Privacy Policy

PRIVACY POLICY FOR CONCERTTRACKR

Last Updated: October 23, 2025

Version: 2.1.0

INTRODUCTION

ConcertTrackr ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

INFORMATION WE COLLECT

Personal Information

• Account Information: Email address, display name, phone number (optional), and password (when you create an account)

• Authentication Data: User ID and authentication tokens for account management

• Profile Information: Display name, email address, profile preferences, privacy settings, and friend discovery preferences

• Sign-In Methods: Email/password authentication, Google Sign-In (optional), or Apple Sign-In (optional)

Event Information

• Event Details: Event titles, artists, dates, venues, cities, event types, notes, ticket sources, and confirmation codes

• Event Images: Photos you choose to add to events

• Location Data: Venue addresses, coordinates, and city information for map display

• Event Privacy Settings: Privacy preferences for each event (Only Me or Friends)

• Attendance Information: List of friends attending the same events

• Email Import Data: When you forward confirmation emails, we temporarily process email content to extract event details (deleted within 24 hours)

Device Information

• Device Identifiers: Unique device identifiers for authentication and sync

• App Usage: Information about how you use the app (events created, features used)

• Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens for sending notifications

• App Badge Count: Badge number on app icon for notification counts

Social and Contact Information (Optional)

• Contacts Access: When you grant permission, we access your device contacts to help you find friends who also use the app

• Contact Matching: We use hashed versions of phone numbers and email addresses to match with other app users

• Friend Connections: User IDs of your friends on ConcertTrackr

• Friend Requests: Incoming and outgoing friend request data

• Friend Activity: Information about events your friends are attending (only when they share with you)

• Manual Friend Search: Email addresses or phone numbers you search for to find friends

HOW WE USE YOUR INFORMATION

Core App Functionality

• Event Management: Store and sync your concert and event information across all your devices

• Calendar Integration: Add events to your device calendar (with your permission)

• Location Services: Display venue locations on maps and provide location-based features

• Notifications: Send reminders for upcoming events, friend requests, and friend activity

• Email Import: Process forwarded confirmation emails to automatically create events (feature coming soon)

Social Features

• Friend Discovery: Help you find friends who also use the app through:

• Contact list matching (with your permission)

• Manual search by email or phone number

• Friend request system

• Friend Requests: Send, receive, accept, and reject friend requests

• Event Sharing: Allow you to share events with friends based on your privacy settings

• Social Event Feed: Show you events your friends are attending (when they choose to share)

• Attendance Tracking: Display which friends are going to the same events as you

• Privacy Controls: Respect your per-event and global privacy settings (Only Me or Friends)

Account Management

• Authentication: Secure login via email/password, Google Sign-In, or Apple Sign-In

• Data Sync: Synchronize your events, friends, and settings across all your devices in real-time

• Account Recovery: Password reset functionality for email/password accounts

• Guest Mode: Try the app without creating an account (limited features, no data sync)

• Multi-Device Support: Access your account from multiple devices simultaneously

THIRD-PARTY SERVICES

Firebase (Google)

• Authentication: User authentication and account management via Firebase Auth

• Database (Firestore): Store and sync your event data, friend connections, and settings

• Cloud Messaging: Send push notifications for friend requests and event updates

• Cloud Functions: Automatically delete all user data when accounts are deleted

• Security Rules: Enforce data access controls and privacy settings

• Privacy: Firebase data is subject to Google's Privacy Policy

Google Sign-In

• Authentication: Optional Google account sign-in

• Account Linking: Link your Google account to your ConcertTrackr account

• Profile Data: We receive your Google email and display name (if you choose Google Sign-In)

• Privacy: Google Sign-In is subject to Google's Privacy Policy

Apple Sign-In

• Authentication: Optional Apple account sign-in

• Account Linking: Link your Apple ID to your ConcertTrackr account

• Privacy: Apple Sign-In is subject to Apple's Privacy Policy

• Email Privacy: Apple's "Hide My Email" feature is supported

SendGrid (Email Processing - Coming Soon)

• Inbound Email: Process confirmation emails you forward to us

• Email Parsing: Extract event details from confirmation emails

• Data Deletion: Email content is deleted within 24 hours after processing

• Privacy: SendGrid is subject to Twilio's Privacy Policy

DATA STORAGE AND SECURITY

Data Storage

• Cloud Storage: Your data is stored securely in Firebase (Google Cloud)

• Local Storage: Some data is cached locally on your device for offline access

• Encryption: Data is encrypted in transit and at rest

Data Security

• Authentication: Secure authentication using industry-standard methods

• Access Control: Only you can access your personal data

• Regular Updates: We regularly update our security measures

YOUR RIGHTS AND CHOICES

Data Access

• View Your Data: You can view all your data within the app (events, friends, settings)

• Export Data: You can export your event data at any time

• Delete Data: You can delete individual events, remove friends, or delete your entire account

• Edit Profile: You can change your display name and privacy settings at any time

Privacy Controls

• Event Privacy: Set individual events as "Only Me" or "Friends"

