Privacy Policy

Effective Date: 2026-05-08

Tuva AB ("we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and desktop application (collectively, the "Services").

1. Information We Collect

1.1 On Our Website

The website and services we host collect the following data:

account registration:

When creating an account, we collect your name, Email and when the account was created. The purpose of the information collected in relation to you creating an account is for us to inform you of updates to our products and services, the terms of using them and updates to this privacy policy.

purchase:

When purchasing the Application, we collect payment information (processed by Stripe, see Section 3), associated user ID and email connected to the purchase, as well as time of the purchase.

download:

When you download the Application, your request is served through Amazon CloudFront, AWS's content delivery network. CloudFront automatically generates access logs that may include your IP address, browser user agent, download status, and timestamp. This logging occurs as an inherent part of delivering files over the internet and is used solely for operational monitoring and security purposes. It is not used for profiling or marketing. For details on how AWS handles this data, see the AWS Privacy Notice.

cookies:

If you accept cookies, we collect non-personal usage data via Google Analytics. Google Analytics is only active on the website and is not used within the desktop application.

The purposes of the data processing on our website is to provide our services, monitor operational performance and for analytics.

1.2 In the Desktop Application

The desktop application collects certain data to provide our services, enforce licensing, support account recovery, and improve the software.

During trial use:

When you start a trial, we collect Application version, a unique device identifier, Operating system and platform, Trial start date and end date of the trial.

When you access the app during your trial period, a validation is made against our records to check whether the trial for your machine is active or has ended. This validation creates a log consisting of the device identifier, and a validation timestamp.

The device identifier is fully anonymous and cannot be used to reveal underlying hardware details. The data collected for trials is used to manage your trial period and for usage analytics.

When you log in with a licensed account:

When you log in with a licensed account, we collect Application version, a unique device identifier, Operating system and platform, Login timestamp and Username (account identifier).

Unlike during the trial, this identifier is linked to your account. This linkage exists to enforce the two-device limit, to identify malicious use of our Services, to enable account recovery and for usage analytics.

When you submit feedback:

If you submit feedback through the Application, we collect your feedback message, system information such as operating system, platform and computer hardware, Application version, and application logs.

The purpose of the information we collect when you submit feedback is for us to be able to respond to your feedback, receive your suggestions as well as being able to identify the cause of any errors being reported.

Crash reports and error diagnostics:

To help us identify and resolve problems with the Application, we may collect diagnostic information when errors or crashes occur. This may include a stack trace or error log describing where the failure occurred, the Application version, operating system and platform, hardware information (such as CPU architecture and available memory), Application state at the time of the error (such as which feature was in use), and the unique device identifier described above to correlate reports from the same installation.

For non-fatal errors - unexpected failures that do not close the Application - limited diagnostic information may be collected automatically to allow us to detect and resolve issues that users may not otherwise notice or report. This automatic collection does not include any content you have created, inputted, or opened within the Application.

All diagnostic information is used solely to identify and resolve errors and is not used for any other purpose.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our Services
  • Process payments and manage your license
  • Enforce our licensing terms, including the two-device limit
  • Verify your identity for account recovery
  • Communicate with you regarding your account
  • Send information to you regarding updates to our Services
  • Detect and prevent fraud or unauthorized use
  • Improve our website and desktop application

3. Sharing Your Information

We do not sell your personal information. We share your information with the following trusted third parties only to the extent necessary to provide and improve our Services:

  • Stripe — to process payments. Stripe acts as an independent data controller for payment data and retains transaction records for compliance purposes. Please refer to Stripe's privacy policy for details.

  • Google Analytics — to analyse website usage only. Google Analytics is not used within the desktop application. Google Analytics data is collected only with your consent via our cookie banner.

  • Amazon Web Services (AWS) — to host our servers, store data securely, and deliver the Application via Amazon CloudFront. CloudFront access logs are generated automatically as part of file delivery and are governed by the AWS Privacy Notice.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing personal data are as follows:

  • Performance of a contract — processing your name, email address, payment information, and license data is necessary to create and manage your account, fulfil your purchase, and provide our services, including account recovery and license enforcement.

  • Legitimate interests — we collect device identifiers, login timestamps, and operating system data to enforce our two-device licensing limit, prevent fraud, and improve our services. We also collect limited diagnostic data (including non-fatal error logs) to identify and resolve software defects, and rely on CloudFront access logs as an inherent part of delivering the Application securely. We also analyse aggregated website usage data to maintain and improve our website. Where crash reports involve your explicit consent, we rely on that consent as the legal basis instead.

  • Consent — we collect website analytics data via Google Analytics only when you provide consent through our cookie banner. You may withdraw this consent at any time.

  • Legal obligation — we retain payment records as required by applicable financial and tax regulations.

5. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.

6. Your Rights

6.1 Under GDPR (EU/EEA residents)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data, where no overriding legal obligation to retain it exists
  • Restrict or object to our processing
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

Please note that payment records held by Stripe are subject to financial and tax compliance obligations and cannot be deleted upon request. This is a recognised exception under GDPR Article 17(3).

6.2 Under CCPA (California residents)

You have the right to:

  • Know what personal data is collected
  • Request deletion of your personal data (subject to the same compliance exception for payment records noted above)
  • Opt-out of the sale of personal data (we do not sell your data)

To exercise any of your rights, contact us at contact@tuva.app. We will respond to your request within 30 days.

7. Cookies

Our website uses cookies. When you first visit our website, you will be asked to accept or decline non-essential cookies via a cookie consent banner.

  • Essential cookies are used to enable basic site functionality and do not require consent.
  • Analytics cookies (Google Analytics) are only activated if you provide consent. You may withdraw consent at any time by adjusting your cookie preferences.

The desktop application does not use cookies.

8. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect or solicit information from anyone under 18.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, or misuse. These measures include encryption of data in transit and at rest, access controls, and regular security reviews.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email to the address associated with your account, or otherwise through our Services with at least 7 days' notice before the changes take effect. The revised policy will also be posted on this page with an updated "Effective Date".

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Tuva AB

Email: contact@tuva.app