← Back to ROAM

Privacy Policy

Last updated: April 22, 2026

ROAM ("we," "us," or "our") is operated by Olang Global LLC and powers the ROAM mobile application. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights over it.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, profile photo, and travel preferences.

Profile Information: Travel style, home city, destinations visited, bio, social links, and other optional details you choose to share.

Location Data: With your permission, we collect your general location to show nearby travelers and events. Your precise GPS location is never stored or shared with other users.

Usage & Analytics Data: We collect information about how you interact with the app — screens visited, features used, session length — to improve the experience and fix issues.

Payment Data: Payments are processed securely by Stripe and subscriptions by RevenueCat. We do not store your full credit card number or bank account details.

Photos & Media: Photos you upload (profile, trips, posts, passport stamps) are stored securely in Firebase Storage.

Communications: Messages you send through the in-app messaging feature are stored to deliver them to recipients. We may review messages to investigate safety reports.

Trip Survey Responses & Ratings: When you complete an optional post-trip survey, we collect your numeric ratings (1–5 scale) on safety dimensions, optional written comments, and contextual metadata about your trip (such as time of day of primary activity, whether you traveled solo or in a group, and season). Each response is linked to the corresponding Trip and Destination, and to your account for the purpose of preventing duplicate submissions.

Nova AI Interactions: Prompts you submit to Nova and the responses generated are processed to deliver the feature. We may use aggregated, de-identified query data to improve Nova over time.

Device & Push Notification Tokens: We collect your device push token (via Expo) to send you booking confirmations, connection requests, and other notifications you have opted into.

2. How We Use Your Information

• To create and maintain your ROAM account
• To match you with compatible travel companions (Travel Buddy), including by comparing your safety-rating history with other users' to identify travelers with similar perceptions
• To process event ticket purchases and experience bookings
• To power Nova AI travel recommendations
• To enable the ROAM Passport, Cultural Calendar, and community features
• To compute and display Community Safety Ratings for destinations and neighborhoods, including smoothed scores, ranges, segmented breakdowns, trend indicators, and excerpted quotations
• To send relevant push notifications (booking confirmations, messages, trip updates, post-trip survey prompts)
• To improve, personalize, and secure the Service
• To detect and prevent fraud, spam, abuse, and rating manipulation (including coordinated brigading)
• To comply with legal obligations

3. Information Sharing

We do not sell your personal data. We share information only in these limited circumstances:

• Other Users: Your public profile (name, photo, travel style, visited countries, bio) is visible to other ROAM users, subject to your privacy settings.
• Aggregated Safety Data: Your numeric trip-survey ratings contribute to anonymized, aggregate Community Safety Ratings visible to other ROAM users. Aggregates do not identify you individually. Written comments may be displayed publicly with your username (unless you mark them private when submitting, or opt out in Privacy Settings). You may opt out of contributing your numeric ratings to aggregates at any time in Privacy Settings; ratings already incorporated into aggregates remain in anonymized form.
• Event Hosts: When you purchase a ticket or book an experience, the host receives your name and booking details necessary to fulfill the booking.
• Service Providers: We use Firebase (Google) for authentication and data storage, Stripe for payments, RevenueCat for subscriptions, and Expo for push notifications. These providers process data on our behalf under data processing agreements.
• AI Processing: Nova AI queries may be processed by third-party large language model providers. Queries are not linked to your identity when processed.
• Legal Requirements: We may disclose information if required by law, court order, or to protect the rights, property, or safety of ROAM, our users, or the public.
• Business Transfers: If ROAM is acquired or merges with another company, your information may be transferred as part of that transaction, with notice provided to you.

4. Data Storage & Security

Your data is stored using Google Firebase infrastructure with encryption in transit (TLS) and at rest. We implement Firestore security rules, rate limiting, and server-side access controls to protect your data. No method of transmission or storage is 100% secure; we work to protect your information but cannot guarantee absolute security.

5. Your Privacy Controls

In the app's Privacy Settings, you can control:

• Whether your profile is public or private
• Whether you appear in travel companion matching and search
• Whether your current city and visited countries are displayed
• Whether your trip-survey responses contribute to public Community Safety Ratings
• Whether your written safety-survey comments are displayed publicly with your username
• Push notification preferences by category, including post-trip survey prompts

6. Data Retention & Deletion

We retain your data while your account is active and for a reasonable period thereafter for legal and operational purposes. You can request full account deletion at any time through Settings > Delete Account. Upon deletion, your profile, trips, posts, connections, messages, individual trip-survey responses, written comments, and all associated personal data are permanently removed within 30 days.

Anonymized, aggregated analytics and metrics data may be retained indefinitely. Specifically, your numeric safety ratings, once incorporated into a destination's aggregate score, remain part of that aggregate in fully de-identified form (with your user identifier stripped) after account deletion. Written quoted comments displayed publicly are removed from public display upon deletion.

7. Children's Privacy

ROAM is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a minor, we will delete it promptly.

8. California & Other State Privacy Rights

If you are a California resident, you have rights under the CCPA including the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (we do not sell personal data). To exercise these rights, contact us at privacy@weareroam.app.

9. International Users

ROAM is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or by email. Continued use of ROAM after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at privacy@weareroam.app.

ROAM is operated by Olang Global LLC.