Privacy Policy

Last updated: April 28, 2026

Commuticate ("the App") is owned and operated by Tech Efficient LLC ("we," "us," or "our"). This Privacy Policy explains exactly what we collect, why, and who we share it with when you use the Commuticate mobile application, the website at commuticate.app, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described below.

1. Information We Collect

1.1 Information You Provide Directly

Account information: Email address (required) and a password (stored only as a one-way bcrypt hash). Phone number is optional and only used so friends who already have your number can find you in the app.
Profile information: Display name, optional bio, and optional profile photo.
Availability & schedule information: The broadcasts you start ("I'm free to talk"), their duration and notes, and any recurring commute schedules you set up.
Call records: When you tap "Call" on a friend in the App, we log that a call was attempted (who, when, and the outcome if you tell us) so we can show you your call history and stats.
Contact matching (optional): If you tap "Find friends from contacts" in the Friends screen and grant the OS permission, the App sends the names, phone numbers, and email addresses from your device contacts to our server only to check which of those people already have a Commuticate account. The list is processed in memory to return matches and is not stored in our database. If you do not tap that button or you deny the permission, no contact data ever leaves your device. You can revoke contacts permission at any time in your device's Settings.
Motion / driving detection (optional): If you enable driving detection, the App uses your device's motion-activity sensors to detect when you've started driving so it can offer to broadcast your availability. This is processed on your device; we do not collect a continuous motion history. You can disable it any time in the App or revoke the permission in your device's Settings.
Support communications: Any message or feedback you send us.

1.2 Information from Third-Party Sign-In

If you sign in with Apple or Google, we receive your name, email address, and a unique identifier from that provider. We never receive or store your password for those services.

1.3 Information Collected Automatically

Device info for push notifications: When you opt in to notifications, we store the push token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver availability alerts, call alerts, and schedule reminders. The token is rotated by the operating system and is not used for advertising.
Crash & error logs (Sentry): If the app crashes or throws an unhandled error, we send a stack trace, the app version, the OS version, the device model, and a randomly generated installation ID to Sentry so we can fix bugs. We do not include your name, email, or personal content in crash reports.
Product analytics (PostHog): We record which screens you visit and which actions you take (e.g., "went available", "tapped call") so we can understand which features are useful and which are confusing. Events are tied to a randomly generated installation ID, not to your email or phone. PostHog stores data in the US. See PostHog's privacy policy. We may also capture anonymized session recordings of your interactions with the App and website to diagnose product quality issues; text inputs are masked so what you type into form fields is not recorded.
Server log data: Standard web-server logs — IP address, user-agent, request path, and timestamp — are kept for up to 30 days for security and abuse detection.

1.4 Information We Do Not Collect

We do not use your device's advertising ID. Commuticate has no ads.
We do not store your device's address book in our database. If you choose to use contact matching, the contact list you send is processed in memory to find existing Commuticate users and then discarded.
We do not collect or store your GPS location, and we do not track your location in the background. Driving detection, if you enable it, uses on-device motion sensors and does not send a location to us.
We do not sell your personal information to anyone.
We do not use your data to train AI models.

1.5 Who Can See That You're Available

When you go available, you choose the audience for that broadcast:

All friends: Every accepted friend can see you're free to talk.
Selected groups: Only members of the friend groups you pick can see it.

An availability broadcast is only ever visible to accepted friends in the audience you chose — never to strangers or the public. When the window ends, the broadcast is no longer shown as active. You can end a broadcast early at any time.

2. How We Use Your Information

We use the information above only to:

Create and authenticate your account.
Show you which friends are available to talk, and let your chosen audience see when you are.
Deliver availability alerts, call alerts, schedule reminders, and other transactional notifications by push, email, or in-app message.
Help you find friends who are already on Commuticate (by matching on email or, if you've provided one, phone number).
Diagnose crashes and improve the product (Sentry, PostHog).
Detect and prevent abuse, spam, fraud, or security threats.
Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We share it only in these specific cases:

With other Commuticate users: Your display name, photo, and bio are visible to your friends. When you go available, the friends in your chosen audience can see that broadcast and call you.
With service providers we rely on to operate the App (each acts as a data processor on our behalf):
- GoDaddy — application and database hosting (United States).
- Apple Push Notification service / Firebase Cloud Messaging (Google) — delivery of push notifications.
- Sentry — crash and error reporting.
- PostHog — product analytics.
- Cloudflare Turnstile — bot protection on signup forms.
- SMTP provider on our hosting account — outbound transactional email.
Legal requirements: We may disclose information if we are legally required to (subpoena, court order, lawful government request).
Safety: We may disclose information when we believe it is necessary to protect the safety, rights, or property of our users or the public.
Business transfers: If Tech Efficient LLC is acquired or merged, your information may be transferred as part of that transaction. We would notify you and update this policy before any change of control.

4. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days. Crash logs and analytics events are retained for up to 12 months. Server logs are retained for up to 30 days. We may retain limited records longer where required for legal, tax, or fraud-prevention purposes.

5. Data Security

We protect your information using industry-standard practices: passwords stored as bcrypt hashes (never plain text), short-lived JWT access tokens with rotating refresh tokens, HTTPS/TLS for all transport, and access controls on the server side. No system is 100% secure, and we cannot guarantee absolute security, but we work to minimize risk.

6. Your Rights and Choices

You may at any time:

Access and update your profile from Profile → Edit in the App.
Delete your account from Profile → Settings → Delete Account in the App. This is self-service and removes your account and personal data within 30 days. You can also request deletion by emailing support@techefficientllc.com.
Opt out of push notifications from your device settings, and of email reminders from links in any reminder email.
Request a copy of the personal data we hold about you by emailing the address above.

If you are a resident of California, the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws (including the CCPA and GDPR), you may have additional rights — including rights of access, correction, deletion, portability, and to lodge a complaint with your local supervisory authority. We honor those rights without charge. Contact us to exercise them.

7. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it. If you believe a child under 13 has used the Service, contact us at the email below.

8. International Users

Commuticate is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.

9. Third-Party Links and Services

The Service may contain links to third-party websites or services, and tapping "Call" hands off to your device's native phone app. We are not responsible for the privacy practices of those third parties. Review their policies before providing information to them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date and, for material changes, give you reasonable notice in the App or by email before they take effect. Your continued use of the Service after the effective date means you accept the updated policy.

11. Contact Us

For any question about this Privacy Policy or our data practices:

Tech Efficient LLC
Email: support@techefficientllc.com