Tahana

Privacy Policy

Effective date: June 15, 2026

Short version: We collect only what we need to run Tahana. We never sell your data. Your health and financial data is private. You can export or delete everything, anytime.

1. Introduction

Tahana ("we", "us", "our") is committed to protecting your privacy and the privacy of your household. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our service at tahana.app ("the Service").

By using the Service, you agree to the collection and use of information described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: Name, email address, and password when you create an account.
  • Financial data: Transaction names, amounts, dates, categories, account balances, payment methods, and notes you enter in the Budget Calendar.
  • Calendar events: Event names, dates, times, locations, notes, and attendees you add to the Family Calendar.
  • Meal and shopping data: Recipes, meal plans, ingredients, and shopping lists.
  • Health data: Medications, dosages, cycle data, symptoms, weight, sleep logs, exercise logs, water intake, and health journal entries. This data is treated with heightened sensitivity.
  • Documents and files: Files, images, and documents you upload to the Service.
  • Notes and journal entries: Sticky notes, personal journal content, and other personal writing.
  • Gift registry and valuables: Wishlists, gift descriptions, and valuable items you log.
  • Contacts: Names, phone numbers, emails, and other contact details you store.
  • Communications: Messages you send through household messaging, and emails you send to our support team.
  • Household members: Email addresses of people you invite to your household.

2.2 Information We Collect Automatically

  • Log data: IP address, browser type, operating system, pages visited, timestamps, and referring URLs.
  • Device information: Device type, screen size, and browser version.
  • Usage data: Features used, frequency of use, and session duration — used to improve the Service.
  • Cookies and local storage: Session tokens and preferences stored in your browser. See Section 8 for cookie details.

2.3 Payment Information

We do not collect or store your credit card details. Payment processing is handled by Stripe, Inc. We receive only confirmation of payment, the last 4 digits of your card, and your billing country — never your full card number, CVV, or bank account details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Authenticate your identity and keep your account secure;
  • Process subscription payments and send billing receipts;
  • Send transactional emails (invitations, password resets, reminders);
  • Respond to support requests and communications;
  • Improve and develop new features based on aggregate, anonymized usage patterns;
  • Detect and prevent fraud, abuse, or security incidents;
  • Comply with legal obligations.

We do not sell, rent, share, or monetize your personal information or User Content. We do not use your personal data for advertising purposes.

4. Household Sharing

Tahana is designed for household use. When you invite household members, certain data is shared between household accounts by design:

  • Shared: Family Calendar, Shopping Lists, Meal Plans, Household Messaging, Event details, Household Contacts, Gift Registry (shared wishlists).
  • Private (member-only): Health tracking (all sub-modules), Personal Journal, individual Documents, personal sticky notes.

Household members can see the name and email of other members in the household. Each member is responsible for the content they share within the household.

The household account owner (subscriber) can remove members from the household at any time. Removed members lose access to all shared household data.

5. Disclosure of Your Information

We do not sell, trade, or transfer your personal information to third parties except in the following limited circumstances:

5.1 Service Providers

We share limited data with trusted service providers who help us operate the Service. All service providers are bound by confidentiality agreements and may only use data to perform services on our behalf:

  • Supabase (database hosting and authentication) — stores your encrypted data on PostgreSQL.
  • Stripe (payment processing) — handles subscription billing.
  • Resend (transactional email) — sends invitation, notification, and support emails.
  • Mapbox (mapping) — used for location features; only query data is sent, not stored user locations.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Tahana, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you by email and post a notice on the Service before your information becomes subject to a different privacy policy.

6. Health Data

Health data you enter (medications, cycle information, symptoms, sleep, weight, health journal) is treated with heightened sensitivity. This data is:

  • Private by default — not visible to other household members;
  • Encrypted at rest in our database;
  • Never used for advertising, research, or any purpose other than displaying it back to you;
  • Never sold or shared with healthcare providers, insurers, or any third parties.

Tahana is not a medical device and is not intended to provide medical advice. Do not use Tahana as a substitute for professional medical care.

7. Data Security

We protect your data with the following measures:

  • All data is transmitted over HTTPS/TLS encryption;
  • Data is encrypted at rest in our PostgreSQL database;
  • Row-level security (RLS) ensures users can only access their own data at the database level;
  • Access to production systems is limited to authorized personnel only;
  • Authentication uses industry-standard hashing (bcrypt/argon2) for passwords.

No method of transmission or storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. Please use a strong, unique password and enable two-factor authentication when available.

8. Cookies and Tracking

Tahana uses the following types of cookies and browser storage:

  • Session cookies: Required to keep you logged in. These expire when you close your browser or after a set period of inactivity.
  • Preference storage: Local browser storage for UI preferences such as theme and sidebar state.
  • Analytics: We may use anonymized, aggregate analytics (e.g., Vercel Analytics) to understand overall usage patterns. No personal identifiers are collected for analytics.

We do not use advertising cookies, tracking pixels, or cross-site tracking of any kind. You can clear cookies and site data in your browser settings at any time; doing so will log you out of Tahana.

9. Data Retention

  • Active accounts: Data is retained for as long as your subscription is active.
  • After cancellation: Account data is retained for 30 days after subscription ends, during which you may export your data. After 30 days, all data is permanently deleted.
  • Deletion requests: If you request account deletion, all personal data will be permanently deleted within 30 days of the request. Certain information may be retained in anonymized, aggregated form or where required by law.
  • Backup systems: Deleted data may persist in encrypted backups for up to 90 days before being overwritten.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information.
  • Portability: Export your data in a machine-readable format from within the app.
  • Objection / Restriction: Object to or request restriction of certain processing activities.
  • Withdrawal of consent: Where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, email us at hello@tahana.app. We will respond within 30 days.

If you are located in the European Economic Area (EEA) or United Kingdom, you may lodge a complaint with your local data protection authority.

11. Children's Privacy

Tahana is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete it promptly.

If you believe we have inadvertently collected information from a child under 13, please contact us at hello@tahana.app.

12. International Data Transfers

Your information is stored and processed in Canada and the United States by our service providers (primarily Supabase on AWS). If you are accessing the Service from outside North America, be aware that your information will be transferred to and processed in these jurisdictions, which may have different data protection laws than your country.

By using the Service, you consent to this transfer.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a notice in the Service at least fourteen (14) days before the changes take effect. The date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after changes take effect constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

For questions, requests, or concerns about this Privacy Policy, contact us:

Tahana

Email: hello@tahana.app

Website: tahana.app

This Privacy Policy is effective as of June 15, 2026. Terms of Service