Tenavora Unified Platform
Skip to content

Privacy Policy

How Tenavora collects, uses, and protects your personal information.

v1.0 Last updated

Overview

This privacy policy describes how Tenavora (“we”, “us”, “our”) collects, uses, and protects your information when you use our platform and website.

This is a placeholder document. Final language will be reviewed by legal counsel before general availability.

Information we collect

  • Account data: name, email, organization, role.
  • Authentication data: hashed credentials, session tokens, MFA configuration.
  • Usage data: API request metadata, feature usage, performance metrics.
  • Audit data: all actions taken within the platform, retained for compliance.

We do not collect payment card information directly — that is handled by our PCI-compliant payment processor.

How we use information

  • To provide and improve the platform
  • To send service-related notifications
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

Data residency

Customer data is stored in the region selected during onboarding. Enterprise plans support custom data residency requirements.

Your rights

Under GDPR and similar regulations, you have the right to:

  • Access your personal data
  • Request correction or deletion
  • Export your data in a portable format
  • Object to processing

Contact us at [email protected] to exercise these rights. Customers can also use the in-app data export tools.

Retention

We retain customer data for the duration of your contract plus the retention period stated in your plan tier. Audit logs are retained per regulatory requirements (typically 7 years for financial-services customers).

Security

We follow industry best practices including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Field-level encryption for sensitive PII
  • Annual penetration testing
  • SOC 2 Type II controls (target 2026 Q4)

Contact

For privacy questions or security disclosures, email [email protected].

We respond to privacy requests within 30 days.