Legal
Privacy Policy
Summary: HighRoad builds products to keep core work local when practical. Data flows still differ by app: some offer accounts or sync, some read HealthKit with permission, some connect to a cloud model you choose, and some use purchase or optional diagnostic services. We do not sell personal data or build advertising profiles.
1. Controller and scope
COBI Management SRL, trading as HighRoad Software, is the controller for personal data it receives through this website, support, direct sales, and app services it operates.
- Enterprise number: BE 0676.613.701
- Address: Rue Haut Chemin 8, 1370 Jodoigne, Belgium
- Privacy email: privacy@highroadsoftware.com
This portfolio policy provides common terms. Product-specific policies describe the exact build and take priority for that product: ScoutBar, LumenForge, Roundtable, Chartwright, PaperMind, Nomii, FamilyLegacy, PulseWave, DressGenius, Persona, CatFidget, ReactionLab, SongForge, VoxForge, HyperCam Trigger, and the Games catalogue.
2. Website and support
- Server logs: our host may record IP address, request, browser information, and timestamp for delivery, security, and diagnostics. Operational logs are normally retained for up to 30 days unless a security incident requires longer preservation.
- Contact: when you email us, we process your address, message, attachments, and related correspondence to respond, troubleshoot, protect our rights, and keep necessary business records. Routine correspondence is normally reviewed for deletion after three years.
- Professional and editorial relationships: when an organisation or publication expressly invites product news, review requests, partnerships, or editorial pitches, we may keep the contact name, public role, organisation, invited contact route, source URL, relevance notes, and resulting correspondence. We do not buy contact lists, scrape private email addresses, or automate publication. Promotional electronic contact is used only where the recipient has invited it, consented, or another limited legal exception clearly applies. An objection or opt-out is recorded in a suppression list so we do not contact that person again.
- Website storage: the public website does not set cookies or write a consent preference to browser storage. Its fonts are self-hosted, and it does not run third-party advertising or behavioural analytics.
3. App data
3.1 Local content
Many apps keep projects, documents, prompts, media, settings, or game progress on the device. HighRoad cannot access locally stored content merely because the app created it. Deletion, export, backup, and sandbox behaviour are described in each product policy.
3.2 Accounts and sync
PulseWave can use an account and cloud sync. Other products may use Apple services or a user-selected connector where their policy says so. Account records can include email, account identifier, authentication state, sync data, timestamps, and security logs. If an app supports account creation, it also provides an in-app account-deletion route as required for that release.
3.3 Health and sensitive data
Nomii can read selected HealthKit information only after permission. It does not write to HealthKit and does not use health data for advertising. PulseWave may process wellness information as described in its policy. Health and wellness features are not used for medical diagnosis and are not sold.
3.4 Models, cloud providers, and external sources
LumenForge, Persona, SongForge, and VoxForge may connect to model or content hosts to download resources you choose. Roundtable, Chartwright, PaperMind, and ReactionLab can send content to a cloud model, connector, feed, or web source only when you configure or invoke that provider. The provider receives the content and network data needed for the request under its own policy. Local-model use avoids cloud inference but may still require model delivery or licence validation.
3.5 Purchases
Apple processes App Store payments. RevenueCat may manage pseudonymous entitlement status for products such as Nomii, PulseWave, or DressGenius. A named direct merchant, including Lemon Squeezy where used, may process direct orders and licence validation. HighRoad may receive order email, transaction ID, product, entitlement, status, tax, and fraud-prevention records, but not full card details. The live checkout identifies the active merchant.
3.6 Diagnostics and analytics
Most local Mac products have no behavioural analytics in their current repositories. PulseWave may use the analytics or diagnostic services identified in its policy, subject to its controls. DressGenius may send scrubbed crash and performance diagnostics to Sentry only after opt-in. A released game may use analytics or advertising only when disclosed in its policy, App Store privacy label, consent flow, and exact binary.
HyperCam Trigger keeps camera analysis, captures and gallery data local by default. Its optional keyword trigger can use Apple Speech, and a confirmed Cloud Upscale action sends the selected photo to an endpoint configured by the user. See its product policy for the exact permission and deletion boundaries.
4. Purposes and legal bases
Where GDPR applies, we process data to perform a contract (provide an account, entitlement, sync, support, or requested connection); comply with tax, accounting, consumer, sanctions, and legal duties; obtain consent for optional health, location, diagnostics, analytics, or similar access where required; and pursue legitimate interests such as securing services, preventing fraud, debugging, responding to users, maintaining business records, and managing requested professional or editorial relationships. Electronic direct marketing is not based on legitimate interests where consent is legally required. You may object to legitimate-interest processing.
5. Recipients and international transfers
We disclose data only to service providers needed for hosting, email, authentication, sync, payments, entitlement, model delivery, optional diagnostics, or a feature you request; to professional advisers; to authorities where legally required; or to a successor in a corporate transaction subject to safeguards. Some providers process data outside the EEA. Where required, transfers rely on an adequacy decision, approved standard contractual clauses, or another lawful safeguard. Product policies identify material providers for that app.
6. Retention and deletion
Local app data remains until you delete it, clear it, or remove the app, subject to device backups. Account and sync data remains while the account is active and for the period needed to complete deletion, prevent fraud, resolve disputes, and meet legal duties. Purchase and tax records may be retained for statutory periods. Optional diagnostics follow the provider's configured retention. Professional prospect records are reviewed after 12 months and deleted or anonymised after 18 months unless a relationship is active, the person asked us to retain the record, or a legal record is still required. Suppression records are retained only to honour objections. We delete or anonymise personal data when its purpose and mandatory retention period end.
7. Your choices and rights
You can manage app permissions in Apple Settings, choose local instead of cloud providers where supported, remove API keys or connectors, disable optional diagnostics or analytics, delete local content, and use in-app deletion for an account-bearing app. Depending on applicable law, you may request access, correction, deletion, restriction, portability, or objection, and withdraw consent without affecting earlier lawful processing. Contact privacy@highroadsoftware.com. We may need to verify the request. You may complain to the Belgian Data Protection Authority or your local supervisory authority.
8. Children, security, and changes
Unless a product's age rating states otherwise, our apps are not directed to children under 13 or the higher minimum age required locally. We use TLS, platform sandboxing, least-privilege permissions, access controls, and service-provider safeguards appropriate to the data, but no system is risk-free. We will date material policy changes and provide additional notice where required. App Store privacy answers, in-app disclosures, and this website must be updated before a release introduces a materially new data flow.
9. Contact
COBI Management SRL, Rue Haut Chemin 8, 1370 Jodoigne, Belgium · privacy@highroadsoftware.com