Privacy Policy – Tripsittr Dashboard (Authenticated App)

1) Who We Are & Contact

Controller: Tripsittr LLC, 2016 W Spur Drive, Phoenix, AZ 85085, USA. Contact: blaze@tripsittr.com.

2) What We Process in the App

Depending on how you use the App and your tenant’s settings, we may process:

• Account & Team Data – Name, email, password (hashed), phone, avatar, role, team memberships/permissions.
• Music & Catalog Metadata – Song and album titles, descriptions, release dates, genres, credits, ISRC/UPC (if provided), external links (e.g., streaming urls), track ordering, playlist curation data.
• Images & Artwork – Album covers, artist photos, promotional images you upload or link. (If file uploads are disabled in your tenant, only metadata/links are stored.)
• Audio & Media References – Pointers to audio files or streaming links you supply. We do not alter audio content; where uploaded, storage is for your management purposes only. Where only links are used, we store link metadata.
• Events & Scheduling – Calendar entries, venues, set lists, schedules, reminders, and related logistics you add.
• Social & Integrations – If connected, tokens/IDs to authorized third-party services (e.g., Spotify, Facebook) and related mapping data to enable features you request. We store only what’s necessary to maintain the connection and scope you granted.
• Billing & Subscription – Plan, status, and Stripe customer/subscription IDs. Full payment details are handled by Stripe; we do not store your full card data.
• Usage & Technical Logs – IP address, user agent, device and request metadata, error logs (e.g., Flare), session cookies, security/CSRF tokens, and limited audit events to keep the App reliable and secure.

3) How We Use Information

• Provide core App features: catalog management, event scheduling, team workflows, notifications, and dashboards.
• Operate, maintain, and secure the App; detect abuse or misuse; troubleshoot; and improve performance.
• Enable integrations you connect (e.g., obtaining Spotify tokens for playlists/metadata you choose to sync).
• Manage subscriptions, trials, and billing via Stripe.
• Provide support and respond to requests from you or your team admins.

4) Your Content & Intellectual Property

• Your Content is Yours. You (or your licensors) retain ownership of all content you upload or link in the App, including music, audio files, artwork, images, albums, photos, events, and related materials.
• No Sale or Licensing by Us. We do not claim, sell, license, or otherwise monetize your content. Processing is solely to provide App features you request.
• Your Responsibility. You are responsible for ensuring you have the rights/permissions to store and manage content in the App and to use third-party integrations.

5) Cookies & Similar Technologies

The App uses essential cookies and similar technologies for authentication (session), CSRF protection, security, and basic preferences. We do not use advertising cookies in the App. If future analytics are added, they will be limited to service improvement and announced with controls.

6) Sharing & Service Providers

We do not sell personal information or content. We share only as described:

• At Your Direction: When you connect or use integrations (e.g., Spotify, Facebook), we use the tokens/permissions you grant to perform the actions you request.
• Service Providers: Vendors under contract who support the App, including:
  • Stripe (billing/payments),
  • Mailgun (email delivery),
  • Hosting/DevOps: DigitalOcean infrastructure via Forge & GitHub; GoDaddy (domain),
  • Flare (error monitoring/logging).
• Legal/Safety: If required by law or to protect rights, property, users, or the App.

7) Data Retention

• Account and team data are retained while your account/tenant is active. Upon deletion requests or tenant closure, data is deleted or anonymized within a reasonable timeframe, subject to legal or operational obligations.
• Content (music metadata, images, events) remains until you or your admins delete it, or the tenant is closed.
• Technical/error logs may be retained for a limited period for security and reliability.
• Billing records are retained as required for accounting/legal compliance.

8) Multi‑Tenant Isolation

The App is tenant-aware. Your data is logically isolated by team/tenant. Access is restricted by authentication and authorization checks. We regularly review access controls to maintain proper separation.

9) Security

We use HTTPS and reasonable administrative, technical, and physical safeguards, including hashed passwords, CSRF protections, session management, and least-privilege access. No system is perfectly secure. If we learn of a security issue affecting you, we will notify you and take appropriate steps.

10) International Transfers

The App is hosted in the United States. If you access it from outside the U.S., your information may be transferred to and processed in the U.S. Where required, we use appropriate safeguards with our service providers.

11) Your Privacy Rights

Depending on your location, you may have rights under GDPR/UK GDPR (access, rectification, deletion, restriction, portability, objection) and under California law (right to know/access, delete, correct, opt‑out of sale/share – we do not sell/share for advertising). To exercise rights, contact blaze@tripsittr.com. We may verify your request before completing it.

12) Children’s Privacy

The App is intended for individuals 13+ (or 16+ in the EU/UK). Users under the legal signing age must have a parent/guardian manage the account. We do not knowingly collect data from children under these ages.

13) Changes

We may update this policy from time to time. We will post updates with a new “Last updated” date. Your continued use after changes become effective signifies acceptance.

14) Contact

Questions or requests: blaze@tripsittr.com.