Privacy Policy

1. Who we are

Talvio is owned and operated by Talvio LLC ("we," "us," "our"). Our service helps organizations understand AI training exposure across their workforce by analyzing anonymized job title data. You can reach us at .

2. What data we collect

Data you upload: Your uploaded roster file should contain job titles and department names, with salary optional for pay-weighted views — no employee names, IDs, dates of birth, Social Security numbers, performance ratings, or other sensitive employee information. The uploaded file is stored with your analysis so Talvio can process the dashboard and support reprocessing during the analysis access window. Unique job titles and department names from your file are matched against standard occupational categories internally. For standard scoring, only generic, standardized occupation labels are sent to the Anthropic Claude API. If the primary account owner chooses to use optional AI Match Assist, Talvio sends only the pending low-confidence uploaded job titles and our internal reference occupation title list to request suggested matches.

Account data: When you purchase an analysis, Stripe collects your payment information directly. We receive only your email address from Stripe to create your account. We store your email address, a hashed password (if you set one), and a record of your analyses (results data, expiration timestamps, usage metadata, and any teammate invitations or access grants you manage).

Usage data: We collect standard web server logs, limited dashboard events, and operational diagnostics such as IP address or hashed IP, browser type, pages visited, timestamps, event type, and duration. These are used for security, abuse prevention, debugging, reliability, product improvement, and measurement. Public marketing pages may also use site and advertising measurement when Talvio runs advertising campaigns.

Marketing attribution data: If you visit Talvio through an advertisement, campaign link, search result, referral, or similar source, we may collect and store first-party attribution data such as UTM parameters, landing page, referring domain, timestamps, and advertising click identifiers such as Google Click ID (GCLID), Microsoft Click ID (MSCLKID), Facebook Click ID (FBCLID), LinkedIn click identifiers, and similar identifiers. We use this information to understand which sources and campaigns lead to purchases, to create internal reports, and to prepare offline conversion exports for advertising measurement. These attribution records do not include uploaded workforce files, employee names, employee IDs, salary data, dashboard contents, full spreadsheet rows, or payment card numbers.

3. What we do NOT collect

• Employee names, IDs, Social Security numbers, performance ratings, or other sensitive employee information as required upload fields
• Salary, compensation, or HR classification data unless you choose to include optional salary data for dashboard rollups
• Payment card numbers (handled entirely by Stripe)
• Data sales or third-party advertising use of uploaded workforce data
• Uploaded workforce data, dashboard contents, or employee-level data in advertising conversion exports

4. How we use your data

We use the data we collect to:

• Run your workforce TAP analysis and return results to you
• Manage your account and process renewals
• Send transactional emails (purchase confirmation, results ready, expiration notices)
• Detect and prevent fraud, abuse, and unauthorized access
• Measure the effectiveness of Talvio marketing campaigns and understand which sources lead to purchases
• Comply with legal obligations

We do not sell your data to third parties and do not use uploaded workforce data to train AI models or for advertising targeting. We may use limited first-party marketing attribution data and purchase/conversion metadata for advertising measurement as described in this policy.

5. Intended use and HR decisions

Talvio outputs — including AI exposure scores, training opportunity assessments, and all related reports — are intended for informational and workforce planning purposes only. They must not be used as the basis for employment, compensation, promotion, termination, restructuring, or any other individual HR decision. The scores reflect probabilistic assessments based on occupational classification data and are not evaluations of any individual employee's capabilities, performance, or future role.

6. Data retention and deletion

Analysis results (scores, matched occupations, aggregated statistics) and your uploaded roster file are automatically and permanently deleted 30 days after your analysis completes. The uploaded file is stored with your analysis during the access window so Talvio can process the dashboard, support reprocessing, and support file replacement workflows during that period.

Account records (email address, hashed password) are retained as long as your account exists. Analysis history metadata (purchase date, completion status, expiration timestamps, and associated marketing attribution metadata) has no scheduled deletion and is retained indefinitely unless you request otherwise or we are required to delete it by law.

You may request deletion of your account and associated personal data at any time by emailing . We will complete deletion within 30 days.

7. Third-party services

We use a small number of trusted third-party services:

• Advertising and analytics services - campaign measurement and conversion reporting. These services may receive limited attribution and conversion metadata, such as campaign parameters, advertising click identifiers, purchase/conversion timestamps, and purchase amount where configured. They do not receive uploaded workforce files, dashboard contents, employee-level data, full spreadsheet rows, or payment card numbers from Talvio.
• Stripe — payment processing. Your card data is handled by Stripe and subject to their privacy policy.
• Anthropic Claude API — AI scoring and optional AI Match Assist. For standard scoring, only generic, standardized occupation labels are sent to the Anthropic API. If the primary account owner runs AI Match Assist, the request includes only the pending low-confidence uploaded job titles and Talvio's internal reference occupation title list; it does not include employee names, IDs, salaries, departments, or full spreadsheet rows. Anthropic's data use policy governs their processing of these requests.
• Render — cloud hosting. Our servers and database run on Render's infrastructure in the United States.
• Resend — transactional email delivery.

8. Security

We use HTTPS for all data transmission, store passwords using bcrypt hashing, enforce rate limiting on authentication endpoints, and restrict administrative access. Despite these measures, no system is completely secure. We encourage you to use a strong, unique password for your account.

9. Cookies and session data

We use session cookies to keep you logged in and to remember first-party marketing attribution during a visit, including campaign parameters, landing page, referrer, and advertising click identifiers when present. Session cookies are set with HttpOnly and Secure flags and expire after 30 days of inactivity. Public marketing pages may use analytics or advertising cookies and similar technologies for site measurement and campaign performance if Talvio runs advertising campaigns.

10. Your rights

You may request to access, correct, or delete your personal data at any time. To do so, email from the address associated with your account. We will respond within 30 days.

11. Children

Talvio is a business tool intended for use by adults and organizations. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has submitted data to us, contact us immediately and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or by a notice on our website at least 14 days before they take effect. The effective date at the top of this page reflects the most recent revision.