Touchstone Privacy Policy

Our mission is to help people see relationship dynamics and patterns (both good & bad) that have been “invisibly familiar” prior to using our app or developing an active introspection practice.  With decades of experience in relationship psychology, we are certain that becoming conscious of romantic and physical dynamics is vital to happiness and good mental health.

Touchstone is a relationship-confidence app designed and built by Pathoz LLC in Austin TX.  Touchstone allows you to record some of your most personal feelings, thoughts and experiences.  We view it, in part, as a very private diary about your personal relationship path.  

This document explains how we collect, store and protect your romantic relationship information, and what rare scenarios allow information entered by you, to be seen (you still remain anonymous) by other Touchstone users.

The short answer is nothing personally identifiable can be seen by other users without you taking intentional & proactive steps to share it.  Since Touchstone is not a dating or content sharing site, your user-account has no public profile or related information that is generally visible to other users.

When you sign-up for Touchstone, we will request the minimum info required for the application features to actually work.  This includes requesting information needed to group your opinion-answers anonymously in broad statistical buckets (e.g. all women between 20 & 30 years old).

Touchstone is a global app, and your information will be sent to servers in the United States regardless of the country you reside in.  All data we transfer over the internet is encrypted so there is almost zero chance of anyone being able to see or use it.

If you have questions or comments about Touchstone privacy, please feel free to reach out to privacy@pathoz.com.

1. COLLECTION OF INFORMATION.

Registration Information

When you install Touchstone and create an account (“Account”), we collect certain information (“Registration Information”) about you, such as:

• A working Email address;
• Gender identity;
• City of Residence;
• Password (optional);
• Date of birth (optional);
• Images (optional);

If you choose to login with a social identity provider (IDP;  e.g. Apple, Facebook or Google), you won’t need to create a password.  You will use your existing password at that site, and they will then inform Touchstone that you have authenticated (proven your identity).

If you choose to login with an email address, you will be required to create a password at the time of registration. 

After registration, you will be able to review and change most of your information at any time by accessing the “Account Settings” page.

Additional Information

Each time you log your feelings, values, viewpoints or partner’s behavior, that information will be stored in our servers.  But other than contributing (anonymously) to our crowdsourced statistics service, none of that data will be used by anyone but you.  It’s also there as a backup in case you lose your device.  You still won’t lose your diary of relationship feelings and experiences.

By using Touchstone, you are explicitly consenting to our processing of your information in support of the application features, as well as for crowdsourced statistics.

If you contact our Customer Support team, we will receive your email address, and may record your IP address as well as the information you send to us to help resolve your query. We will keep records of our communications with you and use the data 

If you decide to purchase any of our premium services, Apple/Google will process your payment information and retain the relevant data securely for the prevention of fraud and for audit/tax purposes.

If you use the free version of Touchstone, you will see ads served by our ad-network partner.  They do use (anonymous) information such as your gender, age and location to target advertising based on your location or demographics.  You can stop targeted advertising by upgrading to one of the paid application tiers. 

Through your device’s security settings you also have the option to prevent or limit device identifiers being shared with third party advertisers and what use is made of the device identifiers. If you would like more information about this practice and to know your choices about not having this information used by these companies, please consult your device security instructions.

For users who are California residents, the data we may collect falls within the following categories of “personal information,” as defined by the California Consumer Privacy Act (CCPA):

1. Identifiers, such as email and location;
2. Characteristics of protected classifications under California or federal law (if you choose to provide them), such as age, gender identity;
3. Commercial information, such as transaction information and purchase history;
4. Internet or network activity information, such as browsing history and interactions with our websites and apps;
5. Geolocation data, such as mobile device location;
6. Visual information, such as the (optional) photo of who you date;

Data Storage

By using the App, you acknowledge that Touchstone is a global app operating through servers located in a number of countries around the world, including the United States. If you live in a country with data protection laws, the storage of your personal data may not provide you with the same protections as you enjoy in your country of residence.

Geolocation Information

If you turn these features on, when you use your mobile, we will collect information about WiFi access points as well as other location information about your longitude and latitude and may save your device’s coordinates to offer certain features to you. 

If you have enabled location services, but wish to turn them off, you can do so by the following methods:

1. iPhone app — settings, privacy, location services, Touchstone
2. Android — settings, location, Touchstone, permissions, location

Log and Usage Data

We keep your personal information only as long as we need it for legitimate business purposes (as set out in Section 11 below) and as permitted by applicable law.

