Information We Collect
When you create an account, we collect:
- Email address and password (stored securely via Firebase Authentication)
- Display name and username (handle)
- Profile photo (if you choose to upload one)
- City and country (if you choose to provide them)
- Bio (if you choose to provide one)
- Hogwarts House selection (optional, for personalization)
If you sign in with Google or Apple, we receive your name, email address, and profile photo as provided by those services. We do not receive or store your Google or Apple password.
If you grant location permission, we collect your approximate location to:
- Show concerts and events near you
- Enable location-based event notifications (geofencing)
- Center the event map on your location
Location data is collected only while the App is in use and only when you have granted the "When In Use" permission. You can revoke this at any time in your device Settings.
- Cart data (product selections, quantities) is managed locally and through the Shopify platform
- Payment and shipping information is collected and processed directly by Shopify through their hosted checkout. We do not collect, process, or store your credit card number, billing address, or shipping address.
- Order IDs and purchase history are stored to provide order tracking and support
With your consent, we collect:
- App interaction data (screens viewed, features used, favorites added)
- Performance data (app launch times, errors)
- Aggregated statistics (total favorites, listening time, most active days)
- Device tokens for push notifications (via APNs and Firebase Cloud Messaging)
- Vendor identifier (a non-permanent, non-personal device identifier used as a fallback)
- Device name (sent during push notification registration)
- Device attestation via Apple's DeviceCheck for app integrity verification
- Favorites: Shows, films, products, and radio tracks you mark as favorites
- Notification preferences: Per-film and per-composer subscription settings
- Email subscriptions: Newsletter and film-specific email opt-ins
- Search queries: Temporary queries sent to our search provider (not stored long-term)
The App uses your device's gyroscope and accelerometer for the Immersive Listening Room feature (360-degree panoramic viewing). This motion data is processed locally in real time and is never stored or transmitted.
How We Use Your Information
- Provide and maintain the App, including user accounts, favorites, and personalization
- Process transactions through our e-commerce partner (Shopify)
- Send push notifications about events, new content, and order updates (with your permission)
- Deliver location-based alerts when concerts are happening near you (with your permission)
- Generate AI-powered content such as musical insights and film analysis (content-based prompts only; no personal data is sent to AI services)
- Improve the App through anonymized, aggregated analytics (with your consent)
- Provide customer support and respond to inquiries
- Send newsletters and marketing emails (with your explicit opt-in, including double opt-in verification)
Third-Party Services
We use the following third-party services, each governed by their own privacy policies:
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, database, storage, push notifications, analytics | Account data, favorites, preferences, device tokens, analytics events (with consent) |
| Shopify | E-commerce and checkout | Cart items; payment and shipping data collected directly by Shopify |
| Algolia | Event search | Search queries, location coordinates (if searching by location) |
| Vimeo | Video streaming | Video playback requests (no user identifiers sent) |
| OpenAI | AI-generated musical insights | Film and article content for analysis (no user identifiers or personal data sent) |
| Spotify | Composer playlists and audio previews | Playlist data requests (no user identifiers sent) |
| BlockadeLabs | Immersive 360° environments | Environment generation prompts (no user identifiers or personal data sent) |
| Apple | Push notifications, Sign-In, DeviceCheck, Maps | Device tokens, authentication tokens, map data |
| Sign-In | Authentication tokens, profile info (when using Google Sign-In) |
We encourage you to review the privacy policies of these third-party services.
Data Storage & Security
Cloud Storage
Account data, favorites, and preferences are stored in Firebase Firestore (Google Cloud infrastructure), which provides encryption at rest and in transit.
Local Storage
The App stores data locally on your device, including:
- Image cache (up to 100 MB in memory, with disk persistence)
- Skybox/environment cache (up to 500 MB on disk)
- Playlist cache (up to 50 MB on disk, automatically expires after 7 days)
- User preferences in device-local storage
- Biometric credentials in the iOS Keychain (encrypted, accessible only via Face ID or Touch ID)
Security Measures
- All network communication uses HTTPS/TLS encryption
- Passwords are never stored in plain text
- Biometric credentials are stored in the iOS Keychain with hardware-level encryption
- Firebase App Check validates app integrity to prevent unauthorized API access
- Consent changes are logged in an audit trail with timestamps
Consent Management
We implement a granular consent system. You can independently control:
All consent changes are recorded with timestamps for audit purposes. You can modify your preferences at any time through the App's Privacy Center.
Your Rights
For All Users
- Access your personal data stored in the App
- Update your profile information at any time
- Delete your account and associated data
- Opt out of analytics, notifications, emails, and location services
- Export your data in a portable format
EEA Residents — GDPR
If you reside in the European Economic Area, you additionally have the right to:
- Rectification of inaccurate personal data
- Restriction of processing under certain circumstances
- Object to processing based on legitimate interests
- Data portability in a machine-readable format
- Lodge a complaint with your local data protection authority
Our legal bases for processing are: your consent (analytics, marketing, location), contractual necessity (account management, purchases), and legitimate interests (app security, fraud prevention).
California Residents — CCPA
- Know what personal information is collected and how it is used
- Delete your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
Children's Privacy
The App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
Data Retention
- Account data is retained as long as your account is active. Upon deletion, your data is removed within 30 days.
- Analytics data is retained in aggregated, anonymized form.
- Local caches (images, playlists, environments) are automatically managed with size limits and expiration policies.
- Consent audit logs are retained for compliance purposes.
- Push notification tokens are updated when they change and removed upon account deletion or uninstallation.
International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our third-party service providers (Firebase/Google, Shopify, OpenAI, Algolia) operate. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses where applicable.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy within the App and updating the "Last Updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about your privacy, please contact us at: