Legal

Privacy Policy

This policy explains the categories of information Tavvi processes, why Tavvi uses that information, how Tavvi handles Google-connected data, and what choices are available to users and restaurant operators.

Last updated June 18, 2026

Overview

Tavvi provides software that helps restaurant operators manage guest feedback, loyalty activity, service recovery, and reputation workflows across Tavvi's website, restaurant platform, and customer-facing rewards experience.

This Privacy Policy explains what information Tavvi collects, how Tavvi uses it, when Tavvi shares it, and the choices available to users, customers, restaurant operators, and website visitors.

Information Tavvi Collects

The information Tavvi collects depends on how a person interacts with the service.

  • Account and identity data, such as name, email address, profile image, Google account identifier, and optional phone number.
  • Authentication and security data, such as one-time passcodes, session identifiers, sign-in events, invitation tokens, and device or browser metadata needed to protect accounts and prevent abuse.
  • Restaurant configuration and operational data, such as organizations, projects, restaurants, outlets, forms, alert rules, reports, audit logs, permissions, and workflow settings.
  • Guest feedback and loyalty data, such as feedback submissions, survey responses, issue or incident notes, reward progress, vouchers, and related customer-submitted details.
  • Google-connected data, when an authorized restaurant user chooses to connect Google services, such as Google account email, granted scopes, encrypted OAuth tokens, Google Business Profile location metadata, review content, ratings, timestamps, review replies, and place identifiers.
  • Support and contact data, such as emails or other information shared when someone contacts Tavvi for support, onboarding, rollout planning, or a demo.
  • Technical and usage data, such as IP address, request logs, error logs, cookie values, locale preference, and product state needed to deliver pages, maintain sessions, and remember user preferences.

How Tavvi Uses Information

  • Provide, maintain, secure, and improve the Tavvi services.
  • Authenticate users, create and manage accounts, enforce permissions, and keep sessions active.
  • Process feedback workflows, service recovery workflows, loyalty and voucher workflows, reporting, and customer-facing rewards features.
  • Send sign-in codes, invitations, service notifications, support responses, and operational emails requested by restaurant teams.
  • Enable optional Google Business Profile connections, including syncing reviews, matching locations, and posting owner replies when requested by an authorized user.
  • Detect, investigate, and prevent fraud, abuse, unauthorized access, and other security incidents.
  • Comply with legal obligations, enforce agreements, and protect the rights, safety, and property of Tavvi, restaurant operators, guests, and the public.

Google Sign-In and Google Business Profile Data

Tavvi uses two separate Google authorization flows for distinct product purposes.

  • Google sign-in for Tavvi accounts uses the scopes openid, email, and profile so Tavvi can verify identity and create or sign a user into a Tavvi account.
  • Google Business Profile connectivity uses the scope https://www.googleapis.com/auth/business.manage so an authorized restaurant operator can connect a business profile, sync reviews, view location metadata, and publish owner replies from within Tavvi.
  • Tavvi uses Google data only to provide the user-facing features the user or restaurant operator requests. Tavvi does not sell Google user data and does not use Google user data for advertising.
  • Google Business Profile OAuth tokens are stored in encrypted form and may remain active until the connection is revoked, replaced, or no longer required to provide the connected feature.

How Tavvi Shares Information

  • With service providers and infrastructure partners that help Tavvi host, secure, deliver, and support the services.
  • With a restaurant operator or business customer when data was submitted in connection with that operator's forms, loyalty programs, reports, reviews, or guest experience workflows.
  • With Google and other third parties when a user explicitly initiates a connection or workflow that depends on that third-party service.
  • With professional advisers, auditors, insurers, or authorities when reasonably necessary for legal, security, compliance, or corporate transaction purposes.
  • In aggregated or de-identified form when the data no longer reasonably identifies a specific person.

Cookies and Similar Technologies

Tavvi uses essential cookies required to operate secure sign-in and account sessions, along with limited preference cookies or local browser storage for items such as language, theme, or last-used workspace context.

Tavvi does not state that it uses advertising cookies or cross-site behavioral tracking technologies in these product experiences.

Retention

  • Tavvi retains account, operational, and guest-experience data for as long as needed to provide the services, maintain records for the relevant customer relationship, and satisfy security, legal, accounting, or audit needs.
  • Session data, one-time passcodes, and invitation tokens are retained for shorter periods consistent with security and operational requirements.
  • Google connection data may be retained until the connection is disconnected, replaced, or no longer needed for the related feature, subject to backup and security retention windows.

Security

Tavvi uses administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, or alteration. These safeguards include role-based access controls, encrypted transport, restricted operational access, and encrypted storage for sensitive Google OAuth tokens.

No method of transmission or storage is completely secure, so Tavvi cannot guarantee absolute security.

Your Choices and Rights

  • Users may request access to, correction of, or deletion of certain personal information, subject to applicable law and Tavvi's legitimate business needs.
  • Users may disconnect optional Google Business Profile integrations and may revoke Google access through their Google account settings.
  • Restaurant operators remain responsible for the accuracy, legality, and permissions associated with data they submit to Tavvi about their business, staff, or guests.

International Processing

Tavvi and its service providers may process information in countries where Tavvi or those providers operate. When this happens, Tavvi takes steps intended to protect information in accordance with applicable law.

Children

Tavvi's services are not directed to children and are intended for restaurant operators, business users, and guests interacting with restaurant feedback or rewards experiences. Tavvi does not knowingly build these services for use by children as a primary audience.

Changes and Contact

Tavvi may update this Privacy Policy from time to time. If Tavvi makes material changes, Tavvi may update the effective date, post the revised policy in the relevant services, or provide additional notice where appropriate.

Questions or requests about this Privacy Policy can be sent to team@tavvi.io.

Contact Tavvi

For privacy questions, account support, or general requests about how Tavvi handles data, contact the Tavvi team directly.

Email team@tavvi.ioOpen contact page

Data Deletion Requests

To request deletion of personal information associated with a Tavvi account, restaurant workflow, or guest submission, email Tavvi with the subject Data Deletion Request and enough detail to identify the relevant account or submission. Tavvi may verify identity before acting and may retain limited records where required for legal, security, or fraud-prevention reasons.

Request data deletion
Privacy PolicyTerms & ConditionsCookies Notice