Device Information

We may collect information about your device when you use the App including the unique device identifier, device model, operating system, and MAC address. In addition, if you permit us to do so, the App may access your device’s address book solely to give you quick access to a phone number for one of your existing contacts. The only information stored from your address book is the information selected by you to update Touchstone with who you are currently dating.

Links

We may share aggregate click statistics such as how many times a particular link was clicked on or screen/view was visited.

Cookies

This section applies exclusively to our corporate website, and not the Touchstone app.  Cookies are small data files that are transferred to your computer’s hard disk and are basically a tool that stores information about website visits, recognizes you and your preferences each time you visit, and ensures site functionality and enables us to provide the services our users desire.

The cookies we collect enable us to learn how people interact with Pathoz websites, which in turn helps us make a better product for you! Cookies store information about your visits and can recognize you and your preferences each time you return to the website. They help us to provide a better service to you! Our use of cookies and local storage devices is basically related to the performance of our site, such as analytics that help us determine how our site is performing and ensuring a smooth and trouble-free experience for our members and visitors.

Below is a table to explain our cookie functions and why they’re used.

You may set your browser and mobile settings to block cookies and local storage devices, but please remember that if you do so, you may not be able to access all of our website features!

We use the following types of cookies:

Cookie Functions	Cookie Purposes
Analytics and research	We use Google Analytics to collect information about how visitors use the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come from and the pages they visited. For more information about Google’s Privacy Policy, please visit https://www.google.com/intl/en/policies/.
Performance	We need to use certain cookies and save data to your local storage devices to ensure our members have the best possible experience. They assist with your navigation of our site, ensuring pages load quickly and respond promptly to your requests!

Our use of cookies and local storage devices, including the specific cookie names, may change over time, but will generally fall into the above categories. We will notify you here of any important changes to our use of cookies and local storage devices. Please visit this page regularly so that you are aware of any changes.

2. USE OF INFORMATION.

Our main goal is to help you keep good people in your life, and distance from those bringing you negativity or drama.  We may use your Registration and other information to:

• send you data on other services and features;
• contact you with information about the App (e.g., updates and new offerings);
• personalize the App and the content we deliver to you;
• conduct research and analytics about how you use and interact with the App;
• investigate fraud, protect our legal rights, and to enforce our Terms & Conditions.

3. DISCLOSURE OF INFORMATION.

Our policy is to not disclose your Registration Information, except in the limited circumstances described here:

Circumstances where data may be disclosed	Disclosed data
Your Consent – If you consent, we may share or disclose your Registration Information, such as when you use a third party web client or application to access your Account.	This could include all data, including all CCPA Categories listed above
Service Providers – We engage certain trusted third parties to perform functions and provide services to us. We may share your Registration Information with these third parties, but only for the purposes of performing these functions and providing such services e.g. information technology companies (hardware and software) which provide services to support our products	This could include all data, including all CCPA Categories listed above
Law and Harm – As we mentioned in the Terms & Conditions, we think it is very important that all users respect the rules whilst using the App. We will cooperate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement enquiries from within or outside your country of residence where we are required to by law or to protect the vital interests of a person. This may include preserving or disclosing any of your information, including your Registration Information, if we believe in good faith that it is necessary to comply with a law or regulation, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to protect the safety of any person; to address fraud, security or technical issues e.g. through anti-spam providers to protect the service from criminal activity or to protect our rights or property or those of third parties. In such cases we may raise or waive any legal objection or right available to us.	This could include any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with, including all CCPA Categories listed above
Business Transfers – In the event that Pathoz or any of our affiliates undergoes a business transition or change of ownership, such as a merger, acquisition by another company, re-organization, or sale of all or a portion of its assets, or in the event of insolvency or administration, we may be required to disclose your personal data.	This could include all personal data that we hold about you, including all CCPA Categories listed above
Advertising Partners – To serve targeted advertisements to users.	Device ID, geolocation data, demographic data (CCPA Categories C, F, and G)

Aggregated Information – We may share aggregated information with third parties that includes your personal data (but which doesn’t identify you directly) together with other information including log data for industry analysis and demographic profiling. You may opt-out of receiving marketing messages by using the opt-out mechanisms and links provided in each email.

