Tana Terms,
Privacy and Security

This is not a legal document. It is written to give you a general overview of our practices and philosophy on privacy.

You can find our full Privacy Policy here and our Terms and Conditions here.

It’s your data

• We will not sell or use your data for advertising.
• We won’t change ownership or copyright status of the data you put into Tana.
• You will always be able to export the data you put in to Tana.

We will not read your private notes

• We will not read or access your private notes without written or verbal consent.
• Tana employees can not access your private data unless you authorize them.
• If, for support reasons, you want to give us access to your workspace, we will log the request and can temporarily give our support personel access to your data.
• A limited set of Tana employees have access to our production database for safe operations of Tana. We log accesses to our databases and perform regular audits to monitor for unauthorized accesses. If an audit discovers unauthorized access, we will promptly launch an internal investigation and make any notifications as may be required under applicable laws.

We are committed to protecting your data

• Security is never “done” – it’s an ongoing commitment
• We follow industry standard practices, e.g. we use Dependabot to keep track of vulnerable dependencies, we have a content security policy (CSP) for the app, and we store data in Google Cloud, where data is encrypted both at rest and in transit. This also means Google does not have access to your data.
• We will periodically perform a Security Review by a trusted and independent third party.

How do I report a security issue?

We are extremely grateful for responsible security researchers that report vulnerabilities to us. Please send an email to security@tana.inc to disclose a security vulnerability found in our products. You may encrypt any sensitive information using our PGP key.

Last updated: 04-26-2024