TOGA← BACK TO SITE

TOGA — Privacy Policy (Beta)

Effective: April 28, 2026 · Last updated: April 28, 2026 Version: Beta (TestFlight / early access)

This Privacy Policy describes how toga.now LLC ("TOGA," "we," "us," or "our") collects, uses, and protects information when you or your designated partner use the TOGA mobile application, the websites at toga.app and toga.now, the SMS notification program, and any related services (collectively, the "Service"). TOGA is a scheduling assistant for airline pilots.

TOGA is an independent product and is not affiliated with, endorsed by, or sponsored by United Airlines, any other airline, the Air Line Pilots Association (ALPA), Navtech, or the Federal Aviation Administration. We treat your schedule and bid data as sensitive personal information. We do not share it with airlines, employers, unions, the FAA, or any other organization in your professional environment. We use a small set of contractual service providers — Supabase (database), Twilio (SMS), and Anthropic (AI) — to operate the Service on our behalf under confidentiality obligations, as described in Section 7. See Section 4 for more on schedule data sensitivity.

⚠️ Beta software. TOGA is currently offered as beta software, including via Apple TestFlight and Google Play closed/open testing. During the beta period, schemas may change, data may be reset, and features may be added or removed without notice. Always verify your bid in PBS before any deadline.

If you do not agree with this Privacy Policy, do not use the Service.

1. Information We Collect

We collect two categories of information: information you voluntarily provide to us, and information automatically collected by your device or our infrastructure when you use the Service.

1.1 Pilot account data (voluntarily provided)

  • Name and email address
  • Phone number (if you opt in to SMS)
  • Authentication credentials (or, if you sign in with Apple, the Apple-issued identifier and either your real email or a private Apple-relay email)
  • Base, equipment, seat, seniority, and employee file number
  • Bid preferences, awarded schedules, trade history, and PBS-related parameters that you import or enter

Your employee file number is used only to map your account to the correct category and benchmarks; it is not shared and is not used to identify you outside TOGA.

1.2 Partner contact data (voluntarily provided)

If you choose to invite a partner, you provide that partner's name and phone number. Partner data is processed at your direction and is visible only on your account.

1.3 Sensitive information (voluntarily provided)

To the extent the following constitute "sensitive information" or "special categories of data" under applicable law, you may provide them to us:

  • Trade union or other professional association membership (e.g., ALPA membership), to the limited extent it can be inferred from your account data.

We will not collect any other category of sensitive information without first obtaining your consent, and we will use or disclose sensitive information only as permitted, required, or authorized by law.

1.4 SMS message content

The text of inbound and outbound SMS messages exchanged through the Service, including any events your partner texts in.

1.5 Oscar / AI assistant content

The text of your chats with Oscar (our in-app AI assistant) and the relevant account context (such as your base, equipment, and current bid cycle) used to answer your question.

1.6 Device data and permissions (automatically collected, with your permission)

The TOGA app may request access to certain device features. The exact list depends on which features you use and what you allow at install time, and may include:

  • Notifications. To deliver push notifications for bid windows, award postings, and partner-event confirmations.
  • Calendar. Optional, only if you choose to sync TOGA-derived events to your device calendar.
  • Background app refresh. To keep schedule data current.
  • Phone/SMS. TOGA does not read messages on your device. SMS interactions occur over our Twilio-operated programmatic SMS, not by reading your device's SMS app.

We do not request access to your microphone, camera, contacts, location, or photos for the core Service. If we add a feature that requires such access, we will request it at the point of use.

1.7 Log and diagnostic data (automatically collected)

When you access our servers, we automatically log standard data such as IP address, device type and operating system version, app version, in-app interactions, error events, time and date, and other technical details about the request. Diagnostic logs are stored in our Supabase backend and retained for up to 90 days, after which they are deleted or anonymized.

1.8 Sign in with Apple

If you sign in with Apple, we receive your name and either your real email address or a private Apple-relay email, used only for account communications. We do not receive any other Apple account data.

