Privacy Policy

Last updated: April 2026

1. Who we are

tvori.ai is operated by Tvori EOOD, a limited liability company registered in Bulgaria (EU) under Bulgarian commercial law. We are the data controller for any personal data processed through our website and services.

Contact: privacy@tvori.ai

2. The short version — no cookies, no trackers

We do not use cookies. We do not use Google Analytics, Facebook Pixel, Hotjar, or any other third-party tracking technology. We use Plausible Analytics — a privacy-first, cookieless analytics tool that is fully GDPR-compliant and hosted in the EU.

This means you never need to click a cookie banner on tvori.ai, because there are no cookies to consent to.

3. What data we collect and why

3.1 Plausible Analytics (anonymous aggregate data)

We use Plausible Analytics to understand how visitors use our site. Plausible collects no personal data and sets no cookies. The data it collects is anonymous aggregate information (page views, referrers, device type, country). Your IP address is never stored or shared.

Legal basis: Article 6(1)(f) GDPR — Legitimate interest in understanding website usage to improve our service. No balancing test is required because the data is strictly anonymous and cannot be linked to any individual.

3.2 Waitlist sign-ups

If you submit your email address on our waitlist form, we collect and store that email address for the sole purpose of notifying you when we launch. We process this data with your consent (Article 6(1)(a) GDPR). You may withdraw consent and request deletion at any time by emailing privacy@tvori.ai.

3.3 Customer account data

When you create a paid account, we collect your name, email address, and billing information. Payment card details are processed exclusively by Stripe — we never see or store your card numbers.

Legal basis: Article 6(1)(b) GDPR — Performance of a contract.

4. Data residency and transfers

All data is stored on servers located in the European Union. We do not transfer personal data outside the EU/EEA except where required by law or with your explicit consent. Stripe processes payment data under a valid Data Processing Agreement and Standard Contractual Clauses where applicable.

5. Data retention

We retain waitlist email addresses until you request deletion or until 12 months after our product launches. Customer account data is retained for the duration of the contract and for up to 3 years afterward for legal and accounting purposes.

6. Your rights under GDPR

As an EU/EEA data subject you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erasure ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (without affecting prior processing)

To exercise any right, email privacy@tvori.ai. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

7. Third-party services

We use the following sub-processors:

  • Plausible Analytics — cookieless website analytics, EU-hosted (plausible.io)
  • Stripe — payment processing (stripe.com)
  • SendGrid — transactional email (sendgrid.com)
  • Vultr — cloud infrastructure, EU region (vultr.com)
  • Bunny.net — content delivery network (bunny.net)

8. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and access controls. We will notify affected users and supervisory authorities of any breach as required by GDPR.

9. Changes to this policy

We may update this policy periodically. Material changes will be communicated via email to registered users. Continued use of our service after the effective date constitutes acceptance of the updated policy.

10. Contact

Tvori EOOD, Bulgaria, EU
Email: privacy@tvori.ai