Privacy Policy

Last Updated: March 14, 2026

Vibes.live ("the App") is a concert discovery and tracking application operated by Andrew Norby ("we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.

By using Vibes.live, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address — used for authentication (one-time passcode login)
Display name — shown to other users on your profile
Handle — your unique username, visible to other users
Home city — used to personalize concert discovery near your location

1.2 Profile Content

You may optionally provide:

Profile photo — stored securely and visible to other users
Concert photos — photos you upload from attended shows, which may be visible to other users

1.3 Usage Data

As you use the App, we collect:

Artist, venue, and festival subscriptions — which artists, venues, and festivals you follow
Concert attendance status — events you mark as "Want to Go," "Going," or "Attended"
Social connections — which users you follow and who follows you
Notification preferences — your push notification settings
Dismissed suggestions — artists suggested from music service syncs that you chose not to follow

1.4 Device Information

When you enable push notifications, we collect:

Push notification token — a device identifier used to deliver notifications
Device name and platform — used to manage your notification registrations

1.5 Location Information

Home city coordinates — latitude and longitude of your selected home city, used to show concerts near you on the map and to identify local venues
Device location (when in use) — if you grant location permission, the App uses your location to center the map. We do not track your location in the background.

1.6 Information from Third-Party Services

If you choose to connect a music streaming service:

Spotify — with your authorization, we access your list of followed artists to suggest subscriptions. We store your Spotify access and refresh tokens securely on our servers to maintain the connection. We request only the user-follow-read permission scope.
Apple Music — (coming soon) with your authorization, we access your library artists to suggest subscriptions. A temporary authentication token is stored securely on our servers.

We do not access your playlists, listening history, or any other data from these services beyond what is described above.

2. How We Use Your Information

We use the information we collect to:

Provide the service — show you concerts, events, and festivals relevant to your subscriptions and location
Send notifications — alert you about new shows, ticket sales, presales, and friend activity based on your preferences
Enable social features — show friends-going counts on events and share attendance activity with your followers
Sync music services — import your followed artists from Spotify or Apple Music to simplify setup
Improve the App — understand usage patterns to improve features (we do not use third-party analytics or tracking services)

We do not:

Sell your personal information to third parties
Use your data for advertising
Share your data with data brokers
Use third-party analytics, tracking, or crash reporting SDKs

3. How We Share Your Information

3.1 With Other Users

The following information is visible to other Vibes.live users:

Your display name, handle, and profile photo
Your concert attendance activity (events marked "Going" or "Attended") may be visible to users who follow you
The social follow graph (who follows whom) is visible to authenticated users

3.2 With Service Providers

We use the following third-party services to operate the App:

Service	Purpose	Data Shared
Supabase	Database, authentication, file storage, server functions	Account data, subscriptions, attendance, photos
Ticketmaster	Concert and event data	Artist and venue names for search queries (no user data)
Spotify	Music library sync	OAuth tokens (with your consent)
Apple Music	Music library sync (coming soon)	Authentication tokens (with your consent)
Expo Push Notification Service	Push notification delivery	Device push tokens and notification content
OpenStreetMap Nominatim	Venue geocoding	Venue addresses (no user data)

3.3 As Required by Law

We may disclose your information if required to do so by law or in response to valid legal process.

4. Data Storage and Security

Your data is stored on Supabase infrastructure (cloud-hosted PostgreSQL database and file storage)
All data is transmitted over HTTPS (encrypted in transit)
Database access is protected by Row-Level Security (RLS) — users can only access their own data unless explicitly shared (e.g., public profile info, follow graph)
Music service tokens (Spotify, Apple Music) are stored server-side only and are never exposed to other users
Profile photos and concert photos are stored in secure cloud storage with access controls

5. Data Retention

Account data is retained as long as your account is active
Concert attendance history is retained as long as your account is active (this is a core feature of the App)
Notification logs are retained for operational purposes
Dismissed suggestions resurface after 180 days, giving you the option to reconsider
Music service tokens are retained until you disconnect the service or delete your account

When you delete your account, we delete all of your personal data, including your profile, subscriptions, attendance history, photos, notification tokens, music service connections, and social connections. Shared concert and event data (sourced from Ticketmaster) is not affected by account deletion.

6. Your Rights and Choices

6.1 Access and Control

You can:

View and edit your profile information at any time in the App settings
Disconnect Spotify or Apple Music at any time, which removes stored tokens
Manage notification preferences — enable or disable push notifications entirely, or control individual notification types
Manage social connections — follow or unfollow other users at any time
Remove attendance records — change or remove your status on any event

6.2 Account Deletion

You may delete your account at any time through the App settings. Account deletion permanently removes all of your personal data from our systems.

6.3 Data Portability

You may request a copy of your data by contacting us at the email address below.

6.4 California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect about you
Request deletion of your personal information
Not be discriminated against for exercising your privacy rights

We do not sell personal information.

6.5 European Residents (GDPR)

If you are in the European Economic Area, you have additional rights including the right to access, correct, or delete your personal data; restrict or object to processing; data portability; and withdraw consent at any time.

Our legal basis for processing your data is your consent (for optional features like music service sync and push notifications) and legitimate interest (for providing the core service).

7. Children's Privacy

Vibes.live is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy in the App and updating the "Last Updated" date above. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: privacy@vibeslive.app

10. Third-Party Links

The App may contain links to third-party websites (e.g., Ticketmaster ticket purchase pages). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.