Toach.ai Privacy Policy
Overview
Toach.ai (“Toach,” “we,” “us”) is a household coordination application that helps a family share tasks, calendars, and group decisions. This policy explains what information Toach collects, how it is used, who it is shared with, and the choices available to you.
Toach supports multiple independent households on a single server. You can create your own household, or join an existing one with an invite code shared by its administrator. You can belong to more than one household and switch between them. Each household’s data is scoped to that household: members of one household do not see another household’s tasks, decisions, fairness data, or pooled calendar events.
Information We Collect
Information you provide
- Account information. If you sign up with a username and password, both are stored; passwords are hashed with bcrypt and never stored in plain text. If you sign up with Sign in with Apple, we store the stable Apple identifier (the “sub” claim) Apple provides, and the name you authorize Apple to share on the first authorization (your iOS device caches it locally to handle subsequent sign-ins, since Apple delivers it only once).
- Household membership. Records of which households you belong to, your role in each (admin or member), and the date you joined.
- Invite codes. If you generate an invite code as an admin, the code and its expiration are stored against your household until you revoke or rotate it. If you join a household using a code, your membership is recorded as described above.
- Profile and preferences. Display name, notification channel preferences, time zone, and visible-hour settings.
- Tasks and household chores. Titles, descriptions, estimates, priorities, categories, due dates, scheduled times, completion status, and time-tracking entries.
- Decision threads. Topic titles, deadlines, messages, and participation history.
- Chat messages. Text and voice input you send to the AI assistant, and the assistant’s responses.
- Photos and uploads. Images, screenshots, or PDFs you submit for schedule extraction.
Information from connected services
When you authorize Toach to connect to a third-party service, Toach reads, and in some cases writes, data on your behalf:
- Sign in with Apple. Apple sends a signed identity token containing your stable Apple identifier (“sub”), and on the first authorization the name you choose to share. Toach uses these to create or sign in to a Toach account. Toach does not receive your Apple ID email unless you choose to share it; if shared, only the relayed address Apple provides is stored.
- Google Calendar. Calendar events, including titles, times, locations, and attendees. Write access is used only to create events you have explicitly previewed and confirmed (for example, schedule intake from photos).
- Limited Use of Google user data. Toach’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google Calendar data is used only to display and coordinate your household’s schedule and to create events you explicitly confirm; it is never sold, never used for advertising, and never transferred to third parties except as needed to provide these features.
- Microsoft Calendar. Calendar events from connected Microsoft accounts.
- Telegram. Your Telegram chat ID and message content sent to or from the Toach bot.
- Email. The email address you provide is used to deliver one-time verification and password-reset codes.
Information collected automatically
- Device location (optional, permission-gated). With your permission, the iOS app periodically reports your device’s approximate location (latitude/longitude) so Toach can estimate the drive to the airport when a flight is on your calendar and tell you when to leave. Only your most recent location is kept — no location history is stored — and it is never shared with other household members or used for advertising. If you deny or revoke location permission (iOS Settings → Toach → Location), the feature falls back to a default travel estimate and everything else works normally.
- Authentication tokens. JWT-style session tokens stored in your browser’s local storage on devices you sign in with.
- Server logs. Access logs, error logs, and scheduler activity, including timestamps and request paths. Logs may incidentally include IP addresses provided by Cloudflare.
- Usage metadata. Drag-to-schedule actions, completion times, notification deliveries, and similar interaction events used to power the Today screen, Family View, and Review.
How We Use Information
Toach uses the information above to:
- Authenticate you and maintain your session.
- Display your tasks, calendar events, and household activity.
- Suggest fair chore assignments based on calendar availability and rotation history.
- Deliver notifications on your chosen channels.
- Process AI chat, voice input, and schedule photos through the assistant.
- Sync events to and from your connected calendars.
- Estimate when to leave for the airport when a flight is on your calendar, using your most recent device location (if you allow it) and the departure airport read from the event.
- Diagnose errors and improve reliability.
Third-Party Services
Some features rely on external providers. When you use those features, the relevant data is sent to the provider and is subject to the provider’s own privacy practices.
| Provider | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude API) | AI chat, suggestions, voice transcription, photo schedule extraction | Chat messages, voice input, uploaded images, relevant task and calendar context |
| Calendar sync and OAuth | Calendar events, OAuth tokens, account email | |
| Microsoft | Calendar sync and OAuth | Calendar events, OAuth tokens, account email |
| Telegram | Two-way messaging via bot | Chat ID, message content |
| Apple (Push Notification Service) | Web push delivery to iOS devices | Device push token, notification payload |
| Apple (Sign in with Apple) | Account creation and sign-in | Apple stable identifier, optional name and relayed email |
| Google (Directions API, optional) | Traffic-aware drive-time estimate to the airport before a flight | Approximate device location (origin) and airport coordinates (destination) — no account identifiers |
| Resend | Email delivery of verification and password-reset codes | Email address, one-time code |
| Cloudflare | Tunnel and request routing | IP address, request metadata |
We do not sell personal information. We do not share personal information with advertising networks or data brokers.
