Privacy Policy

1. Introduction

Toured ("we," "us," or "our") is operated by Roofener Development LLC, a limited liability company. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Toured services. The "Services" include (a) the Toured mobile application for iOS (the "App"), and (b) the Toured Counselor Console web platform at counselor.toured.app (the "Counselor Console"). Both surfaces share the same backend and are covered by this Privacy Policy. Where a provision refers to "the App" but applies equally to the Counselor Console, it should be read to cover both unless context clearly indicates otherwise.

By creating an account or using the Services, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with any part of this Privacy Policy, do not use the Services. If you have already created an account and no longer agree, your sole and exclusive remedy is to delete your account (see Section 8) and stop using the Services, which will permanently remove all of your personal data from our servers.

The Services are available exclusively in the United States and are intended for users located in the United States.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address, first name, last name, and account type (student, parent, or counselor). Counselor accounts also include an organization name (school or independent practice) and an account-type sub-selection (school counselor or independent counselor). If you sign in with Apple on the iOS app, we receive your name and email (or an Apple relay email) as authorized by you. Counselor accounts use email and password only; Sign In with Apple is not currently supported in the Counselor Console.
• Profile Information: Graduation year (for students), referral source (how you heard about the App), and any optional profile details you provide.
• Rankings & Preferences: If you rank colleges or set priority weights (your personal importance for categories like academics, campus, dining, etc.), this data is stored in your profile. You may also mark colleges with interest levels (such as love, like, or dislike) to track your preferences; these interest levels are stored in your profile.
• Visit Data: When you log a college visit, we collect your ratings across seven categories (campus beauty, academics, student life, dorms, dining, facilities, location), written notes and category-specific notes, written reflections on any guided prompts you choose from a bank of 25+ questions (organized by themes such as essentials, academics, student life, living and dining, campus surroundings, facilities and athletics, and fit), and visit dates. For planned visits, we store your planned date and optional start/end times. For live visits (started when near campus), we also store check-in and check-out times, paused duration, and timestamped live notes (each with a category, sentiment, and optional photo).
• Collaborative Visit Data: During a live visit, a linked parent may join and contribute notes and photos in real time. Their contributions are stored as part of the visit record, attributed by author name and ID.
• Photos: Photos you take with your camera or import from your photo library during college visits. You choose which photos to capture and upload. You may also add captions and tags to photos.
• Admission Cards: If you photograph an admission card during a college visit, the photo is uploaded and stored alongside metadata including the associated college and capture date. Admission card photos are stored separately from visit photos and can be deleted individually.
• Feedback: Bug reports and feature requests you voluntarily submit through the App, including title, description, category, severity (for bugs), and optional screenshots. If you provide your name, it may be displayed alongside approved submissions on the public Feedback Board. Other users can upvote or downvote approved feedback items. You can delete your own submissions unless they are marked as in progress or done.
• Device Diagnostic Information: When you submit a bug report or feature request, we automatically collect device information to help us diagnose issues. This includes your iOS version, app version and build number, device model (e.g., "iPhone 16 Pro"), device name (e.g., "John's iPhone"), locale, timezone, and screen size. This information is displayed to you in a collapsible "Auto-collected" section before you submit. Device diagnostic information is stored alongside your feedback submission and is not used for any other purpose.
• Payment Information: We do not directly collect or store your credit card number or payment credentials. All payments are processed by Apple (via In-App Purchase). From Apple In-App Purchase, we receive transaction IDs, product identifiers, purchase dates, and expiration dates.
• Counselor Notes (Counselor Console only): If you use the Counselor Console, you may write private notes about students, colleges, or your own student groups. Each note may be up to 8,000 characters and may be pinned or unpinned. Notes are stored against your counselor account and are visible only to you — not to the student, the student's parents, or any other counselor (see Section 6). Deleted notes are soft-deleted and recoverable for 30 days; after that they are permanently purged.
• Counselor Groups (Counselor Console only): Counselors can organize their linked students into named groups (e.g., by graduation year, advisory block, or program), each with a custom color. We store the group name, color, sort order, and a list of the student profile IDs that belong to each group. Group membership is visible only to the counselor who owns the group.
• CSV Import Data (Counselor Console only): If you use the Toured Counselor Console, you may upload a CSV file containing student email addresses. We collect these email addresses solely for the purpose of generating single-use invite codes and sending invitation emails that allow students to link their accounts to the counselor. The emails are not used for marketing, are not shared with any third party, and are retained only for as long as necessary to send the invite and manage the status of pending or expired invitations (invites expire after 14 days). No other information (such as student names, IDs, or grades) is collected or imported from the CSV. This data processing occurs only when a counselor voluntarily uses the CSV import feature.

