Privacy Policy for tism

Effective Date: March 19, 2026
Last Updated: March 19, 2026

Overview

tism ("the App") is owned and operated by 0.0.0 LLC, also known as ZeroZeroZero LLC ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal information and, critically, the information you share about your children. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application on iOS and Android.

tism is a community networking app for autism families. Because our users share sensitive information about their children — including developmental profiles, strengths, and school information — we hold ourselves to an especially high standard of privacy protection.

Information We Collect

Information You Provide

When you use tism, you may provide the following information:

Account Information: Email address, display name, and authentication credentials (via Apple Sign In, Google Sign In, or email)
Profile Information: Display name, city, "About Us" text, profile photo
City-Level Coordinates: We collect city-level latitude and longitude from your city search to match you with nearby groups and families. We do not request device GPS permissions or collect precise location.
Child Profiles: Your children's first names (or nicknames), birth year, strengths, interests, play styles, sensory preferences, school situation, and any other details you choose to share. This information is voluntary and can be edited or removed at any time.
Posts and Comments: Content you create in the community feed, group discussions, and event comment threads
Messages: Private messages exchanged with other families
Events: Event details you create (title, description, location, date, age range). Event meeting locations are only visible to families who have RSVPed.
Resources: Resources you add to the community directory (provider name, category, location, description)
Reports: Content you submit when reporting inappropriate behavior or content
Support Requests: Information provided when contacting support

Automatically Collected Information

We collect minimal technical information necessary to operate the app:

Device Information: Device type and operating system version
Push Notification Token: Device token for sending push notifications (APNs on iOS, FCM on Android, if you enable notifications)
Authentication Data: Login timestamps and session information

Information We Do NOT Collect

We do not request device GPS permissions or collect precise device location. City-level coordinates are derived from your city search, not your device. The optional school verification presence check-in uses on-device GPS to confirm proximity to a school location — this data is processed entirely on your device and is never sent to our servers.
We do not use advertising SDKs or tracking pixels
We do not collect device advertising identifiers (IDFA)
We do not use analytics services that track individual behavior
We do not collect biometric data

How We Use Your Information

We use collected information solely for the following purposes:

Providing the tism community features (profiles, groups, events, resources, messaging)
Connecting you with other families in your city
Displaying your profile and children's information to families you're connected with
Sending push notifications you've opted into (event updates, new messages, connection requests)
Moderating content to maintain community safety
Responding to support requests
Preventing fraud and ensuring security
Complying with legal obligations

Children's Privacy (COPPA Compliance)

tism complies with the Children's Online Privacy Protection Act (COPPA). Children under 13 do not create accounts. All child data is provided by and controlled by the parent or legal guardian.

No child accounts: Children do not create accounts or use the app directly. All child profiles are created and managed by a parent or legal guardian.
Parental consent: By providing information about your child during onboarding, you consent to tism storing and displaying this information to other community members as described in this Privacy Policy.
Parental control: Parents have complete control over what information is shared about their children. All fields beyond birth year are optional.
Sensory and developmental data: We collect information about your child's interests, play styles, and sensory preferences to facilitate connections with families whose children have similar needs. This information is voluntary and can be edited or removed at any time from your profile.
Minimal child data: We collect first names (or nicknames), birth year, strengths, interests, and school situation — only what parents choose to provide.
No child photos: Child profiles do not include photos. Only the parent's profile photo is stored.
Visibility controls: Child profile details are only visible to members of your groups. Non-members cannot view any child data.
Deletion: Parents can delete individual child profiles or their entire account at any time, which permanently removes all associated child data.

Data Storage and Security

Cloud Storage: Your data is stored on Supabase (hosted on AWS) with row-level security (RLS) policies on every table, ensuring users can only access data they're authorized to see.
Authentication: We use Supabase Auth with Apple Sign In, Google Sign In, and email-based authentication. We never store passwords in plain text.
Profile Photos: Stored in Supabase Storage with access policies restricting who can view, upload, and delete photos.
Encryption: All data in transit is encrypted via TLS. Data at rest is encrypted by our infrastructure provider.
Invite-Only Access: The app requires an invite code to create an account, adding an additional layer of community trust and safety.