2. How We Use Information

We use the information we collect to:

  • Generate bid recommendations, schedule analyses, trade suggestions, and Oscar responses for you;
  • Send you bid-cycle reminders by SMS (window opens, window closing, award posted) when you have provided a phone number;
  • Send a one-time invitation SMS to a partner whose phone number you have added, and ingest partner replies as personal events on your bid cycle;
  • Provide, support, secure, and improve the Service, including diagnosing errors and developing new features;
  • Operate aggregate, de-identified analytics described in Section 5;
  • Send service-related communications (such as account, security, beta-program, and policy-update notices);
  • With your prior opt-in, send optional product updates, content, surveys, sweepstakes, or promotional emails (you can unsubscribe at any time using the link in any such email);
  • Comply with legal obligations and respond to lawful requests from authorities;
  • Enforce our Terms of Service and Acceptable Use Policy and prevent fraud or abuse.

We do not use your data to deliver personalized or cross-context behavioral advertising, and we do not engage in profiling that would have a legal or similarly significant effect on you.

3. Legal Bases for Processing

We process your personal information when we have a legitimate reason for doing so, which typically includes one or more of: (a) performance of our agreement with you (the Terms of Service); (b) your consent (e.g., for SMS opt-in or marketing emails); (c) our legitimate interests in operating, securing, and improving the Service; or (d) compliance with legal obligations.

4. Schedule Data Sensitivity

We treat your schedule and bid data as sensitive personal information. Pilot schedules can reveal physical-location patterns and time away from home. We do not share your schedule, bid history, trade activity, or awarded trips with airlines, employers, unions, the FAA, or any other organization in your professional environment. We do not use your data to make decisions on behalf of your employer, and we do not transmit your data back to your airline.

The infrastructure providers listed in Section 7 (Supabase, Twilio, Anthropic) process limited portions of your data on our behalf, under contractual confidentiality obligations, only to operate the Service. They are not authorized to use your data for their own purposes and are distinct from the "third party" recipients (airlines, employers, unions, regulators) we do not share with.

5. Aggregate and De-Identified Data

TOGA may use aggregated, de-identified data drawn from many pilot accounts to provide pool intelligence and benchmarks (for example, "pilots near your seniority typically secured this many days off"). Aggregated outputs never identify you, your file number, your email, or your specific schedule, and are only shown to other pilots who use the Service. Once data has been aggregated and de-identified, it is no longer "personal information" under this Policy and may be retained indefinitely.

6. SMS / Text Messaging

By providing your phone number, you consent to receive transactional SMS messages from TOGA related to your scheduling workflow. Message and data rates may apply. Message frequency varies and is generally limited to a small number of messages per bid cycle. Reply STOP at any time to unsubscribe, or HELP for assistance. Carriers are not liable for delayed or undelivered messages.

We do not share, sell, or transfer phone numbers or SMS opt-in data to third parties or affiliates for marketing or promotional purposes. SMS information is used only to operate the Service.

7. Sub-Processors and Service Providers

We use trusted infrastructure providers to operate the Service. They process data on our behalf under contractual confidentiality obligations and are not authorized to use your data for their own marketing or advertising:

  • Supabase — database, authentication, and file storage. Hosts your account, schedule, and bidding data.
  • Twilio — SMS delivery for pilot reminders and partner messages.
  • Anthropic — provides the AI model that powers Oscar. When you chat with Oscar or a partner texts in an event, the relevant message text and limited account context (such as your base, equipment, and current bid cycle) are sent to Anthropic's API for processing. Per Anthropic's API terms, inputs are not used to train Anthropic's models and are retained by Anthropic for no more than 30 days for abuse-monitoring purposes. We do not send your full bid package, awarded schedule, or employee file number to Anthropic unless required to answer a specific question you ask.
  • Apple and Google — distribute the TOGA app via the App Store / TestFlight and Google Play. Apple and Google have their own privacy policies governing the data they collect about your use of their stores; we receive only the limited information they provide to app developers (such as crash reports and aggregated download metrics, and, if you sign in with Apple, the limited Sign in with Apple data described above).

