Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — used for authentication and account recovery
• Display name — visible to other members in your Roam sessions
• Profile photo (optional) — visible to other session members

You may sign in using Apple Sign-In, Google Sign-In, or email/password. When using third-party sign-in, we receive an authentication token from the provider. We do not receive or store your third-party account password.

1.2 Body & Health-Related Information

To provide BAC (Blood Alcohol Content) estimates, we collect:

• Biological sex (male or female) — used in the Widmark metabolic formula
• Body weight (in kilograms) — used in the Widmark metabolic formula

This information is stored securely and used solely for BAC estimation. BAC values are calculated on-device using a conservative Widmark formula with a built-in safety bias. BAC estimates are not medical advice and should never be used to determine fitness to drive or operate machinery.

1.3 Drink Logs

When you log a drink, we collect:

• Drink category (beer, wine, spirit, cocktail, cider, other)
• Drink name
• Volume (ml) and alcohol by volume (ABV %)
• Standard drink equivalents and alcohol grams (calculated)
• Timestamp of when the drink was logged
• Associated session ID (if logged during an active session)
• Drink photo (optional)

1.4 AI Drink Recognition

When you use the camera-based drink recognition feature, a photo of your drink is sent to Google's Gemini AI service (via Firebase AI) for analysis. The image is:

• Downsampled to approximately 800 pixels maximum dimension
• Compressed as JPEG at 80% quality before transmission
• Transmitted securely over HTTPS/TLS to Google servers
• Processed by Google's Gemini AI model to identify the drink type, name, estimated volume, and ABV

Important: Once transmitted, the image is processed by Google in accordance with Google's Privacy Policy and Google Cloud Terms of Service. We do not control how Google retains or processes images after transmission. Google may use data in accordance with their terms, including for service improvement.

You are not required to use AI drink recognition — you may always log drinks manually.

1.5 Location Data

With your explicit permission, we collect your geographic location (latitude and longitude) using your device's location services:

• When In Use: Location is collected while the App is open and active
• Background Location: If you grant "Always" permission, location updates continue when the App is in the background during an active Roam session

Location data is:

• Updated only when your device moves more than 10 metres
• Shared with other members in your active Roam session only if you enable the "Share Location" toggle
• Not shared when you disable the toggle or leave a session
• Not sold to or shared with third parties for advertising or analytics

You may revoke location permissions at any time through your device settings.

1.6 Photos & Videos

When you post to a Roam session feed, we collect:

• Photos (compressed as JPEG)
• Videos (stored as MP4)
• Optional captions
• Your geographic location at the time of posting (if location sharing is enabled)
• Your current BAC at the time of posting (if BAC sharing is enabled)

Media posted to a Roam session is visible only to other members of that session.

1.7 Social & Interaction Data

We collect data arising from your use of social features:

• Session names and membership
• Feed post likes and comments
• Timestamps of all interactions

1.8 Device & Technical Data

We collect minimal technical information necessary to operate the App:

• Device type and operating system version (provided automatically by the platform)
• Authentication session tokens (stored securely in the iOS Keychain)

We do not use analytics SDKs, crash reporting services, or advertising frameworks. Firebase Analytics and Ads are explicitly disabled.

2. How We Use Your Information

We use the information we collect to:

• Provide the App's core functionality — creating sessions, sharing locations, logging drinks, estimating BAC, and enabling social features
• Calculate BAC estimates — using your weight, biological sex, and drink history with a conservative Widmark formula
• Enable AI drink recognition — by transmitting drink photos to Google Gemini for analysis
• Display your profile — showing your name and avatar to other session members
• Share your real-time location and BAC — with session members, only when you opt in via the sharing toggles
• Authenticate your identity — via email/password, Apple Sign-In, or Google Sign-In
• Maintain and improve the App — diagnosing technical issues and ensuring service reliability

We do not use your information for:

• Advertising or ad targeting
• Sale to third parties
• Automated decision-making or profiling beyond BAC estimation
• Building marketing profiles

3. How We Share Your Information

3.1 With Other Roam Session Members

During an active Roam session, the following may be visible to other members:

• Your display name and profile photo
• Your real-time location (if you enable "Share Location")
• Your current BAC estimate (if you enable "Share BAC")
• Your feed posts, including photos, videos, captions, and associated location/BAC data
• Your likes and comments on other members' posts

You control what you share. Location and BAC sharing can be toggled on or off at any time during a session. When disabled, your location and BAC data are not transmitted to other members.