2.2 Information Collected Automatically

• Location Data: With your permission, we temporarily request precise location (when the App is in use) to detect proximity to college campuses (within approximately 500 meters). We use this to prompt you to start a live visit and to find nearby colleges. Your location is processed in real time and is not stored on our servers or in any database. We do not track your location in the background or when the App is closed.
• Usage Data: We collect basic usage counters for free-tier limits (e.g., number of college detail views per day, number of comparisons per day, whether your free visit log or planned visit slot is used). These are stored as part of your profile and are not shared with third parties.
• Analytics Data: We may collect usage data to understand how the App is used and to improve its features. This may include interactions with App features, screen views, session duration, user identifiers, and device information (such as device model, operating system version, and app version). Analytics data is used solely for product improvement and is not used for advertising, cross-app tracking, or shared with third parties other than the analytics service provider.

2.3 Information We Do Not Collect

• We do not use advertising identifiers (IDFA) or participate in ad tracking.
• We do not use advertising, ad tracking, or cross-app tracking SDKs.
• We do not sell, rent, or share your personal information with any third party, except as necessary to operate the App through our service providers described in Section 5. Outside of those service providers, your name, email address, and other personally identifiable information are never shared with or sold to anyone — including educational institutions, data brokers, and advertisers. (Aggregated, de-identified data that cannot identify any individual user is not considered personal information — see Section 3.1.)
• We do not track you across other apps or websites.
• We do not send push notifications. The App does not use Apple's Push Notification service or any remote notification capability. We may send occasional marketing emails to the email address on your account; you may opt out at any time via the unsubscribe link in any such email.
• We do not store your location data. Location is used only for real-time proximity detection and is never persisted.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the App: To create and manage your account, log visits (including live visits and planned visits), store your photos and notes, generate side-by-side comparisons and personalized rankings with Fit Scores, and deliver all App features.
• Linked accounts: To enable parents and counselors to view student visit data, as authorized by the student through account linking. This includes enabling co-parent connections.
• Counselor activity feed: To present linked counselors with a real-time stream of events from their caseload (visits planned, started, and finished; rankings updated; college tracking changes; recommendations sent and student responses; notes added; students joining). These events are derived from existing data the student has already chosen to share at their selected access level and are not a new data collection.
• Collaborative visits: To allow linked parents to join a student's live visit in real time and contribute notes and photos together.
• Live Activities: To display your active live visit status on your device's Lock Screen and Dynamic Island (for students and parents). This data stays on your device.
• Proximity detection: To detect when you are near a college campus (within approximately 500 meters) and offer to start a live visit.
• Subscription management: To process your subscription, verify premium access (including access granted by a parent's Family Plan or a counselor's plan), and manage billing through Apple In-App Purchase.
• Communication: To send account verification emails (OTP), password reset emails, and account deletion confirmation codes. By creating an account, you also agree to receive occasional emails from us about college visit tips, new App features, promotions, and other college-related content. You may opt out of marketing emails at any time by clicking the unsubscribe link in any email we send or by contacting us at [email protected]. Opting out of marketing emails will not affect transactional emails (such as account verification or password resets).
• Feedback Board: To display approved bug reports and feature requests on the public Feedback Board, allowing users to upvote and downvote submissions and track their status.
• Improve the App: To analyze how the App is used, identify issues, and improve features and performance. This includes responding to bug reports and feature requests you submit, and using analytics data to understand usage patterns. Device diagnostic information attached to feedback helps us reproduce and fix issues specific to your device configuration.
• App configuration: To deliver maintenance mode notices, version update prompts, and announcements via our remote configuration system.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3.1 Aggregated and De-Identified Data

We may create aggregated, de-identified data derived from user activity and content. This data is stripped of all personally identifiable information and cannot reasonably be used to identify any individual user.

Aggregated, de-identified data is not personal information. We may use, analyze, sell, license, or otherwise commercially provide such data to any third party for any lawful purpose. This use may continue even after you delete your account, because the data cannot be traced back to you.