We do not transfer your personal information to other third parties for their independent use. We may disclose information:

  • To our employees, contractors, and agents, who are bound by confidentiality obligations;
  • To courts, tribunals, regulators, and law-enforcement officers as required by law or to establish, exercise, or defend our legal rights;
  • To a successor entity in connection with a merger, acquisition, asset sale, financing, reorganization, or bankruptcy (see Section 13).

8. Partner Privacy

When a pilot adds a partner's phone number, that partner receives a one-time invitation SMS explaining the Service. The partner's name and phone number are processed at the pilot's direction and are visible only on the pilot's account. A partner can:

  • Reply STOP at any time to end SMS communication.
  • Email support@toga.app to request removal of their information from the Service.

Pilots are responsible for obtaining a partner's express, voluntary consent before adding their phone number and warrant the same in our Terms of Service.

9. Security

We use industry-standard safeguards to protect your information. Data is encrypted in transit using TLS 1.2 or higher and encrypted at rest by our infrastructure providers. Access to production data is restricted via Supabase row-level security policies and credential-based access controls. We review our security posture regularly.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law, generally within 72 hours of confirming the incident for incidents likely to result in material risk to you.

You are responsible for selecting a strong password (where applicable), keeping your credentials confidential, and notifying us at support@toga.app if you suspect your account has been compromised.

10. Data Retention and Deletion

We retain pilot and partner data for as long as the account is active. Specific retention practices include:

  • Diagnostic and log data: up to 90 days, after which deleted or anonymized.
  • SMS logs: retained for operational and audit purposes for the duration of the account, plus a reasonable period after deletion to comply with carrier requirements; deleted earlier on request where feasible.
  • Aggregated and de-identified data: may be retained indefinitely (see Section 5).
  • Beta-period note: during beta, we may also reset, migrate, or delete account data as part of schema changes; we will use commercially reasonable efforts to preserve data across upgrades but make no guarantee.

You can delete your TOGA account at any time from Settings → Account → Delete Account inside the app, or by emailing support@toga.app. Account deletion removes your profile, schedule data, bid history, partner contacts, and SMS history from active systems within 30 days. Backups are purged on a rolling schedule of up to 90 days. Some records may be retained longer to comply with legal, accounting, or audit obligations or to defend legal claims.

11. Your Choices and Rights

Regardless of where you reside, you have the following choices:

  • SMS: Reply STOP to any TOGA SMS to opt out of all SMS messages from TOGA.
  • Marketing emails: Click "unsubscribe" in any TOGA marketing email, or email support@toga.app. Service and security messages will continue.
  • Partner removal: You can remove a partner's phone number from your TOGA account at any time, which will end SMS communication with that partner.
  • Access, correction, deletion, portability: You can request access to, correction of, a copy of, or deletion of personal information about you by contacting support@toga.app. We may need to verify your identity using account credentials or other reasonable means.
  • Withdraw consent: Where we rely on your consent to process data (such as for sensitive information or marketing emails), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

We will respond to verifiable requests within the timeframes required by applicable law.

11.1 Non-discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, or provide a different level of quality solely because you exercised a right under this Policy or applicable law (except where the request, such as deletion, makes continued provision of the Service impossible).

11.2 Do Not Track

Some browsers offer a "Do Not Track" feature. We do not currently respond to "Do Not Track" signals; we adhere to the standards in this Policy regardless of any such signal.

12. Additional Disclosures for U.S. State Privacy Laws

The following section provides additional disclosures required by the privacy laws of California, Colorado, Connecticut, Delaware, Florida, Texas, Utah, and Virginia and applies to residents of those states. Specific references to a particular state's law apply only to residents of that state. References to "personal information" in this Section 12 mean personal information as defined by the applicable state law.