We ensure these parties must adhere to strict data protection and confidentiality provisions that are consistent with this Policy. Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible. Pathoz does not sell your data and has never sold the personal data of our users.

4. OTHER USERS SEE ALMOST NOTHING ABOUT YOU.

As mentioned above, Touchstone is not a dating site and there is no public profile. With very few rare exceptions, other users cannot see ANY of your app related data.  And even in the very rare exception condition below called “Overlap Incident”, they will ONLY have access to anonymous dates.  They never receive anything specific regarding your name or identity.  They will only know that some other Touchstone user has added data of potential personal interest to them.

The only exceptions to the “nothing seen” rule are as follows:

• You have intentionally used screenshots or one of our “share” features to send content out of the app, to friends or to a social site.
• You have indicated that you are in a relationship with a person who has  ALSO been claimed to be in a relationship with another Touchstone user.  This is called an “overlap incident” and only happens if at least ONE of you have indicated that the relationship is/was exclusive/monogamous for the time period in question.  That other user will ONLY see that some other Touchstone user (ie. an anonymous reference to you) was dating their prospect/partner during an overlapping time window.  They will not see your name, location, photo or any other personal details about you.  Nothing that could be used to identify you except that you also dated ( or are dating) that same person.
• You have used our “anonymous chat” feature to communicate with the other user (also anonymous), on the other side of an overlap incident.  Of course any information you disclose in this chat will be known to the person you are chatting with.

Keep in mind that any internet users with access to your partners social friend-list (e.g. Facebook), and time on their hands, could possibly go to Facebook, study that friend-list and guess who you might be.  This is no different than the self-disclosure we each commit each time we post photo’s or relationship info to our Facebook/social account.  People can certainly see who their friends are hanging out with.

5. SECURING YOUR MOBILE DEVICE.

If you log in to Touchstone through your Facebook or Google identity, remember to log off of those services, to prevent other users from accessing your account, if case you accidentally leave your mobile device accessible to other people.  If you register using your Facebook account, you are authorizing us to access certain limited Facebook account information.  If you log-in with Apple, you do not need to sign-off iCloud because Apple will re-verify your identity each time you enter the app.

6. MODIFYING YOUR ACCOUNT INFORMATION.

You may access or modify your account Information at any time.  Because we crowdsource our statistics about relationship risks, patterns and behaviors, your votes will remain (albeit anonymously) in those aggregate stats even after you stop using the app.

7. OUR POLICY TOWARDS AGE.

Our mission is to help people see relationship dynamics and patterns (both good & bad) that have been “invisibly familiar” (sometimes called syntonic in psychology) prior to using our app or developing an active introspection practice.  With decades of experience in relationship psychology, we are certain that becoming conscious of romantic and physical dynamics is vital to happiness and good mental health.  As such, we’d like as many people as possible to have access to these tools.  But for legal and policy reasons with some of our business partners, you must be at least 15 years old to use Touchstone.

We do not knowingly collect information about, or market to anyone under the age of 15.  If you are less than 15 years old, we request that you do not register or submit information to us. If we become aware that anyone under the age of 15 has registered with us, we will take steps to terminate that person’s account. If we do deactivate a profile due to violation of our age limit rules, we may retain your email and IP address to ensure that you do not try to get around the rules by creating a new profile.

8. CHANGES TO THIS POLICY.

As we evolve, we may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at pathoz.com/touchstone/privacy.  By continuing to access or use the App, you agree to be bound by our active Privacy Policy.

9. SECURITY.

Touchstone allows you to record some of your most personal feelings, thoughts and experiences.  We view it as a very private diary of your relationship path.  As such, we take commercially reasonable security measures on our end to protect your information against loss, misuse and unauthorized access, or disclosure.  Measures to safeguard the confidentiality of your personal information include things like encryption, hashing, and secured servers in well-respected, hardened data centers.

Unfortunately no Internet transmission is ever completely 100% secure.  Even though it is highly unlikely, we cannot guarantee that unauthorized access, hacking, data loss or other breaches will never occur.  Here are some handy tips to help keep your data secure:

1. Please make sure you log out of your Account (and/or related social IDP) after use as you never know who may get access to your device
2. Please don’t share your social media password(s) with anyone else!
3. Change your social media password(s) periodically.

