Privacy Policy

This Privacy Policy explains how Tivali (“Tivali,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal data when you use the Tivali learning management platform and related services (the “Service”), available at www.tivali.net and associated tenant subdomains.

Tivali is a multi-tenant platform used by organizations to deliver corporate training. Depending on the context, Tivali acts in one of two roles:

• As a data controller for information we collect about account administrators, website visitors, and prospective customers, and for operating and securing the Service.
• As a data processor for personal data that a Customer organization uploads or generates within its workspace (for example, learner records). In that case, the Customer is the controller and this Policy is supplemented by our agreement with that Customer.

We collect the following categories of personal data:

• Account information: name, email address, password (stored in hashed form), role, profile photo, organization, department, and team.
• Learning data: course enrollments, progress, exam and assignment submissions, grades, certificates, comments, journals, and learning-path activity.
• Customer Content: course materials, documents, media, and other content uploaded to a workspace.
• Billing information: subscription plan, billing contact details, and transaction records. Payment card details are processed by our third-party payment providers and are not stored on our servers.
• Usage and device data: log data, IP address, browser type, device identifiers, pages viewed, actions taken, and timestamps, collected through activity logs and similar technologies.
• Cookies and session data: authentication tokens and session identifiers needed to keep you signed in and to operate the Service securely.

We use personal data to:

• Provide, operate, maintain, and secure the Service and its features.
• Authenticate users, enforce role-based access, and maintain tenant isolation.
• Process subscriptions, billing, and related transactions.
• Deliver learning content and generate progress, compliance, and analytics reporting.
• Communicate with you about your account, updates, security notices, and support requests.
• Monitor, detect, and prevent fraud, abuse, and security incidents.
• Improve the Service and develop new features.
• Comply with legal obligations and enforce our agreements.

We do not sell personal data, and we do not use Customer Content for advertising.

Where data protection laws such as the GDPR apply, we process personal data on the following legal bases: performance of a contract (to provide the Service); our legitimate interests (to secure, maintain, and improve the Service); compliance with legal obligations; and consent, where required (for example, certain communications). Where Tivali acts as a processor, the Customer is responsible for establishing the legal basis for processing learner data.

We share personal data only as described below:

• Within your organization: learner and progress data is visible to authorized administrators, managers, team owners, and instructors according to their role and scope.
• Service providers: trusted vendors who help us operate the Service (such as cloud hosting, object storage, email delivery, and payment processing), bound by confidentiality and data-protection obligations.
• Legal and safety: where required to comply with applicable law, legal process, or governmental request, or to protect the rights, property, or safety of Tivali, our users, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to the protections of this Policy.

We retain personal data for as long as your account is active or as needed to provide the Service. When a Customer terminates its subscription, we make Customer Content available for export for a limited period (typically 30 days), after which we delete or anonymize it unless a longer retention period is required to comply with legal obligations, resolve disputes, or enforce our agreements.

We implement reasonable technical and organizational measures to protect personal data, including encryption of data in transit, hashed password storage, role-based access controls, multi-tenant isolation, and activity logging for auditability. No system is completely secure; you are responsible for keeping your credentials confidential and for configuring access within your workspace appropriately.

Tivali may process and store data in countries other than the one in which you reside. Where we transfer personal data across borders, we take steps to ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, consistent with applicable law.

Depending on your jurisdiction, you may have the right to access, correct, update, or delete your personal data; to object to or restrict certain processing; to data portability; and to withdraw consent. To exercise these rights:

• If your data is managed within a Customer workspace, please contact your organization’s administrator, who controls that data. We will assist our Customers in responding to such requests.
• For data where Tivali is the controller, contact us at [email protected]. We may need to verify your identity before fulfilling a request.

We use cookies and similar technologies that are strictly necessary to operate the Service, such as maintaining your authenticated session and remembering your tenant context. Because these are essential for the Service to function, they cannot be disabled without affecting your ability to use the platform. We do not use third-party advertising cookies.

The Service is designed for organizational and professional use and is not directed to children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at [email protected].