4. How We Store and Protect Your Data

4.1 Data Storage

Your data is stored using the following services:

• Supabase: Your account information, profile, visit data, linked accounts, invite codes, feedback submissions, and subscription records are stored in a database hosted by Supabase, Inc. on infrastructure provided by Amazon Web Services (AWS) in the United States.
• Supabase Storage: Photos you upload during visits, admission card photos you capture, and optional screenshots attached to feedback submissions are stored in cloud storage provided by Supabase, hosted in the United States.
• Cloudflare: The Toured Counselor Console web platform (separate from the mobile app) is hosted on Cloudflare infrastructure. Cloudflare provides content delivery, hosting, and security services for the static web application. No personal user data is stored on Cloudflare; all account, visit, and profile data remains in Supabase.
• Local Offline Cache: The App caches visits, college data, profile information, rankings, and linked account data locally on your device to enable offline functionality. This data is automatically refreshed when you are online.
• Offline Sync Queue: When you use the App without an internet connection, actions such as saving visit notes, uploading photos, updating rankings, or modifying visit data are queued locally on your device. Queued actions are automatically synced with our servers when connectivity is restored. Failed operations are automatically retried before being discarded.
• Local Photo Storage: Photos taken or imported during visits while offline are temporarily stored on your device until they can be uploaded to our servers. These temporary files are cleaned up after successful upload.
• Photo Cache: Photos you have previously viewed are cached on your device for faster loading. This cache may be automatically purged by iOS when device storage is low. Cached photos are not transmitted to our servers.
• Secure Local Storage: Visit log drafts (in-progress visit entries) are securely stored on your device to prevent data loss. Drafts are automatically discarded after a period of inactivity. This data is never transmitted to our servers.
• Local Preferences: Settings such as theme preference (light, dark, or system), shake-to-report toggle, save-photos-to-camera-roll toggle, recent college searches (up to 12), onboarding progress, and cached display information (name, account type, premium status) are stored locally on your device. These are never transmitted to our servers.

4.2 Security Measures

We implement reasonable and appropriate security measures to protect your personal information, including:

• All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security).
• Database access is protected by access control policies, ensuring users can only access their own data.
• Authentication tokens are managed securely.
• Payment processing is handled by Apple's In-App Purchase system (for iOS app subscriptions). The Toured Counselor Console web platform does not process payments at this time.
• Account deletion requires re-authentication via email-based OTP (one-time password) verification and is processed server-side.

While we take reasonable precautions, no method of electronic storage or transmission over the Internet is 100% secure. We cannot and do not guarantee the absolute security of your data. You acknowledge that you provide your personal information at your own risk.

You acknowledge that no data system is infallible, and that inadvertent disclosures of personal information may occur despite reasonable precautions — including through technical errors, data processing mistakes, or unintentional inclusion of identifiable information in aggregated data. To the maximum extent permitted by applicable law, we disclaim all liability for any such inadvertent disclosure.

You further acknowledge that we rely on third-party service providers (including Supabase, Apple, AWS, and Cloudflare) for data storage, processing, and transmission, and that the security of your data while in the custody of these providers is governed by their own security practices, over which we have no control. We are not responsible or liable for any security breach, unauthorized access, or data loss that occurs at any third-party provider's systems or infrastructure.

5. Third-Party Services

We use the following third-party services to operate the App. Each service has its own privacy policy governing how it handles your data:

Service	Purpose	Data Shared
Supabase	Backend infrastructure and services	Account info, visit data, photos, feedback submissions (including device diagnostic info and screenshots), profile data, linked account data
Apple	Sign In with Apple authentication; In-App Purchase payment processing for Student and Family subscriptions (monthly and annual billing options)	Name and email (as authorized by you); transaction IDs, product identifiers, and purchase/expiration dates for In-App Purchases
Cloudflare	Hosting, CDN, and security for the Toured Counselor Console web platform	Static web assets only (HTML, CSS, JavaScript). No personal user data or database records are stored on Cloudflare.

Privacy policies for these services:

• Supabase: supabase.com/privacy
• Apple: apple.com/privacy
• Cloudflare: cloudflare.com/privacypolicy

We do not use any advertising or cross-app tracking services. We may use additional third-party service providers for analytics or error monitoring solely for product improvement. The services listed above represent all providers currently processing your data; this list will be updated as providers are added or changed.

