INTRODUCTION
This Cookie Policy explains how Tavali, Inc. ("Tavali," "we," "us," or "our") uses cookies and similar tracking technologies on our website at www.tavali.ai and within our revenue-intelligent clinical AI platform (collectively, the "Services").
This Cookie Policy should be read in conjunction with our Privacy Policy (www.tavali.ai/privacy) and Terms of Service (www.tavali.ai/terms).
By using our Services, you consent to the use of cookies as described in this Cookie Policy. If you do not agree to our use of cookies, you should set your browser settings accordingly or refrain from using our Services.
1. WHAT ARE COOKIES?
Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website or use an application. Cookies are widely used to make websites work more efficiently and to provide information to website owners.
Cookies can be "persistent" or "session" cookies:
• Session Cookies: Temporary cookies that are deleted when you close your browser or end your session. These help us manage your session and enable you to move through our Services efficiently.
• Persistent Cookies: Cookies that remain on your device for a set period or until you delete them. These help us recognize you as a returning visitor and remember your preferences.
Cookies can also be categorized as "first-party" or "third-party":
• First-Party Cookies: Set by Tavali directly on our domain (www.tavali.ai or app.tavali.ai)
• Third-Party Cookies: Set by third-party services we use, such as analytics providers or advertising platforms
2. SIMILAR TECHNOLOGIES
In addition to cookies, we may use other tracking technologies:
Web Beacons (Pixels): Small graphic images embedded in web pages or emails that allow us to track page views, email opens, and user behavior.
Local Storage: Browser storage mechanisms (localStorage, sessionStorage) that allow us to store data on your device for faster performance and better user experience.
Software Development Kits (SDKs): Code libraries integrated into our mobile applications that help us collect usage data and provide functionality.
API Tokens and Session Identifiers: Unique identifiers used to authenticate your session and maintain security.
Device Fingerprinting: Techniques that collect information about your device configuration to help prevent fraud and enhance security.
References to "cookies" in this Cookie Policy include these similar technologies unless otherwise specified.
3. WHY WE USE COOKIES
We use cookies for the following purposes:
Essential Functionality: To enable core features of the Services, such as user authentication, security, session management, and load balancing.
Performance and Analytics: To understand how visitors use our Services, which pages are most popular, and how we can improve the user experience.
Personalization: To remember your preferences, settings, and choices to provide a customized experience.
Security: To detect and prevent fraud, protect user accounts, and maintain the security of our Services.
Marketing and Advertising: To deliver relevant content and advertisements based on your interests and to measure the effectiveness of our marketing campaigns.
Integration and APIs: To enable integration with third-party services such as practice management systems, clearinghouses, and analytics platforms.
4. TYPES OF COOKIES WE USE
4.1 Strictly Necessary Cookies
These cookies are essential for the Services to function and cannot be disabled in our systems. They are usually set in response to actions you take, such as logging in, setting privacy preferences, or filling in forms.
Purpose:
• User authentication and session management
• Security and fraud prevention
• Load balancing and performance optimization
• Remembering items in your workflow (e.g., unsaved notes, claims in progress)
• Enabling secure communication between your browser and our servers
Examples:
• session_id: Maintains your logged-in session
• csrf_token: Prevents cross-site request forgery attacks
• auth_token: Authenticates API requests from your device
• locale: Remembers your language preference
• cookies_accepted: Remembers your cookie consent preferences
Duration: Session cookies or up to 90 days for persistent authentication
You cannot opt out of strictly necessary cookies while using the Services, as they are required for the platform to function properly.
4.2 Performance and Analytics Cookies
These cookies help us understand how visitors interact with our Services by collecting and reporting information anonymously. This helps us improve the Services and better understand user needs.
Purpose:
• Track page views, feature usage, and navigation patterns
• Measure website and application performance
• Identify technical errors and issues
• Understand which features are most valuable to users
• Conduct A/B testing and product experiments
Examples:
• Google Analytics (_ga, _gid, _gat): Tracks website usage and user behavior
• Mixpanel (mp_*): Analyzes user interactions and product usage
• Datadog (dd_*): Monitors application performance and errors
• Hotjar (hjid, hjSessionUser): Records user sessions for UX analysis
• Amplitude (amplitude_*): Tracks product analytics and user engagement
Duration: Typically 12-24 months, though some session-based analytics cookies expire when you close your browser
Data Collected:
• Pages visited and time spent on each page
• Features used and frequency of use
• Device type, browser, operating system
• Geographic location (city/country level)
• Referring website or campaign source
• Click paths and navigation sequences
Third-Party Providers:
• Google Analytics (privacy policy: https://policies.google.com/privacy)
• Mixpanel (privacy policy: https://mixpanel.com/legal/privacy-policy)
• Datadog (privacy policy: https://www.datadoghq.com/legal/privacy)
4.3 Functional Cookies
These cookies enable enhanced functionality and personalization, such as remembering your preferences and choices.
