Privacy Policy

Tavo — Privacy Policy

Effective date: 21 August 2025
Who we are: Tavo is a trading name of LUX GLOBAL LTD (“LUX GLOBAL”, “we”, “us”, “our”).
Registered office: 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom.
Contact: [email protected] (product/support) · [email protected] (privacy/legal)

Tavo is a simple, self-serve tool for solo creators to create once, schedule, and publish across multiple social platforms. This Privacy Policy explains how we collect, use, and protect your information when you use our website, apps, and related services (the “Service”).

1) Data Controller

For users in the UK/EU, LUX GLOBAL LTD is the data controller responsible for your Personal Data. We currently have not appointed a Data Protection Officer. You may contact us using the details above, and you may also lodge a complaint with your local authority (UK: Information Commissioner’s Office).

2) What data we collect

2.1 Data you provide

  • Account data: email, password (hashed), display name, language and notification preferences.
  • Content data: post drafts, scheduled posts, captions, images/video you upload, per-platform tweaks, and publishing metadata (e.g., selected channels and scheduled times).
  • Support & feedback: messages you send us, bug reports, survey responses.
  • Billing data: payment method, billing address, transaction details (processed by our payment provider; we do not store full card numbers).

2.2 Data we generate or collect automatically

  • Usage & device data: pages/features used, time stamps, app version, IP address, device/browser info, referral source, session diagnostics, basic telemetry and error logs.
  • Performance & delivery data: publish results, success/failure codes returned by platforms, rate-limit signals, and status of queued/scheduled posts.

2.3 Platform and AI integrations

  • Connected platforms: OAuth tokens/credentials and account identifiers for the social platforms you connect (one account per platform).
  • AI assistance: text prompts you enter and the AI-generated suggestions and rewrites returned (captions, hooks, hashtags, variations).

We do not knowingly collect special categories of data (e.g., health, religion) or data about criminal convictions.

3) How we use your data (and legal bases)

  • Provide the Service (Contract): authenticate you; save drafts and schedules; connect to platforms you authorize; publish or queue posts on your instruction; show delivery status and basic performance.
  • AI assistance (Contract/Legitimate interests): generate ideas/rewrites from your prompts; improve suggestion quality; filter abuse/spam. You must review and approve AI outputs.
  • Account & billing (Contract/Legal obligation): manage subscriptions (weekly/monthly/quarterly/annual), process payments and taxes, send transactional emails.
  • Product improvement & safety (Legitimate interests): debug, prevent abuse, measure feature usage, and improve reliability.
  • Communications (Consent/Legitimate interests): send service announcements and tips; you can opt out of non-essential emails.
  • Legal & compliance (Legal obligation): comply with law, enforce our Terms, and protect our rights.

4) AI features — important information

Tavo provides unlimited AI assistance for drafting and refining posts. AI outputs may be inaccurate or unsuitable for your context. You are responsible for reviewing and editing content before publishing, and for complying with platform rules and applicable law. We may use third-party AI providers under data-processing terms; prompts and outputs can be processed by those providers to deliver the feature. We do not use your content to publicly train models outside the scope of providing and improving the Service.

5) Platform connections & third-party services

5.1 Social platforms

When you connect a platform (e.g., Instagram, TikTok, YouTube, Pinterest, X/Twitter), you authorize us to act on your behalf to publish content and retrieve basic account metadata necessary for delivery and status. Platform APIs, outages, or policy changes may affect scheduling or delivery. You must comply with each platform’s terms.

5.2 Service providers (processors)

We use vendors for hosting, storage, content delivery, analytics, logging/monitoring, email, payment processing, and AI inference. These providers only process your data on our instructions and under appropriate contracts. A current list of categories is available on request.

6) Cookies and similar technologies

We use: - Essential cookies to keep you signed in and secure the Service.
- Analytics (lightweight, privacy-aware where possible) to understand feature usage.
- Preference cookies (e.g., language).

You can control cookies in your browser. Where required, we obtain consent for non-essential cookies.

7) Data sharing

We share data only with: - Service providers (see §5.2), bound by confidentiality and data-processing terms.
- Social platforms you choose to connect, as needed to publish and show status.
- Authorities when required by law or to protect rights, safety, and security.
We do not sell your Personal Data.

8) International transfers

Your data may be processed outside the UK/EU. Where we transfer data internationally, we rely on adequacy decisions, Standard Contractual Clauses (SCCs) and/or the UK IDTA, plus additional safeguards where appropriate.

9) Security

We implement technical and organizational measures appropriate to the risk, including TLS in transit, access controls, and restricted access to production systems. Access tokens for connected platforms are stored using industry-standard protections. No system is 100% secure; please protect your account with a strong, unique password.

10) Data retention

We keep data only as long as necessary for the purposes in this policy: - Account & subscription data: for your subscription and up to 24 months after closure (longer where required by law).
- Content (drafts/scheduled/published metadata): while you maintain an account and up to 24 months after closure for logs and troubleshooting.
- Telemetry & logs: typically up to 180 days.
- Backups: typically 30–35 days rolling.
- Billing records: as required by law (usually 6–7 years).

We may retain anonymized or aggregated data that does not identify you.

11) Your rights (UK/EU and similar regimes)

You may have the right to access, rectify, erase, restrict, object, and port your Personal Data, and to withdraw consent where processing is based on consent. To exercise these rights, contact us at [email protected] or [email protected]. You can also complain to a supervisory authority (UK: ICO). We will respond as required by law.

12) Children

Tavo is intended for users 18+. We do not knowingly collect data from children. If you believe a minor has provided Personal Data, contact us to delete it.

13) Do Not Track & automated decisions

Browsers’ “Do Not Track” (DNT) signals are not currently recognized by our Service. We do not engage in automated decision-making that produces legal or similarly significant effects about you.

14) Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (e.g., by email or in-app). The “Effective date” above shows when this version took effect.

15) Contact

Questions or requests about this Privacy Policy: - Email: [email protected] or [email protected]
- Post: LUX GLOBAL LTD (trading as Tavo), 27 Old Gloucester St, Holborn, London, WC1N 3AX, United Kingdom

Last updated: 21 August 2025