3.2 With Third-Party Service Providers

We use the following third-party services to operate the App:

• Supabase (supabase.com) — Database, authentication, file storage, real-time communication
• Google / Firebase AI (firebase.google.com) — AI-powered drink recognition
• Google Sign-In (google.com) — Authentication
• Apple Sign-In (apple.com) — Authentication

These providers act as data processors on our behalf and process data in accordance with their respective privacy policies:

• Supabase Privacy Policy
• Google Privacy Policy
• Apple Privacy Policy

3.3 Legal Requirements

We may disclose your information if required to do so by law, or in good faith belief that such action is necessary to:

• Comply with a legal obligation, court order, or legal process
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the App
• Protect the personal safety of users of the App or the public

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via the App or email before your information becomes subject to a different privacy policy.

4. Data Storage & Security

4.1 Where Your Data is Stored

• Server-side data (profiles, drink logs, sessions, feed content, uploaded media) is stored on Supabase's infrastructure, which may be located in the United States or other regions.
• Authentication tokens are stored locally in your device's iOS Keychain (encrypted by the operating system).
• Cached photos (avatars, drink photos) are stored locally on your device in the App's sandboxed file system, protected by iOS file-level encryption.
• Sharing preferences (location and BAC toggles) are stored locally on your device.

4.2 Security Measures

We implement the following security measures:

• All data transmitted between the App and our servers is encrypted using TLS/HTTPS
• Passwords are hashed server-side by Supabase (never stored in plain text)
• Authentication uses secure JWT tokens
• Database access is protected by Row Level Security (RLS) policies
• Media URLs use time-limited signed URLs that expire after one hour
• File storage buckets have access policies restricting uploads to authenticated users

4.3 Limitations

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. The App does not use end-to-end encryption for data stored on our servers.

5. Data Retention

5.1 Active Accounts

While your account is active, we retain:

• Account and profile data — for the lifetime of your account
• Drink logs — for the lifetime of your account
• Session history — for the lifetime of your account
• Feed posts, comments, and likes — for the lifetime of your account
• Uploaded media (photos, videos) — for the lifetime of your account

5.2 Session Data

• Real-time location data in session records is cleared when you disable sharing or leave a session
• Real-time BAC data in session records is cleared when you disable sharing or leave a session
• Session records (name, membership) are retained after sessions end

5.3 Account Deletion

When you delete your account (via the App's settings), we delete:

• Your profile and personal information
• Your drink logs
• Sessions you created
• Your feed posts, comments, and likes
• Your avatar from storage
• Your authentication record

Account deletion is processed immediately. Some data may persist in backups for a limited period as part of standard infrastructure operations, but will not be actively used or accessible.

5.4 AI-Processed Images

Images sent to Google Gemini for drink recognition are processed in real time. We do not retain these images on our servers after processing. Google's retention of transmitted data is governed by Google's Privacy Policy.

6. Your Rights & Choices

6.1 Access & Control

You can:

• View and edit your profile information at any time through the App
• Toggle location sharing on or off during a session
• Toggle BAC sharing on or off during a session
• Delete individual drink logs through the App
• Delete your account and all associated data through the App's settings
• Revoke location permissions through your device's Settings app
• Revoke camera permissions through your device's Settings app

6.2 Data Portability

If you wish to receive a copy of your personal data, please contact us at the email address below. We will respond to your request within 30 days.

6.3 Rights Under GDPR (European Users)

If you are located in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Request erasure of your personal data
• Restrict processing of your personal data
• Object to processing of your personal data
• Data portability
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at the email address below.

6.4 Rights Under CCPA (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

6.5 Do Not Track

The App does not respond to Do Not Track signals because it does not track users across third-party websites or services.

7. Children's Privacy

The App is not intended for use by anyone under the legal drinking age in their jurisdiction. We do not knowingly collect personal information from minors. Users confirm they are of legal drinking age during account registration. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us at the email address below.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Supabase and Google) operate infrastructure. These countries may have data protection laws that differ from those in your jurisdiction. By using the App, you consent to the transfer of your information to these countries. Where required by applicable law, we ensure appropriate safeguards are in place for international data transfers.

9. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the App or via email for significant changes

Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

11. Disclaimer Regarding BAC Estimates

BAC estimates provided by the App are for informational and awareness purposes only. They are based on a mathematical model (the Widmark formula) with conservative assumptions and a built-in safety bias. BAC estimates are not a substitute for professional medical advice, breathalyser readings, or blood tests. Individual BAC varies based on many factors not accounted for by the model, including food intake, medication, hydration, metabolism, and individual physiology. Never use BAC estimates from this App to determine whether it is safe to drive, operate machinery, or engage in any activity requiring sobriety. Always err on the side of caution and arrange safe transportation.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us at: privacy@tryroamapp.com

We will respond to all privacy-related enquiries within 30 days.

13. Summary of Data Practices