If you used a social IDP (Facebook or Google) to sign-up with Touchstone, and you ever think someone has had access to your social media password, please report it to the relevant social media platform and change your password immediately. We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk.

WE EXPRESSLY DISCLAIM ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ANY BREACHES OF SECURITY, DAMAGE TO YOUR DEVICE, OR ANY LOSS OR UNAUTHORIZED USE OF YOUR REGISTRATION INFORMATION OR OTHER DATA.

10. THIRD PARTY ACCOUNTS.

If you have registered with Touchstone using a third party social media platform, such as Facebook or Google, they will know you are using this app and so we recommend that you read their privacy policies as we cannot control how they use or disclose this information.

We use only the APIs, OAuth Tokens, Widgets, or other means provided by the applicable Social IDP to integrate your Social Media Account with our App.  As such, we only receive the limited information that each Social Media Account permits to be transferred.

11. YOUR CALIFORNIA PRIVACY RIGHTS.

For users who are California residents, you have the following rights (in addition to those listed at section 11 below) under the California Consumer Privacy Act, and you have the right to be free from unlawful discrimination for exercising your rights under the Act:

1. You have the right to request that we disclose certain information to you and explain how we have collected, used and shared your personal information over the past 12 months.
2. You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions.

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. If you wish to find out about any rights you may have under California Civil Code section 1798.83, you can write to us at support@pathoz.com.

In addition, under California law, operators of online services are required to disclose how they respond to “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. At this time, we do not track our Users’ personal information over time and across third-party online services. This law also requires operators of online services to disclose whether third parties may collect personal information about their users’ online activities over time and across different online services when the users use the operator’s service. We do not knowingly permit third parties to collect personal information about our User’s online activities over time and across different online services when using the App.

12. YOUR UK AND EU RIGHTS.

Under UK and EU law, UK and EU users have the right to lodge a complaint with data protection regulators, and the Information Commissioners’ Office (ICO) is the UK’s lead regulator. You can find out how to raise a concern with the ICO by visiting their website at www.ico.org.uk. If you’re within the EU, you may also get in touch with your local Data Protection Regulator who may liaise with the ICO on your behalf.

You have a number of rights under European Data Protection law if you are an EU citizen.

1. Right to be informed: what personal data an organization is processing and why (this notice).
2. Right of access: you can request a copy of your data.
3. Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
4. Right to erasure: you have the right to have your data deleted in certain circumstances.
5. Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
6. Right to data portability: you can request a copy of your data in a machine-readable form that can be transferred to another provider.
7. Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.
8. Rights related to automated decision making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.

Touchstone has designated a Data Protection Officer and they can be reached by emailing dpo@pathoz.com or by US Mail at the following address:

Pathoz LLC  3300 Laguna Dr. Austin TX  78741.

If you want to exercise any of your rights listed above please email us at dpo@pathoz.com. You can also contact us by post at the address above.

How does Touchstone protect my personal data?

Touchstone has implemented appropriate security measures to protect and prevent the loss, misuse, and alteration of the information under our control, including your personal data. Our technical experts and partners work hard to ensure your secure use of our app.

While we take reasonable precautions against possible security breaches of our servers, member database and records, no app or Internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your personal data safe (including your password) and to log out of your account after use. If you lose your password or give it out, or another service provider that you use suffers a data breach and you have used the same credentials with that service provider as you have with us, your personal data may be compromised. If that happens, please report it to us via the “Feedback & Support” screen in the app.

Where is my personal data kept?

We want you to be able to access our service wherever you happen to be in the world. To enable us to provide that service, we utilize a cloud provider with servers all over the world.  For most of our users, their data resides on servers in the United States.

Does Touchstone collect any other personal data about me?

If you contact our Customer Support team via our Support screen, we will receive your email address, and may retain your IP address, as well as the information you send to us to help resolve your query. We will keep records of our communications with you for at least 6 years.

Does Touchstone use my personal data for any other purpose?

The “Values” section of the app is analogous to a survey of your opinion on risky behaviors.  Your answers here are used both to calculate confidence in your relationship partners, as well as to inform the aggregate statistics of people in your age demographic.  After these “votes” are rolled into the aggregate statistics system, with no identifying information attached, they are no longer “personal”. They are simply numbers in a bucket that describe how people like you feel about these acts in the context of a romantic connection. 