Purpose:
• Remember your dashboard layout and preferences
• Save filter and sorting preferences
• Store recently accessed patient records or claims
• Remember your preferred date/time format
• Maintain customization settings for reports and analytics
• Store your preferred notification settings
Examples:
• user_preferences: Stores your UI customization settings
• dashboard_layout: Remembers your preferred dashboard configuration
• timezone: Stores your selected timezone
• theme: Remembers your selected color theme (if applicable)
• recent_searches: Saves your recent search queries for convenience
Duration: Typically 6-12 months
If you block or delete these cookies, some features of the Services may not work optimally, but core functionality will remain available.
4.4 Marketing and Advertising Cookies
These cookies are used to deliver relevant advertisements to you and measure the effectiveness of our marketing campaigns. They track your browsing activity across websites.
Purpose:
• Show you relevant Tavali advertisements on other websites
• Measure the effectiveness of advertising campaigns
• Prevent you from seeing the same ad repeatedly
• Track conversions from marketing campaigns to sign-ups
• Create lookalike audiences for targeted marketing
Examples:
• Google Ads (_gcl_*, IDE): Serves targeted advertisements
• Facebook Pixel (fr, _fbp): Tracks conversions and serves ads on Facebook
• LinkedIn Insight Tag (li_*, bcookie): Delivers LinkedIn ads and measures performance
• HubSpot (__hssc, __hstc, hubspotutk): Tracks marketing attribution
• DoubleClick (id, test_cookie): Serves display advertisements
Duration: Typically 12-24 months
Third-Party Providers:
• Google Ads (privacy policy: https://policies.google.com/privacy)
• Facebook (privacy policy: https://www.facebook.com/privacy/policy)
• LinkedIn (privacy policy: https://www.linkedin.com/legal/privacy-policy)
• HubSpot (privacy policy: https://legal.hubspot.com/privacy-policy)
You can opt out of marketing cookies through your browser settings or through the opt-out mechanisms described in Section 6 below.
4.5 Third-Party Integration Cookies
These cookies are set by third-party services integrated into our platform to enable specific functionality.
Purpose:
• Enable PMS integrations (Open Dental, Dentrix, Eaglesoft)
• Facilitate payment processing (Stripe)
• Provide customer support chat functionality (Intercom, Zendesk)
• Enable video tutorials and documentation (YouTube, Vimeo)
• Support single sign-on (SSO) authentication
Examples:
• Stripe (_stripe_*): Enables secure payment processing
• Intercom (intercom-*): Provides in-app customer support chat
• Zendesk (zd_*): Supports help desk functionality
• YouTube (VISITOR_INFO1_LIVE, YSC): Embeds video tutorials
• Auth0/Okta: Enables SSO authentication for enterprise customers
Duration: Varies by service, typically 12 months
These third-party services have their own privacy policies governing their use of cookies. We recommend reviewing their policies:
• Stripe: https://stripe.com/privacy
• Intercom: https://www.intercom.com/legal/privacy
• Zendesk: https://www.zendesk.com/company/agreements-and-terms/privacy-policy
5. DETAILED COOKIE TABLE
Below is a comprehensive list of cookies we use on our Services:
STRICTLY NECESSARY COOKIES
Cookie Name | Purpose | Duration | Type
------------|---------|----------|-----
session_id | Maintains user session | Session | First-party
auth_token | Authentication token | 30 days | First-party
csrf_token | CSRF protection | Session | First-party
locale | Language preference | 1 year | First-party
cookies_consent | Cookie consent status | 1 year | First-party
secure_session | Secure session flag | Session | First-party
PERFORMANCE & ANALYTICS COOKIES
Cookie Name | Purpose | Duration | Type
------------|---------|----------|-----
_ga | Google Analytics ID | 2 years | Third-party
_gid | Google Analytics session | 24 hours | Third-party
_gat | Google Analytics throttling | 1 minute | Third-party
mp_* | Mixpanel analytics | 1 year | Third-party
dd_cookie_test | Datadog monitoring | Session | Third-party
amplitude_id | Amplitude user ID | 10 years | Third-party
FUNCTIONAL COOKIES
Cookie Name | Purpose | Duration | Type
------------|---------|----------|-----
user_preferences | UI customization | 1 year | First-party
dashboard_layout | Dashboard config | 1 year | First-party
timezone | Timezone setting | 1 year | First-party
recent_items | Recently viewed | 30 days | First-party
filter_preferences | Saved filters | 90 days | First-party
MARKETING COOKIES