Information Sharing

We DO NOT:

Sell, trade, or rent your personal information or your children's information
Share your data with advertisers
Use your data for marketing purposes
Share your data with data brokers or third-party analytics services
Use your data or your children's data to train AI models

What Is Visible to Other Community Members

When you join tism, certain information is visible to members of your groups:

Your display name and profile photo
Your city
Your "About Us" text
Your children's first names, birth year, strengths, interests, and play styles (as you choose to share them)
Posts and comments you make in the feed and groups
Events you create
Resources you add to the directory

Private messages are only visible to the participants in the conversation.

What Is NOT Visible to Other Members

Your email address
Your authentication method
Your invite code or who invited you
Your notification preferences
Your block/report history

Third-Party Services

tism uses the following third-party services:

Supabase: Cloud database, authentication, real-time messaging, and file storage (Supabase Privacy Policy)
Apple Sign In: Authentication (data handled by Apple)
Google Sign In: Authentication via Supabase OAuth
Apple Push Notification Service (APNs): Push notifications on iOS
Firebase Cloud Messaging (FCM): Push notifications on Android (Firebase Privacy)
Apple MapKit: City verification during profile setup on iOS (no GPS tracking — used only for canonical city names)
Google Places SDK: City verification during profile setup on Android (Google Privacy Policy)
Resend: Transactional email delivery for authentication codes and notifications (Resend Privacy Policy)
Stripe: Voluntary tip and sustainer payment processing via tism.us/support (Stripe Privacy Policy). We do not store your payment card information.
Apple StoreKit: In-app purchases on iOS (processed entirely by Apple)
Google Play Billing: In-app purchases on Android (processed entirely by Google)

We do not use any advertising, analytics, or tracking SDKs.

Push Notifications

If you enable push notifications, we collect and store:

Device Token: A unique identifier provided by Apple (APNs) or Google (FCM) to deliver notifications to your device
Notification Preferences: Your per-category settings (event updates, messages, connection requests, etc.)

You can disable push notifications at any time in your device's Settings or within the app's notification preferences. We will delete your device token within 30 days of disabling notifications.

Data Deletion

Delete Your Account

To delete your account and all associated data:

Open tism and go to the Settings tab
Tap Delete Account
Confirm deletion

This immediately and permanently deletes your profile, all child profiles, posts, comments, messages, events, resources, connections, and all other data from our servers.

Delete Individual Child Profiles

You can delete individual child profiles from the Profile tab without deleting your entire account.

Email Request

You can also request account deletion through the contact form at tism.us/contact (select "Account deletion") from the email address associated with your account.

Your Rights

General Rights

You have the right to:

Access all personal information we store about you and your children
Correct any inaccurate information
Delete your information and your children's information at any time
Use the app with nicknames instead of real names
Control which child profile details are visible

GDPR & CCPA Rights

If you are located in the European Union, California, or other jurisdictions with data protection laws, you have additional rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to certain processing of your data
Right to Restriction: Request limited processing of your data

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Contact Form: tism.us/contact (select "Privacy request")
In-App: Profile → Settings → Delete Account (for deletion requests)
Mail: 0.0.0 LLC, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801

We will respond to your request within 30 days.

Data Retention

Active accounts: Data is retained while your account is active
Deleted accounts: Immediately and permanently deleted upon request
Inactive accounts: Accounts inactive for 3+ years may be deleted (with 30-day email notice)
Legal requirements: Some data may be retained as required by law

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes become effective immediately upon posting. We will notify active users of material changes via in-app notification or email. Your continued use of the app after changes constitutes acceptance of the updated policy.

Contact Information

If you have questions or concerns about this Privacy Policy, or about how we handle your children's data, please contact us at:

0.0.0 LLC
Contact: tism.us/contact
Address: 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801

Compliance

This privacy policy complies with:

Apple App Store Guidelines and Google Play Developer Policies
Children's Online Privacy Protection Act (COPPA)
General Data Protection Regulation (GDPR) principles
California Consumer Privacy Act (CCPA) requirements

Consent

By using tism, you consent to the collection and use of your information as described in this Privacy Policy. By creating child profiles, you represent that you are the parent or legal guardian of the children whose information you provide, and you consent to the collection and use of their information as described herein.