Data Storage and Security
- Toach is self-hosted on hardware controlled by the administrator. Data is stored in a local SQLite database.
- Public access is provided through a Cloudflare Tunnel using HTTPS.
- Passwords are stored as bcrypt hashes. New users are required to change their password on first login.
- OAuth tokens are stored on the server and used only to make authorized requests to connected services.
- No system is perfectly secure. We make reasonable efforts to protect data but cannot guarantee absolute security.
Households and Multi-User Sharing
Toach is designed for shared household visibility. Each household is a separate scope. Data created in a household is visible to that household’s members and is not visible to members of any other household, even if you belong to more than one.
Within a household you belong to:
- Other members can see chores you mark as “household” scope, your completion counts on the fairness leaderboard, and household-scoped tasks assigned to or by you.
- Calendar events from your connected Google and Microsoft calendars are pooled into the Family View for that household’s date range, tagged with your name so others can see whose calendar an event came from.
- Decision threads you create or are added to are visible to other thread participants. Other admins of that household may also be able to administer the thread.
- The AI assistant, when you chat with it inside a household, can read household-scoped tasks, chores, fairness data, and the pooled calendar so it can answer questions like “is anyone free at 3pm.”
- Personal tasks you mark as scope “personal”, your private 1:1 AI chat history, and your account-level settings are not shared with other household members.
Joining and leaving households:
- You join a household by accepting an invite code generated by an admin of that household. Anyone with the code can join until the admin revokes or rotates it, or it expires.
- Admins can rename their household, generate or revoke invite codes, and view the member list and member roles.
- If you leave a household, you stop seeing its content and its members stop seeing future content from you, but content you previously contributed (your past messages in a decision thread, household chores you completed) remains visible to remaining members. Reuse of those records is necessary to preserve thread continuity and fairness history.
- If you are the only admin of a household and choose to leave, you must either promote another member to admin or delete the household entirely. Deleting a household removes its membership records and unscopes its tasks, decisions, and other shared content; some related rows that reference users (such as a user’s personal task history) are retained against the user, not the household.
Information is not shared with anyone outside your household except through the third-party services listed above, which are necessary to deliver the features you have enabled.
Children’s Privacy
Toach is intended to be used by family households, which may include minors added by a household admin. The admin who invites or creates an account for a minor is responsible for that account and for supervising the minor’s use of the application. Toach does not knowingly collect personal information directly from children for commercial purposes and does not show advertising.
Your Choices
- Sign-in method. You can sign up with a username and password, or with Sign in with Apple. You can later link or unlink an Apple ID from your Toach account in Settings.
- Active household. If you belong to more than one household, you can switch between them in Settings. Switching changes which household’s data the app shows and which household the AI assistant scopes its answers to.
- Leave a household. You can leave any household you belong to from Settings. If you are the only admin, the app will prompt you to promote a successor or delete the household entirely.
- Invite codes. If you administer a household, you can generate, rotate, or revoke an invite code from Settings.
- Notification channels. You can adjust which channels (Web Push, Telegram) deliver your notifications, and set quiet hours.
- Connected calendars. You can disconnect Google or Microsoft at any time. Revoking access in the provider’s account settings will also stop calendar sync.
- Location. Location reporting is entirely optional. Decline the iOS permission prompt, or turn it off later in iOS Settings → Toach → Location, and flight departure alerts simply use a default travel estimate.
- Export your data. Settings → Your data → Export downloads everything Toach stores about you as a JSON file, at any time, without contacting anyone.
- Delete your account. Settings → Your data → Delete account permanently erases your account and personal data directly in the app. Some information in shared threads or shared task history may remain visible after account deletion, with personal identifiers removed where feasible. You can also contact the operator listed below for access, correction, or deletion requests.
- Sign out. Signing out clears your session token and active-household preference from local storage on that device.
Data Retention
Toach retains your information for as long as your account is active. Server logs are retained for operational and debugging purposes and rotated periodically. Deleted tasks, chats, and decision messages may persist in backups for a limited time before being overwritten.
Changes to This Policy
We may update this policy as Toach evolves. Material changes will be communicated through the application or by direct message to active users. The “Last updated” date above will reflect the most recent revision.
Contact
Questions, requests, or concerns about this policy or your data can be sent to the household administrator or to the operator at support@transformnative.com.