Legal
PRIVACY
POLICY
Effective date: 26 April 2026 · Last updated: 26 April 2026
Your privacy matters to us. This Policy describes what personal data FestivPlanner collects, why we collect it, how we use and protect it, and the rights you have over it. We are committed to handling your data responsibly and transparently.
1. Who We Are
FestivPlanner ("we", "us", "our") operates the FestivPlanner web application and its associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the Service. By using the Service, you consent to the practices described in this Policy.
2. Data We Collect
We collect the following categories of personal data: • Account data: Name (or display name), email address, and profile picture, obtained through your authentication provider (Clerk, Google, or similar) when you sign up or sign in. • Discord data: If you link your Discord account, we store your Discord user ID and username to enable bot features. • Usage data: Festival picks you save or submit, groups you create or join, conflict resolutions, and notification preferences. • Communications: Messages or reports you send to us through the platform. • Technical data: IP address, browser type, and device information collected automatically through server logs and cookies for security and performance purposes.
3. How We Use Your Data
We use your data solely to: • Provide, operate, and improve the Service (scheduling, group coordination, conflict detection, bot notifications). • Authenticate your identity and maintain account security. • Send in-app and Discord notifications related to your schedule and group activity, where you have enabled them. • Detect and prevent fraud, abuse, and other violations of our Terms of Service. • Comply with applicable legal obligations. We do not use your data for advertising, behavioural profiling, or any automated decision-making that produces legal or similarly significant effects on you.
4. Data Sharing and Disclosure
We do not sell your personal data. We share data only in these circumstances: • Service providers: We use Supabase (database hosting), Clerk (authentication), Spotify (artist metadata enrichment), and Discord (bot infrastructure). Each provider receives only the data necessary to perform their service and is contractually bound to protect it. • Group features: When you participate in a group, other group members can see your submitted picks for the relevant festival. Your email address is never exposed to other users. • Legal requirements: We may disclose data if required by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights or the safety of others. • Business transfer: If FestivPlanner is acquired or merges with another entity, your data may be transferred as part of that transaction, subject to equivalent privacy protections.
5. Authentication and Third-Party Providers
We use Clerk to handle authentication. When you sign in via a third-party provider (e.g. Google), we receive basic profile information (name, email, profile picture) from that provider. We do not store your third-party passwords. Each provider's own privacy policy governs data collected directly by them. You can review Clerk's privacy policy at clerk.com.
6. Cookies and Tracking
We use session cookies required to keep you signed in and to protect against cross-site request forgery. We do not use advertising cookies or cross-site tracking technologies. Most browsers allow you to refuse cookies; however, doing so may prevent certain features of the Service from functioning correctly. We do not currently use analytics services that track individual users across the web.
7. Data Retention
We retain your personal data for as long as your account remains active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (for example, certain audit logs for fraud prevention). Festival picks and group data that contribute to aggregated, non-identifiable statistics may be retained indefinitely in anonymised form.
8. Data Security
We implement technical and organisational measures designed to protect your personal data, including: • All data in transit is encrypted using TLS. • Database access is protected by row-level security (RLS) policies — each user can only access their own data. • Authentication tokens are short-lived and verified server-side on every request. • API keys and secrets are stored as environment variables and never committed to version control. Despite these measures, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you. • Correction: Ask us to correct inaccurate or incomplete data. • Deletion: Ask us to delete your personal data (subject to legal retention requirements). • Portability: Request your data in a structured, machine-readable format. • Objection / Restriction: Object to or ask us to restrict certain processing activities. • Withdrawal of Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. To exercise any of these rights, contact us through the platform. We will respond within 30 days. We may need to verify your identity before processing your request.
10. Children's Privacy
FestivPlanner is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us and we will delete it promptly. Users between 13 and 18 should have parental or guardian consent before using the Service.
11. International Transfers
Our infrastructure providers (Supabase, Clerk, etc.) may store or process your data in countries outside your own, including the United States. Where such transfers occur, we rely on the providers' own compliance mechanisms (such as Standard Contractual Clauses or equivalent frameworks) to ensure an adequate level of protection for your data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If changes are material (such as a change in how we share data or your rights), we will provide notice via email or a prominent in-app notification at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
13. Contact and Complaints
For privacy-related requests, questions, or complaints, please contact us through the platform. If you are in the European Economic Area or United Kingdom and believe we have not handled your data correctly, you also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office — ico.org.uk).
© 2026 FestivPlanner. All rights reserved.