Effective Date: May 11, 2026 | Last Updated: May 11, 2026
Overview
Attending Compass ("Service") is committed to transparency regarding data collection and use.
This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.
By using this Service, you consent to the practices described herein.
1. Data We Collect
1.1 Account & Authentication Data
If you sign in via OAuth (Google, Microsoft), we receive:
Email address and account ID from the identity provider;
Display name and profile picture (if provided by the provider);
OAuth session and refresh tokens (stored securely for account management).
Authentication is managed by Supabase and is subject to their privacy practices and data handling policies.
1.2 Profile & App Content Data
The Service stores and may sync to our cloud infrastructure:
Home address and geographic coordinates;
Life-anchor location (reference point for relocation assessment);
Quiz responses and slider preference weights;
Interview notes, employer edits, and custom annotations;
Employer comparison data and scoring calculations;
Saved preferences, settings, and usage history.
This data is stored in your browser (localStorage/sessionStorage) and may be synced to cloud storage (Supabase) if you sign in.
1.3 Location & Routing Data
To calculate commute times, transit routes, and mapping features, we send location queries to third-party providers:
If you purchase ad-free access or other premium features, payment is processed by Stripe.
We do NOT store your full payment card data. Stripe securely processes and retains payment information per their policies.
We receive:
Billing email and account ID;
Purchase date, amount, and subscription status;
Transaction and subscription metadata for billing purposes.
Review Stripe's privacy policy for details on their data handling: stripe.com/privacy
1.6 Server & Technical Logs
Our servers automatically log:
IP address, HTTP request type, and URL;
Timestamp and response status;
Approximate geographic location (from IP lookup);
User agent (browser, device, operating system);
Referrer URL and any errors or exceptions.
These logs are retained for security, troubleshooting, and abuse prevention purposes.
1.7 Optional Credentials
Some features may allow you to optionally provide credentials (e.g., GitHub tokens for sync).
Such credentials are stored only in your browser and are never transmitted to our servers unless explicitly required by that feature's operation.
2. How We Use Your Data
We use collected data for:
Service Delivery: Authentication, cloud sync, profile storage, and feature operation;
Calculations & Recommendations: Commute analysis, ranking algorithms, and decision-support features;
Billing & Entitlements: Processing payments and providing ad-free access;
Service Improvement: Analyzing performance, identifying bugs, and optimizing the Service;
Legal Compliance: Responding to lawful requests, enforcing Terms of Service, and protecting rights and safety;
Communication: Sending service notifications, updates, and responding to inquiries.
3. Data Sharing & Third-Party Services
3.1 Service Providers
We share data with third-party processors only as necessary to operate the Service:
Supabase: Cloud authentication, session management, and data storage;
OAuth Providers (Google, Microsoft): Account authentication and credential validation;
Mapping/Routing Providers: Nominatim, OSRM, HERE, OpenStreetMap for location and routing data;
Stripe: Payment processing and billing;
Google AdSense: Ad serving and ad-targeting (free tier);
Web Hosting & CDN: GitHub Pages and related infrastructure providers.
These providers are contractually required to use your data solely to provide the requested service and to maintain confidentiality.
3.2 Legal Obligations & Safety
We may disclose personal data if required by law, court order, government request, or when necessary to:
Comply with applicable laws, regulations, or legal obligations;
Enforce these Terms of Service and other agreements;
Protect against fraud, security breaches, or threats;
Protect the safety, rights, and property of users and the public;
Respond to valid legal processes (subpoena, warrant, court order).
3.3 Business Transfers
If the Service is sold, merged, or transferred, your data may be transferred as part of that transaction.
We will provide notice of such transfer and give you the opportunity to opt out before your data is transferred to a new entity.
3.4 No Sale of Personal Data
We do not sell your personal data to third parties.
We do not share your data for marketing, profiling, or commercial purposes unrelated to the Service.
4. Data Storage, Retention & Deletion
4.1 Browser Storage
The Service stores significant data locally in your browser (localStorage, sessionStorage) for offline functionality and performance.
