Mobile App Privacy Policy

Last Updated: February 24, 2026

Introduction

Timeside, LLC ("we," "us," or "our") operates the Concerts Remembered mobile application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Contact Information

Timeside, LLC
730 I St. #200, Sacramento, CA 95814
Email: app@concertsremembered.com

1. Information We Collect

Information You Provide to Us

• Account Information: Email address, first name, and authentication credentials (when you sign up via Google Auth, Apple Sign-In, or email)
• Concert Data: Artist names, venue information, dates, locations, personal memories, ratings, notes, and other concert-related information you choose to enter
• Photos: Images you upload to document your concert experiences
• User Preferences: App settings and customization choices

Information Collected Automatically

• Device Information: Device type, operating system, App version
• Usage Analytics: Feature interactions, screen views, app performance metrics collected through Amplitude, and crash data collected through Sentry (User ID only, no email addresses or personal concert content)
• Performance Data: Load times, app responsiveness, and technical performance metrics

Information We Do NOT Collect

• We do not collect precise geolocation data or IP addresses
• We do not track your browsing activity outside the App
• We do not collect biometric data (authentication is handled by Apple/Google)
• We do not sell your personal information to third parties
• We do not track the specific content of your concert memories, photos, or personal reflections

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the App's functionality
• Create and manage your account
• Store and sync your concert memories across devices
• Analyze anonymous usage patterns to improve user experience (which features are used, completion rates, navigation flows)
• Monitor app performance and fix technical issues
• Send service-related communications (important updates, security alerts)
• Respond to your requests, questions, and feedback
• Detect, prevent, and address technical issues

3. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary to fulfill our service to you
• Legitimate Interests: Processing is in our legitimate interests (improving our services) and does not override your rights

4. Data Sharing and Disclosure

We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Third-Party Service Providers

We share limited data with service providers that help us operate the App:

Authentication Services:

• Google Auth (for Google sign-in)
• Apple Sign-In (for Apple authentication)

Cloud Storage & Database:

• Supabase (US-based) - stores your account information and concert data with encryption

Product Analytics & User Behavior:

• Amplitude (US-based) - receives anonymous usage data including screen views, feature interactions, User ID, device type, and app version
• Amplitude does NOT receive: Your email address, first name, concert content (artist names, venues, dates), personal memories, photos, or any identifiable concert information

Error Tracking & Performance Monitoring:

• Sentry (US-based) - receives crash reports, error logs, device types, app version, and performance metrics
• Sentry does NOT receive: Your email address, first name, concert content (artist names, venues, dates), personal memories, photos, or any identifiable concert information

Concert Data Services:

• Setlist.fm - we use Setlist.fm's API to search for and display concert setlists. We store only the Setlist.fm reference ID and URL; actual setlist content is fetched from Setlist.fm and displayed in accordance with their terms of service

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to:

• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Enforce our Terms of Service

Share Functionality

When you use the App's share feature to share concert information via social platforms, you control what information is shared. Shared content is subject to the receiving platform's privacy policy.

5. Data Storage and Security

Where We Store Your Data

• Our servers are located in the United States (AWS infrastructure)
• We do NOT transfer your data internationally beyond standard cloud infrastructure operations

Security Measures

We implement reasonable security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure server infrastructure
• Access controls and authentication
• Regular security assessments
• IP address blocking for analytics (no location tracking)

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

Active Accounts

We retain your data for as long as your account is active or as needed to provide you services.

Account Deletion

When you delete your account:

• Your data is deleted immediately from our active servers
• Backup copies are removed within 30 days
• Anonymous analytics data (without any identifiable information) may persist in aggregate form for product improvement purposes

7. Your Rights and Choices

Access and Control

You have the right to:

• Access your personal data through the App
• Export your data at any time using the export feature
• Correct inaccurate information by editing your profile or concert entries
• Delete your data by deleting specific concert entries or your entire account
• Opt out of analytics tracking in app settings

Account Deletion

You can delete your account:

• In-App: Settings > Data Management > Delete Account
• Email Request: Contact app@concertsremembered.com

Marketing Communications

We currently do not send marketing emails. If this changes, you will be able to opt out of marketing communications while still receiving essential service notifications.

8. Region-Specific Rights

European Union (GDPR)

If you are in the EU, you have additional rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at app@concertsremembered.com.

California (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of personal information (note: we do NOT sell personal information)
• Non-discrimination for exercising your privacy rights

Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

9. Cookies and Tracking

The App uses minimal tracking technologies:

• Essential: Required for authentication and App functionality
• Product Analytics: Amplitude collects anonymous usage patterns (which features you use, navigation flows, session duration) to help us understand how to improve the app
• Error Tracking: Sentry collects crash reports, error logs, anonymous User ID, device type, platform, and performance metrics to help us fix bugs and improve app stability
• Performance: Web Vitals data for app speed and responsiveness optimization

We do NOT use:

• Advertising cookies
• Cross-site tracking
• Session replay or screen recording
• Location tracking or IP-based geolocation

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy in the App
• Sending an email notification (if you have provided an email)
• Displaying an in-app notification

Your continued use of the App after changes indicates acceptance of the updated Privacy Policy.

11. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. International Data Transfers

Our servers are located in the United States. If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the App, you consent to this transfer.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Provide information about what data was affected
• Describe steps we are taking to address the breach
• Advise you on protective measures you can take

14. Your Data Rights

You have the right to access, update, or delete your personal data at any time. For instructions on how to delete your data, visit our Data Deletion Instructions page.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

• Email: app@concertsremembered.com
• Mail: Timeside, LLC, 730 I St. #200, Sacramento, CA 95814
• Data Protection Contact: app@concertsremembered.com

We will respond to your inquiry within 30 days.