Cookie Name | Purpose | Duration | Type
------------|---------|----------|-----
_gcl_au | Google Ads conversion | 90 days | Third-party
IDE | Google DoubleClick | 1 year | Third-party
_fbp | Facebook Pixel | 90 days | Third-party
li_sugr | LinkedIn Insight Tag | 90 days | Third-party
__hstc | HubSpot analytics | 13 months | Third-party
hubspotutk | HubSpot visitor token | 13 months | Third-party
THIRD-PARTY INTEGRATION COOKIES
Cookie Name | Purpose | Duration | Type
------------|---------|----------|-----
_stripe_mid | Stripe fraud prevention | 1 year | Third-party
intercom-session | Intercom chat session | 1 week | Third-party
__zlcmid | Zendesk chat | 1 year | Third-party
VISITOR_INFO1_LIVE | YouTube embedded videos | 180 days | Third-party
Note: This table is not exhaustive and may be updated as we add or remove services.
6. HOW TO MANAGE COOKIES
You have several options to manage or disable cookies:
6.1 Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically:
• Block all cookies
• Block third-party cookies only
• Delete cookies after each browsing session
• Receive alerts when cookies are being set
• View and delete individual cookies
Browser-Specific Instructions:
Google Chrome: Settings > Privacy and security > Cookies and other site data
https://support.google.com/chrome/answer/95647
Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Safari: Preferences > Privacy > Cookies and website data
https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
Microsoft Edge: Settings > Cookies and site permissions > Cookies and site data
https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Note: If you disable all cookies, you may not be able to use certain features of our Services, particularly those requiring authentication.
6.2 Cookie Preference Center
When you first visit our website, you will see a cookie consent banner allowing you to accept or customize your cookie preferences. You can access your cookie preferences at any time by:
• Clicking the "Cookie Preferences" link in the footer of our website
• Visiting www.tavali.ai/cookie-preferences
• Clearing your cookies and revisiting our site
Our Cookie Preference Center allows you to:
• Accept or reject marketing and analytics cookies
• Learn more about each category of cookies
• Update your preferences at any time
Note: Strictly necessary cookies cannot be disabled through the Cookie Preference Center as they are essential for the Services to function.
6.3 Opt-Out of Third-Party Cookies
You can opt out of certain third-party cookies using these tools:
Google Analytics: Install the Google Analytics Opt-out Browser Add-on
https://tools.google.com/dlpage/gaoptout
Network Advertising Initiative (NAI): Opt out of behavioral advertising
http://www.networkadvertising.org/choices/
Digital Advertising Alliance (DAA): Consumer choice tools
http://www.aboutads.info/choices/
European Interactive Digital Advertising Alliance (EDAA): Your Online Choices
http://www.youronlinechoices.eu/
Google Ads Settings: Manage Google ad personalization
https://adssettings.google.com/
Facebook Ad Preferences: Control Facebook ads
https://www.facebook.com/ads/preferences/
LinkedIn Ad Settings: Manage LinkedIn ads
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
6.4 Mobile Device Settings
For mobile apps, you can manage cookies and tracking through your device settings:
iOS: Settings > Privacy > Tracking (requires iOS 14.5+)
Android: Settings > Google > Ads > Opt out of Ads Personalization
6.5 Do Not Track (DNT) Signals
Some browsers offer a "Do Not Track" (DNT) signal that requests websites not to track your browsing. Currently, there is no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but we will update this policy if standards emerge.
7. COOKIES AND PROTECTED HEALTH INFORMATION
IMPORTANT: We do not use cookies to store protected health information (PHI) or other sensitive clinical data.
PHI processed through our Services is:
• Stored securely in our HIPAA-compliant database infrastructure
• Encrypted in transit and at rest
• Never stored in browser cookies or local storage
• Transmitted only through secure, authenticated API calls
Cookies used in our Services may contain:
• User authentication tokens (encrypted)
• Session identifiers (not linked to PHI)
• User preferences and settings
• Usage analytics (de-identified)
If you log out or clear your browser cookies, this does not delete any PHI from our secure databases. PHI can only be deleted through the account management features within the Services or by contacting your practice administrator.