This data remains on your device and is not sent to our servers unless you explicitly sign in and enable cloud sync.
4.2 Cloud Storage
If signed in, your profile data is stored in Supabase cloud infrastructure.
Supabase implements encryption at rest and in transit, role-based access controls, and data redundancy.
Review Supabase's security practices: supabase.com/security
4.3 Data Retention
We retain personal data as long as needed to provide the Service or as required by law.
Specifically:
Account data: Retained while your account is active and for 90 days after deletion for legal compliance;
App content: Retained while your account is active; deleted upon account deletion or your request;
Server logs: Retained for 30 days for security and troubleshooting;
Billing data: Retained for 7 years per tax and accounting regulations.
4.4 Data Deletion
You can:
Clear browser data: Delete local storage data from your device settings or browser tools;
Request data export: Contact us to receive a copy of your cloud-stored data in a portable format.
Data deletion requests are processed within 30 days unless legal obligations require retention.
5. Data Security
We implement industry-standard technical and organizational safeguards to protect your data:
Encryption in transit: All data transmitted to and from our servers uses TLS/HTTPS encryption;
Encryption at rest: Sensitive data in cloud storage is encrypted using AES-256 or equivalent;
Access controls: Role-based access restrictions limit employee access to production data;
Authentication: OAuth and secure session tokens protect account access;
Monitoring: Security logs and intrusion detection systems monitor for unauthorized access attempts.
⚠️ No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
You use the Service at your own risk. If you discover a security vulnerability, please report it to help@attendingcompass.com.
6. Your Privacy Rights
6.1 Access & Portability
You have the right to request a copy of personal data we hold about you in a portable, machine-readable format (CSV, JSON, etc.).
6.2 Correction & Updates
You can update or correct your personal data by logging in and editing your account settings.
For assistance, contact help@attendingcompass.com.
6.3 Deletion (Right to Be Forgotten)
You have the right to request deletion of your account and associated data, subject to legal retention obligations.
To request deletion, contact help@attendingcompass.com and provide your account information.
6.4 Opt-Out of Targeted Advertising
To opt out of personalized ads from Google AdSense:
Install browser privacy extensions (e.g., EFF Privacy Badger) to limit ad tracking.
6.5 Regional Privacy Laws
California (CCPA/CPRA): California residents have rights to access, delete, and opt-out of sale of personal data. Contact help@attendingcompass.com to exercise these rights.
European Union (GDPR): EU residents have the right to access, rectify, erase, restrict, and port personal data. Contact help@attendingcompass.com to submit a GDPR request.
7. Children's Privacy
The Service is not directed to individuals under 18 years of age.
We do not knowingly collect personal data from children under 18.
If we learn that we have collected data from a child under 18, we will delete it promptly.
If you have concerns about a child's data, contact help@attendingcompass.com.
8. Third-Party Links & Services
The Service may link to third-party websites and services (employer websites, mapping services, etc.).
We are not responsible for their privacy practices.
Review each third party's privacy policy before providing your information.
9. International Data Transfers
Your data may be stored in and transferred to the United States and other countries.
These countries may have different data protection laws than your home country.
By using the Service, you consent to such transfers.
We rely on appropriate legal mechanisms (Standard Contractual Clauses, adequacy decisions, etc.) to ensure adequate protection.
⚠️ 10. DISCLAIMER: LIMITATION OF LIABILITY
The Service is provided "as is" without warranty regarding data security or privacy.
We cannot guarantee that data breaches, unauthorized access, or data loss will not occur.
Despite reasonable security measures, no system is 100% secure.
We are not liable for any unauthorized access, data breaches, loss of data, or damages arising from security incidents,
except where prohibited by law or where you can demonstrate we failed to implement reasonable security measures.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of material changes by:
Updating the "Effective Date" and "Last Updated" at the top of this page;
Sending an email notification to your registered account email (for material privacy changes);
Requiring explicit consent to new privacy terms if legally required.
Continued use of the Service after updates constitutes your acceptance of the revised policy.