Processing

Subscription billing is processed by Stripe. Stripe stores your payment method details under their own privacy policy. We receive only a customer ID and subscription status.

Finnhub, Market Data

Market news, insider transactions, analyst recommendations, and earnings data are fetched from Finnhub's API. Your ticker watchlist may be used as query parameters in these requests.

Anthropic, AI Analysis (Claude)

Portfolio snapshots (tickers, quantities, values) are sent to Anthropic's Claude API to generate investment analysis. No personal identifiers are included in these requests.

We do not sell your personal information to any third party. We do not use your data for targeted advertising.

5. Data Security

We implement industry-standard security measures to protect your information:

  • ·All data is transmitted over HTTPS with TLS 1.2+ encryption.
  • ·Passwords are hashed using bcrypt and never stored in plaintext.
  • ·Supabase Row-Level Security (RLS) ensures database isolation. Your data is never accessible to other users.
  • ·API keys for third-party services (Alpaca, Finnhub, Anthropic) are stored as server-side environment variables and never exposed to the browser.
  • ·Stripe handles payment data under PCI-DSS Level 1 compliance.
  • ·Access to production systems is restricted to authorized personnel only.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by applicable law.

Trade history and audit logs may be retained for up to 7 years for compliance purposes, even after account deletion, in anonymized form.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.

Correction: Request correction of inaccurate or incomplete information. Most account data can be updated directly in Settings.

Deletion: Request deletion of your account and associated personal data. Email legal@tavola.ai to submit a deletion request.

Portability: Request an export of your data in a machine-readable format.

Opt-out: Opt out of non-essential communications at any time via account settings or unsubscribe links.

To exercise any of these rights, contact us at legal@tavola.ai.

8. Paper Trading Disclaimer

Tavola currently operates in paper trading mode only. This means:

  • ·No real money is deposited, invested, or withdrawn during the beta period.
  • ·Any "deposits" shown in the platform are simulated for demonstration purposes.
  • ·Trades executed through the platform do not involve real securities.
  • ·Performance results displayed are simulated and do not represent actual investment returns.

When Tavola launches real-money accounts, this Privacy Policy will be updated accordingly, and you will be notified before any real-money functionality is enabled on your account.

9. Cookies and Tracking

Tavola uses essential session cookies to maintain your logged-in state. We do not use third-party advertising cookies or cross-site tracking cookies.

We may use anonymized analytics to understand how users interact with the platform (e.g., which pages are most visited). No personally identifiable information is included in analytics data.

10. Children's Privacy

Tavola is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, contact us at legal@tavola.ai and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice within the platform at least 14 days before taking effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Tavola

Email: legal@tavola.ai

Website: tavola.ai