8. COOKIES FOR LOGGED-OUT USERS VS. LOGGED-IN USERS
8.1 Logged-Out Users (Marketing Website Visitors)
If you visit our marketing website (www.tavali.ai) without logging in, we use:
• Strictly necessary cookies (minimal)
• Analytics cookies (to improve the website)
• Marketing cookies (to show you relevant ads, with your consent)
8.2 Logged-In Users (Platform Users)
If you log into the Tavali platform, we use:
• Strictly necessary cookies (for authentication and security)
• Performance cookies (to optimize the application)
• Functional cookies (to remember your preferences)
• Analytics cookies (to improve features you use)
We do not use marketing/advertising cookies within the logged-in platform application.
9. CONSENT AND LEGAL BASIS
9.1 Consent (GDPR/ePrivacy)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on your consent for non-essential cookies (analytics, marketing, functional) as required by the ePrivacy Directive and GDPR.
You can withdraw your consent at any time by:
• Adjusting your cookie preferences in our Cookie Preference Center
• Changing your browser settings to block cookies
• Contacting us at contact@tavali.ai
Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.
9.2 Legal Basis for Strictly Necessary Cookies
We do not require consent for strictly necessary cookies, as they are essential for providing the Services you have requested. Our legal basis for these cookies is:
• Contract performance (GDPR Article 6(1)(b))
• Legitimate interests (GDPR Article 6(1)(f)) - specifically, ensuring security and preventing fraud
9.3 California and U.S. State Privacy Laws
We do not "sell" or "share" personal information as defined by the California Consumer Privacy Act (CCPA) or other U.S. state privacy laws through our use of cookies. However, California residents and residents of other states with applicable privacy laws have the right to opt out of certain cookie-based tracking for targeted advertising purposes.
10. COOKIES ON MOBILE APPLICATIONS
Our mobile applications (iOS and Android) may use:
• Local storage for caching and performance
• Device identifiers for authentication and analytics
• Mobile analytics SDKs (e.g., Google Analytics for Firebase, Mixpanel)
• Crash reporting tools (e.g., Sentry, Crashlytics)
Mobile app tracking is subject to your device's privacy settings:
• iOS: Settings > Privacy > Tracking
• Android: Settings > Google > Ads
We respect the App Tracking Transparency (ATT) framework on iOS and similar privacy frameworks on Android.
11. COOKIE LIFESPAN AND RETENTION
Session Cookies: Deleted when you close your browser or log out
Short-Term Persistent Cookies:
• Authentication tokens: 30 days
• Analytics session cookies: 24 hours
• Preference cookies: 90 days
Long-Term Persistent Cookies:
• User preferences: 1 year
• Marketing cookies: 1-2 years
• Analytics cookies: 2 years
You can delete cookies at any time through your browser settings. After expiration or deletion, cookies will be recreated the next time you visit our Services (subject to your consent preferences).
12. UPDATES TO THIS COOKIE POLICY
We may update this Cookie Policy from time to time to reflect:
• Changes in the cookies we use
• New features or services
• Changes in legal requirements
• Updates to third-party services
When we make material changes, we will:
• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a notice on our website
• Request renewed consent where required by law
Your continued use of the Services after changes to this Cookie Policy constitutes acceptance of the updated policy.
13. CONTACT US
If you have questions about our use of cookies or this Cookie Policy, please contact us:
Tavali, Inc.
Attn: Privacy Officer
3186 Wildflower summit, Encinitas, CA 92024
Email: contact@tavali.ai
For general inquiries:
Email: contact@tavali.ai
Website: www.tavali.ai/contact
For data protection inquiries (EEA/UK):
Email: contact@tavali.ai
EU Representative: [To be inserted if applicable]
ADDITIONAL RESOURCES
• Tavali Privacy Policy: www.tavali.ai/privacy
• Tavali Terms of Service: www.tavali.ai/terms
• Cookie Preference Center: www.tavali.ai/cookie-preferences
• Data Protection and Security: www.tavali.ai/security
• HIPAA Compliance: www.tavali.ai/hipaa
External Resources:
• All About Cookies: www.allaboutcookies.org
• Your Online Choices (EU): www.youronlinechoices.eu
• Network Advertising Initiative: www.networkadvertising.org
• Digital Advertising Alliance: www.aboutads.info
