TATOMA Mobile Apps — The Number Privacy Policy
Effective Date: April 2026 Last Updated: April 2026
This privacy policy explains how The Number, a mobile application developed by Tatoma B.V., collects, uses, and protects your data. The Number is a weekly team check-in app where you give your week a score from 0 to 10.
This policy supplements the TATOMA Privacy Policy. For general data handling practices, please refer to that document.
What Is The Number?
The Number is a mobile app for iOS and Android that lets teams share a weekly score. Each Friday, you rate your week on a scale of 0 to 10, optionally add a comment, and see how your team is doing.
The app is provided as part of your organization's Tatoma subscription and requires a Tatoma account to use.
Data We Collect
Authentication Token
When you sign in, an authentication token is generated and stored locally on your device using the operating system's secure storage (iOS Keychain or Android Keystore via Expo SecureStore). The token is a random string — it does not contain your password, email, or personal information. Tokens are cleared when you sign out.
Weekly Scores
Each week, you can submit a score from 0 to 10. This score is sent to and stored on the Tatoma platform.
Optional Comments
You may add a short text comment alongside your score. Comments are sent to and stored on the Tatoma platform.
User Identity
Your name, email address, and organization membership are provided through WorkOS authentication (the same identity provider used by the Tatoma web platform). You do not enter this information directly in the app.
Language Preference
Your chosen language (English, Dutch, or Danish) is stored locally on your device.
Data We Do NOT Collect
The Number does not collect, access, or transmit:
- Analytics or crash reporting data
- Device identifiers or advertising IDs
- Push notification tokens
- Location data
- Contacts, photos, calendar, or other device data
- Browsing history or data from other apps
- Any data used for tracking across apps or websites
Who Can See Your Data
The Number has a clear visibility model:
| Role | What they see |
|---|---|
| Team leads | Individual scores, comments, and names for their team. This helps them understand how the week went and start conversations that matter. |
| Organization admins | Scores and comments from all teams. |
| Team members | Aggregated averages and trends only — no individual scores or attribution. |
| Tatoma B.V. | Access to all data for platform operation and support (as data processor). |
How We Use Your Data
| Data | Purpose |
|---|---|
| Auth token | Authenticate your access to the app |
| Scores and comments | Display your check-in history, generate team and organization insights |
| User identity | Associate check-ins with your account, display your name to team leads |
| Language preference | Display the app in your preferred language |
We do not use AI processing on scores or comments. We do not share your individual data with other organizations.
Data Sharing
The Number communicates exclusively with Tatoma platform servers:
- API server (hosted on Vercel) — score submission, team data, user profile
- WorkOS — authentication (see main privacy policy for WorkOS details)
No data is sent to analytics services, advertising networks, or any other external parties.
Data Storage & Security
| Data | Stored where | Details |
|---|---|---|
| Auth tokens | Your device (iOS Keychain / Android Keystore) | Cleared on sign-out |
| Scores, comments, user data | Tatoma platform database (Supabase, EU) | Same infrastructure as the web platform |
Security measures:
- All communication over HTTPS
- Encryption at rest for all stored data
- Row-level security on all database queries
- Secure authentication via WorkOS
Data Retention
- Auth tokens are cleared when you sign out
- Scores and comments are retained for the duration of your organization's Tatoma subscription
- Account deletion is available via the web platform's Manage Data page. Personal data is deleted within 30 days of a deletion request.
- Backup data may be retained in encrypted backups for up to 90 days for disaster recovery purposes
Your Rights
Under GDPR, you have the right to access, correct, delete, restrict, port, and object to the processing of your personal data. You can exercise your right to erasure and data portability directly from the Manage Data page.
For all other requests, contact us at gdpr@tatoma.eu. We will respond within one month.
Children's Privacy
The Number is not directed at children under 16. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy from time to time. Changes will be reflected in the "Last Updated" date above. Continued use of The Number after changes constitutes acceptance of the updated policy.
Contact
For privacy questions or to exercise your data rights:
Tatoma B.V. Willemstraat 1 5611 HA, Eindhoven The Netherlands
Email: gdpr@tatoma.eu