12.1 Categories of personal information collected, used, and disclosed

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act (and analogous categories under other state laws):

CategoryExamples we collectSource
IdentifiersName, email, phone number, account ID, IP address, employee file numberYou; your device
Customer recordsAccount preferencesYou
Internet/network activityApp and web usage, error logsYour device
GeolocationApproximate IP-based location onlyYour device
InferencesBid-cycle behavior, preferencesDerived from your inputs
Sensitive personal informationTrade union / professional-association membership; precise account credentials; SMS message contentsYou

We collect and use these categories for the business purposes described in Section 2 and disclose them to the categories of recipients described in Section 7. We do not "sell" or "share" personal information for cross-context behavioral advertising, as those terms are defined under California, Colorado, Connecticut, Delaware, Florida, Texas, Utah, or Virginia law. In the past 12 months, we have not sold or shared personal information for those purposes, and we have not knowingly sold or shared personal information about minors under 16.

12.2 Right to know, correct, delete, and limit use of sensitive personal information

Subject to applicable law and verification, you have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) sell or share about you;
  • Access a portable copy of your personal information;
  • Correct inaccurate personal information;
  • Delete personal information we hold about you;
  • Opt out of sale or sharing for cross-context behavioral advertising — although as noted, we do not engage in such activity;
  • Limit the use and disclosure of sensitive personal information to the purposes specified by the CCPA/CPRA;
  • Non-discrimination for exercising any of these rights;
  • Appeal a denial of a request (Colorado, Connecticut, Delaware, Florida, Virginia).

To exercise these rights, contact support@toga.app. We will verify your identity using your account credentials or other reasonable means and respond within the timeframes required by applicable state law (typically 45 days, extendable by another 45 days where reasonably necessary).

12.3 Shine the Light (California)

Under California Civil Code § 1798.83, California residents who have a business relationship with us primarily for personal, family, or household purposes may request once per calendar year information regarding our disclosure (if any) of personal information to third parties for those third parties' own direct-marketing purposes. To make such a request, email support@toga.app with the subject line "Request for California Privacy Information." Not all sharing is covered by Section 1798.83.

12.4 Authorized agents

You may use an authorized agent to submit a privacy-rights request on your behalf. We will require written proof of the agent's authority and may also require you to verify your identity directly with us.

13. Business Transfers

If we or substantially all of our assets are acquired, or in the unlikely event of bankruptcy, your personal information may be transferred to the acquiring or successor entity as part of the transaction. The successor will be bound by this Policy or a successor policy at least as protective, except as permitted by law.

14. Children's Privacy

TOGA is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact support@toga.app and we will delete it.

15. International Users

TOGA is operated from and stores data in the United States. The Service is intended for users in the United States. We do not target or offer the Service in the European Union or the United Kingdom. If you access the Service from outside the United States, you understand and consent that your information will be transferred to and processed in the United States, which may have data-protection laws different from those of your country.

16. Third-Party Sites and Services

The Service may contain links to third-party sites and services (such as PBS, CCS, your airline's pilot portals, Apple, Google, Twilio support pages, etc.). We are not responsible for the content or privacy practices of those sites. After following any third-party link, you should read that site's privacy policy.

17. Beta-Period Notice

This Policy describes our practices during the beta period of the Service. During beta, we may revise our practices more frequently than we will once the Service is generally available. We will provide notice of material changes as described in Section 18.

18. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 14 days' notice through the Service or by email before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision. If you do not agree with the updated Policy, your sole remedy is to stop using the Service and delete your account.

19. Complaints

If you believe we have violated this Policy or a relevant data-protection law, contact us at support@toga.app with full details. We will investigate and respond. You also have the right to contact a competent regulatory body or data-protection authority.

20. Contact

Questions or requests regarding this Privacy Policy can be sent to support@toga.app.

TOGA — Fly the Plane. Go Home.