We do use your personal data to resolve disputes, troubleshoot problems and enforce our TOS.

Under EU and UK data protection laws, we are only permitted to use your data when we have a lawful basis to do so. The table below provides an overview of the legal bases that we rely on to use your data. Where the legal basis is consent, you can withdraw consent at any time. Where the legal basis is legitimate interests, you have a right to object to our use of your data. We explain in the relevant sections in this Policy how you can withdraw consent or opt-out of certain data uses (where applicable).

Purpose for which data is used	Data	Source	Legal basis
To provide you with the core service	Email address, date of birth, residence location (CCPA Categories A and B)	You provide your email address, city of residence and date of birth (optional) to us. We may also obtain location data from the device that you use to access the service	Contractual necessity
To verify your identity and prevent fraud and to ensure the safety and security of Users	Phone number (CCPA Category B)	You provide this information to us	Legitimate interests – it is in our legitimate interests to ensure that accounts are not set up fraudulently and to safeguard Users of the site
To take payment for premium services	Payment card details (CCPA Categories B and D)	You provide this information to us	Contractual necessity and legitimate interests – we have a legitimate interest in receiving payment for our premium services
To send you marketing information about our offers and services	Email address and mobile phone number (CCPA Category B)	You provide this information to us	Legitimate interests – it is in our legitimate interests to promote our products and services
To carry out research and analysis to help us improve the App	Log and usage data, including IP address, browser type, referring domain, pages accessed, mobile carrier and search terms (CCPA Category F)	We obtain this information from the device that you use to access the service	Legitimate interests – it is in our interests to analyze the way in which Users are accessing and using our services so that we can further develop the App and improve the service
To respond to correspondence and queries that you submit to us	Email address and IP address (CCPA Categories B and F)	You provide your email address to us when you contact us and we obtain your IP address from the device that you use to contact us	Legitimate interests – it is in our legitimate interests to respond to your queries to ensure that we provide a good service to Users and troubleshoot problems
To block accounts as part of our anti-spam procedures	Email address, phone number, IP address and IP session information, social network ID, username, user agent string (CCPA Categories B and F)	You provide your email address, phone number and username to us. We obtain the other information from the device that you use to access the service	Legitimate interests – it is in our legitimate interests to prevent unauthorized behavior and to maintain the safety and security of our services
To enable users to create their user account and log into the app via a Social IDP (Facebook, Google or Apple)	Data from Facebook, including email address, name and profile picture, date of birth, friends who use the app, pages liked, location and photos (CCPA Categories A, B, C, and H)	We obtain this information from Facebook	Legitimate interests – it is in our legitimate interests to facilitate access to our services
To serve promo cards and advertisements on the App	Demographic, location data, email address (CCPA Categories A, B, C and G)	We obtain demographic data from you, and location data from the device that you use to access the service. You provide your email address to us	Legitimate interests – it is in our legitimate interests to target advertisements so that users see relevant advertisements and to allow us to generate income from advertising revenue
To serve advertisements on third party networks	Device identifiers (IDFA and GAID) (CCPA Category F)	We obtain this information from the device that you use to access the service	Legitimate interests – it is in our legitimate interests to serve advertisements and to promote our products
To contact you in order to run surveys for research purposes and to obtain feedback, and to find out if you want to take part in marketing campaigns	Email address and mobile phone number (CCPA Category B)	You provide this information to us	Legitimate interests – it is in our legitimate interests to carry out research so that we can further develop the app and improve the service
To enable chat functions, and the storing of images	Video and audio call usage data, images and video (CCPA Categories F and H)	We obtain this information from the device that you use to access the service	Legitimate interests – it is in our legitimate interests to provide these functionalities as part of the services

13. ABOUT US.

Your access to Touchstone, as well as this Privacy Policy are governed and interpreted by the laws of the State of Texas, other than such laws, rules, regulations and case law that would result in the application of the laws of a jurisdiction other than the State of Texas. By using Touchstone, you are consenting to the exclusive jurisdiction of the courts of the United States and the State of Texas. You agree that such courts shall have in personam jurisdiction and venue and waive any objection based on inconvenient forum. You agree that you will not file or participate in a class action against us. In the event there is a discrepancy between this English language version and any translated copies of the Policy, the English version shall prevail.

Effective date

This Privacy Policy was last updated on May 15th, 2020.