• Global Privacy: Set default privacy settings for all new events

• Friend Discovery: Enable or disable friend discovery in your contacts

• Contact Access: Revoke contacts permission in iOS Settings

• Location Access: Revoke location permission in iOS Settings

• Notifications: Disable push notifications and local notifications in iOS Settings

• Friend Requests: Control who can send you friend requests

• Profile Visibility: Control what information friends can see

Account Management

• Sign Out: You can sign out at any time from the Settings page

• Delete Account: You can delete your account and all associated data. Delete Account: Available in Settings → Account & Privacy

  • For security, you may be required to re-authenticate (sign in again) before deleting your account

  • Account deletion is permanent and irreversible

  • All data is deleted immediately: events, friends, requests, activity, and profile information

  • Your Firebase authentication account is also permanently deleted

• Data Portability: You can export ALL your data as JSON (events, friends, requests, activity, settings) before deleting your account

  • Includes: user profile, all events, friend connections, friend requests, and activity feed

  • Compatible with standard JSON format for use with other services

• Password Reset: Reset your password via email (for email/password accounts)

• Change Display Name: Update your display name at any time in Account & Privacy settings

• Update Phone Number: Add or change your phone number for friend discovery in Account & Privacy settings

• Guest Mode: Use the app without an account (limited features, no friend functionality)

DATA SHARING

We Do NOT Share Your Data With:

• Third-Party Advertisers: We do not sell your data to advertisers

• Data Brokers: We do not sell your data to data brokers

• Marketing Companies: We do not share your data for marketing purposes

• Social Media Platforms: We do not share your data with social media networks

• Analytics Companies: We do not use third-party analytics (no tracking)

We Only Share Your Data When:

• You Explicitly Choose To: When you share events with friends or set events to "Friends" privacy

• Friend Connections: Your friends can see events you've set to "Friends" visibility

• Friend Requests: Your name and profile information are visible when you send or receive friend requests

• Mutual Friends: Friends can see that you're attending the same events (when visibility allows)

• Legal Requirements: When required by law or legal process

• Service Providers: With trusted service providers (Firebase, Google, SendGrid) who help us operate the app under strict data processing agreements

CHILDREN'S PRIVACY

ConcertTrackr is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

INTERNATIONAL USERS

Your data may be processed in the United States and other countries where our service providers operate. By using our app, you consent to the transfer of your data to these countries.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

In-App Notification: Showing a notification when you open the app

Email Notification: Sending an email to your registered email address

App Store Update: Including the updated policy in app updates

CONTACT US

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@concerttrackr.com 

Website: http://www.concerttrackr.com 

DATA RETENTION

Active Accounts

• We retain your data for as long as your account is active or as needed to provide our services

• Event data, friend connections, and settings are stored indefinitely while your account is active

• You can delete individual events or friends at any time

Account Deletion

• When you delete your account, we will delete your personal data within 30 days

• Deleted data includes: events, profile information, friend connections, and settings

• Exceptions: We may retain data longer if required for legal or regulatory purposes

• Friend Data: When you delete your account, you are removed from your friends' friend lists

Email Import Data (Coming Soon)

• Forwarded confirmation emails are processed immediately

• Email content is permanently deleted within 24 hours after processing

• Only extracted event details are retained (not the full email)

YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the personal information we collect

• Right to Delete: You can request deletion of your personal information

• Right to Opt-Out: You can opt out of the sale of personal information (we do not sell personal information)

YOUR EUROPEAN UNION RIGHTS

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: You can request access to your personal data

• Right to Rectification: You can request correction of inaccurate data

• Right to Erasure: You can request deletion of your personal data

• Right to Portability: You can export your data as JSON from Settings → Account & Privacy

• Right to Object: You can object to processing of your personal data

PUSH NOTIFICATIONS

We may send you push notifications for:

• Friend Requests: When someone sends you a friend request

• Friend Activity: When a friend adds or updates an event (optional)

• Event Reminders: Reminders for your upcoming events (optional)

• Account Activity: Important account-related notifications

You can control notification preferences in:

• iOS Settings > Notifications > ConcertTrackr

• App Settings > Notifications (in-app preferences)

EMAIL IMPORT FEATURE (COMING SOON)

How It Works

• You can forward ticket confirmation emails to events@concerttrackr.com

• We automatically parse the email and create an event in your account

• Email must be sent from your registered ConcertTrackr email address

What We Process

• Email sender address (to verify it matches your account)

• Email subject and body (to extract event details)

• Attachments are not processed or stored

Data Security for Email Import

• Only emails from verified account holders are processed

• Full email content is deleted within 24 hours

• Only event details (title, date, venue) are retained

• Rate limited to 10 email imports per day per user

• All processing happens on secure Firebase Cloud Functions

Supported Ticket Providers

• Ticketmaster, StubHub, Eventbrite, LiveNation, DICE, and others

• We use pattern matching to extract event information

• If we can't parse an email, no event is created (no data is stored)

This Privacy Policy is effective as of October 21, 2025 and was last updated on October 23, 2025.