Privacy Policy

Effective date: 19 May 2026

Tawi is the public brand. TawiGo is the AI product. This policy covers TawiGo web services, TawiGo Desktop, local model/runtime features, voice, memory, coding, document workflows, research, app automation, browser automation, and approved integrations.

1. Who we are

Tawi Research, Inc. ("Tawi", "we", "us") is a Delaware corporation that operates Tawi and the TawiGo product at tawi.ai, go.tawi.ai, api.tawi.ai, associated desktop applications, and integration components.

2. What TawiGo does

TawiGo is Tawi's AI work product for agent orchestration, coding, research, voice, persistent memory, local and cloud model routing, document workflows, browser automation, desktop automation, and user-approved app control. TawiGo can operate across web, desktop, local runtime, and cloud service surfaces depending on the user's setup and selected workflow.

Tawi and TawiGo are not an advertising network, data broker, credit-scoring service, or background surveillance product.

3. Data we may process

TawiGo only processes data needed to deliver the task the user requests or approves. Depending on the task, this can include:

• Account data: email address, account identifiers, subscription tier, billing status, and support messages.
• Authentication-related data: browser session state, login page state, and credential-adjacent page signals needed for user-approved automation. TawiGo does not ask the extension to collect or export passwords.
• Personal communications: email, chat, message, or document content only when the user asks TawiGo to work with those pages or apps.
• Web history and tab data: page URL, title, active tab, navigation state, and tab metadata needed to identify and operate the user-approved tab.
• User activity: task-scoped click, typing, scroll, form, and navigation events used to perform or verify the approved automation.
• Website content: visible page text, forms, links, images, DOM structure, and page state needed to understand or complete the approved task.
• Technical data: device type, operating system, browser type, extension version, app version, error reports, rate-limit signals, and security logs.
• Payment data: payment status and transaction metadata from payment processors. We do not store card numbers.

TawiGo does not intentionally collect health information, financial account information, precise location, or other sensitive categories through the extension. If a user explicitly asks TawiGo to automate a page containing sensitive information, TawiGo may transiently process the visible page content solely to complete that user-approved task.

4. Automation and integrations

TawiGo can automate websites, desktop apps, files, local models, documents, coding workflows, and connected services when the user enables and approves those capabilities. Automation data is task-scoped: TawiGo uses what is needed to understand, perform, and verify the requested task.

Browser integrations are one part of that system. The public consumer Chrome/Edge bridge does not request broad wildcard host permissions. It uses browser-approved, task-scoped control instead:

• activeTab: to operate the active tab after a user-approved automation step starts.
• tabs: to identify the approved tab, read navigation state, and clean up after the task.
• scripting: to inspect or interact with the current page during an approved task.
• debugger: to provide fast browser-native automation through the browser's approved debugger API, without exposing a raw remote debugging port for the user's default profile.
• nativeMessaging: to communicate with the locally installed TawiGo Desktop native host.

If a managed enterprise deployment ever requires pre-approved site access, that deployment should use explicit organization-approved domains rather than wildcard all-site access.

5. How we use data

• To provide TawiGo, TawiGo Desktop, browser automation, AI agent workflows, voice, memory, coding, document, research, and automation features.
• To carry out user-approved browser actions and verify completion.
• To maintain safety controls, permission checks, rate limits, abuse detection, and audit evidence.
• To provide support, fix bugs, and improve reliability.
• To process billing, subscriptions, and refunds through payment processors.

6. What we do not do

• We do not sell user data.
• We do not transfer user data to third parties except to provide the service, process payments, run infrastructure, comply with law, or respond to a user request.
• We do not use extension data for advertising.
• We do not use or transfer user data to determine creditworthiness or for lending purposes.
• We do not load remote code into the browser extension. Extension code is packaged with the submitted item.
• We do not expose the user's browser profile through an unauthenticated remote debugging network port.

7. Data sharing and processors

We may share limited data with service providers required to operate TawiGo, including AI model providers, infrastructure providers, observability providers, email/support providers, and payment processors. These providers process data for TawiGo's service delivery and support functions, not for unrelated advertising or resale.

Payment processing may be handled by providers such as Stripe, PayPal, M-Pesa, Flutterwave, Paddle, or equivalent processors depending on region and payment method.

8. Retention

Task data is retained only as needed for the user-facing product, safety evidence, debugging, billing, compliance, or support. Browser automation data is intended to be task-scoped and minimized. Support requests are retained for support continuity.

Encrypted off-site backups are rotated on a 30-day schedule: data deleted from production persists in backups for at most 30 days, after which it is unrecoverable. Backups are never restored in a way that reintroduces deleted data.

You can export your data or permanently delete your account at any time from Settings → Privacy & Data inside the product, or by contacting us.

9. Security

We use TLS, authentication, scoped permissions, rate limits, network isolation, redaction controls, audit logs, and hardened deployment practices. Local integrations should use approved local channels and avoid exposing unsafe network control ports.

10. User control

Users can disable or remove the browser extension at any time from the browser's extension settings. Users can uninstall TawiGo Desktop from the operating system. Browser automation that touches account-bound pages should be user-approved and visible to the user.

11. Children's privacy

TawiGo is not directed to anyone under 16, you must be at least 16 to create an account, and we do not knowingly collect personal data from anyone under 16.

12. International users

TawiGo may be operated from or processed in multiple jurisdictions where our infrastructure and service providers operate. We use reasonable safeguards for cross-border processing.

13. Changes

We may update this policy as TawiGo changes. Material changes will be posted on this page and may also be communicated through the app or email.

14. Contact

Legal entity: Tawi Research, Inc., Delaware corporation.

Privacy and support requests: support@tawi.ai

General contact: hello@tawi.ai

Support page: https://tawi.ai/support