5.1 Third-Party Liability Disclaimer

The third-party services listed above are independently owned and operated and are not under our control. Each third-party provider is solely responsible for its own security practices, data protection measures, and compliance with applicable laws and regulations.

We are not responsible or liable for any data breach, data leak, security incident, unauthorized access, data loss, data corruption, service outage, or other failure at any third-party service provider, including but not limited to Supabase, Apple, Amazon Web Services (AWS), Cloudflare, or any of their subcontractors or infrastructure providers.

In the event of a data breach or security incident at a third-party provider that may affect your personal information:

• We will make commercially reasonable efforts to notify affected users promptly upon learning of the incident, to the extent required by applicable law.
• Your sole recourse for any harm arising from such incident is against the responsible third-party provider under its own terms of service and privacy policy.
• We disclaim all liability for the actions, omissions, or negligence of any third-party service provider, regardless of whether we selected, integrated, or recommended the use of such provider.

By using the App, you acknowledge that your data is processed and stored using third-party infrastructure, and you voluntarily assume all risks associated with the transmission and storage of your data through these services.

6. Linked Accounts and Data Sharing Between Users

The Services allow students to link their accounts with parents and/or counselors using single-use invite codes (which expire after 14 days). Parents link from the iOS App; counselors link from the Counselor Console at counselor.toured.app. When you link your account:

• Students: By linking to a parent or counselor, you authorize them to view your college visit data, planned visits, rankings, and profile information. You control the access level: "View All" (everything including photos) or "View Limited" (everything except photos).
• Parents: You can view your linked children's visit data. You can invite a co-parent who will share the same view of your linked students. Parents with a Family Plan subscription grant premium access to linked students. Parents may join a student's live visit to collaboratively add notes and photos in real time. Parents may also recommend colleges to their linked students; recommendations include the college, the recommending parent's identity, and a status (e.g., active or dismissed).
• Counselors: Counselors link to students through the separate Toured Counselor Console web platform. Counselors may grant premium access to linked students and may recommend colleges (including via batch actions to groups of students). Using the Console, counselors can view activity dashboards and timeseries analytics for their linked students, including counts over time of visits logged, planned visits, recommendations, college interest tracking, and admission cards captured. Counselors may also upload CSV files containing only student email addresses to generate and send single-use invite codes via email. All such access and processing is subject to the student's chosen access level ("View All" or "View Limited") and is used solely to support the student's college planning process.

Profile data shared between linked accounts: Linked parents and counselors can view all of a student's data at the access level the student selects — "View All" (everything including photos) or "View Limited" (everything except photos). This includes visit data, ratings, notes, rankings, priority weights, preferences, interest levels, and profile information. Your referral source (how you heard about the App) is not shared with linked accounts.

Counselor-to-counselor isolation: If a student is linked to more than one counselor, each counselor's private notes and groups are scoped to that counselor's account only. Counselors cannot see each other's notes, groups, or recommendations history.

Effect of unlinking: You can unlink accounts at any time through the iOS App's settings (students/parents) or the Counselor Console settings (counselors). Unlinking immediately revokes the other party's access to your data. A counselor's private notes about a student remain in the counselor's account after a student unlinks, because those notes belong to the counselor — not to the student. Recommendations the counselor previously sent are removed from the now-unlinked student's view.

6.1 FERPA and School-Based Counselor Use

The Services are not designed to be a system of record for education records under the Family Educational Rights and Privacy Act (FERPA) or comparable state laws. Toured is a college-search and visit-planning tool that students voluntarily use, and that counselors may use to support those students. We do not act as an "official" school records system, and information you (or a counselor) put into Toured should not be relied on as a FERPA-protected education record.

If you are a school-based counselor or otherwise act on behalf of an educational institution, you are responsible for confirming that your use of the Counselor Console (including any notes, recommendations, or invitations you create) complies with your institution's policies and with FERPA, any state student-privacy laws, and any agreements between your institution and your students or their families. Do not enter information into the Counselor Console that your institution treats as a FERPA-protected education record unless your institution has authorized you to do so and has determined that doing so is appropriate. We are not a "school official" under FERPA and have no direct relationship with your institution unless we have a written agreement that says otherwise.

7. Children's Privacy

The App is designed for high school students planning college visits. We recognize that some users may be under the age of 18.

• The App is not directed at children under the age of 13. Users must be at least 13 years old to create an account.
• If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.
• For users between the ages of 13 and 17, we encourage parental involvement. The App's linked account feature allows parents to connect to and monitor their student's college visit activity.
• If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at the email address below.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13.

8. Your Rights

8.1 All Users

Regardless of where you are located, you have the following rights:

• Access: You can view all of your personal information within the App at any time, including your profile, visits, photos, rankings, and linked accounts.
• Correction: You can edit your profile information, visit notes, ratings, and other data directly within the App.
• Deletion: You can permanently delete your account and all associated data through Settings > Profile > Delete Account. This process requires re-authentication via email OTP and is irreversible. Upon deletion, we remove your profile, visits, photos, feedback submissions, linked account connections, subscription records, and all other personal data from our servers.
• Portability: You can view all of your data within the App, including your profile, visits, notes, ratings, and linked accounts. Visit photos can be saved to your device's photo library. We do not currently offer a bulk data export feature.
• Withdraw Consent: You can revoke location, camera, and photo library permissions at any time through your device's Settings. You can unlink accounts to revoke data sharing. You may withdraw your consent to our collection and processing of your personal data entirely by deleting your account, which will permanently remove all of your personal information from our servers within 30 days.

8.2 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions. You can exercise this right through the in-app account deletion feature.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. (Aggregated, de-identified data that cannot identify any individual user is not personal information under the CCPA — see Section 3.1.)
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, you may use the in-app features described above or contact us at the email address provided below.

8.3 Other State Privacy Laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state with consumer privacy legislation, you may have similar rights to access, correct, delete, and opt out of the sale of your personal information. To exercise these rights, please contact us at the email address below.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the App's services. We currently retain all user data at no additional cost for the lifetime of your account; however, we reserve the right to introduce data retention limits or require a paid subscription for long-term or indefinite data storage in the future. If we make such a change, we will provide reasonable advance notice and will not delete any existing data without giving you the opportunity to take action.

Specifically:

• Account data: Retained until you delete your account.
• Visit data, photos, and admission cards: Retained until you delete the individual item or your account.
• Subscription records: Retained for as long as required by applicable tax and financial regulations (typically up to 7 years after the subscription ends).
• Feedback submissions: Retained until you delete them or until you delete your account. Approved feedback that appears on the public Feedback Board remains visible until deleted. Device diagnostic information is retained with the feedback submission and deleted when the submission is deleted.

When you delete your account, we will permanently delete or de-identify your personal information within 30 days, except where we are required by law to retain certain records. Specifically:

• Your profile, visit data, photos, admission cards, college interest tracking, recommendations, feedback submissions, linked account connections, invite codes, and all other personal data stored in Supabase will be permanently deleted.
• Subscription and payment records may be retained by Apple and/or by us for up to 7 years as required by applicable tax, accounting, and financial regulations.
• Data cached locally on your device — including offline data, cached content, drafts, and preferences — will no longer sync and can be removed by uninstalling the App. Signing out of the App also clears local caches and queued data.

After account deletion, we will have no further ability to access, recover, or restore your personal data. Any aggregated, de-identified data that was derived from your activity prior to deletion (as described in Section 3.1) is not personal data, cannot be traced back to you, and may be retained.

10. Device Permissions

The App may request the following device permissions. All permissions are optional and can be managed through your device's Settings:

• Location (When In Use): Used to detect when you are near a college campus (within approximately 500 meters) to offer live visit features. Precise location is temporarily requested for reliable proximity detection. Location is only accessed while the App is open and in use — never when the App is closed, in the background, or not actively on screen. Your location is never stored on our servers.
• Camera: Used to take photos during college visits. Photos are only captured when you actively choose to take a photo.
• Photo Library (Read): Used to import existing photos into visit logs.
• Photo Library (Write): Used to save visit photos to your device's camera roll (controlled by a toggle in Settings; enabled by default).

The App does not request permission for push notifications, microphone, contacts, Bluetooth, or any other device capabilities.

Denying any permission will not prevent you from using the App, though certain features may be limited.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time, for any reason, at our sole discretion. When we make changes, we will update the "Last Updated" date at the top of this page. We may, but are not obligated to, provide additional notice of changes through the App or via email.

It is your sole responsibility to review this Privacy Policy periodically for changes. Your continued use of the App after any changes are posted constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes to this Privacy Policy, you must stop using the App and delete your account through Settings > Profile > Delete Account, which will permanently remove all of your personal data from our servers.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: