Riff Circle
Privacy Policy
Operator: [Riff Circle LLC] (“Riff Circle,” “we,” “us”).
Effective date: [DATE] · Contact: privacy@riffcircle.comRiff Circle is intended for users in the United States and for people 18 and older. If you access Riff Circle from outside the United States, you consent to processing your information in the United States, where privacy laws may differ from those where you live.
1. Information we collect
You provide:
- Account: email, password (stored only as a salted hash), name (first/middle/last), and an 18+ attestation (we record that you confirmed you are 18 or older — we do not collect your date of birth).
- Profile: bio, profile & cover images, social links (Bluesky/Twitter/TikTok/ SoundCloud), instruments, genres, gig rates, availability flags.
- Location: city/state, and—if you choose—precise latitude/longitude or address. You can mark your address private; we then publish only a fuzzed/approximate location.
- Content: events you create, event images, questions/answers, and media you embed (YouTube/SoundCloud).
Collected automatically:
- Session data: IP address and user-agent, stored with your login sessions.
- Error/diagnostic data via Sentry.
From third parties:
- If you sign in with Google, we receive your basic profile (name, email) and OAuth tokens.
2. How we use it
To provide and operate the Service; authenticate you; show you and others relevant musicians/events near a location; send transactional emails (verification, invites, notifications — controllable via your notification settings); maintain safety and moderation (reports, blocks, bans); and diagnose errors.
We use precise location only to power discovery/maps; we publish a fuzzed location for users who keep their address private.
3. How we share it (our processors)
We do not sell your personal information. We share data with service providers who process it on our behalf:
| Processor | Purpose | Data |
|---|---|---|
| Supabase | Database + image storage | All account/app data; uploaded images (public URLs) |
| Resend | Sending email | Email address, message content |
| Sentry | Error monitoring | Diagnostic data, IP, possibly limited PII in errors |
| OAuth sign-in | Auth profile + tokens | |
| Geoapify | Address autocomplete / geocoding (+ map tiles) | Search queries, approximate location |
| [Vercel / host] | Hosting | Request data, IP |
We may also disclose information to comply with law, enforce our Terms, or protect safety.
4. Public visibility of your profile & content
Riff Circle is a public discovery platform. Your profile (name, photo, bio, social links, instruments/genres, and your approximate location) and the events you post are visible to anyone on the internet without an account, and individual pages can be reached by direct link. Profile, cover, and event images are stored at public URLs. Treat anything you add as potentially public.
You control this: turn off “Appear in musician search” in your profile to remove yourself from discovery, mark your address private to share only a fuzzed/approximate location, or delete your account at any time. We ask search engines not to index individual profile pages, but we can’t guarantee third parties never cache content that was public.
5. Your choices and rights
- Delete your account any time in the app; we delete or anonymize your personal information.
- Access or export your data: email privacy@riffcircle.com and we’ll respond manually.
- Notification emails: turn off via your settings. Some essential account/transactional emails cannot be disabled while you have an account.
- Location: keep your address private to share only a fuzzed location.
California residents: we are below current CCPA/CPRA thresholds, but you may still email us to exercise access/deletion. We treat precise geolocation as sensitive.
6. Data retention
We keep your information while your account is active. After deletion we remove or anonymize personal data, except where we must retain limited records for legal, security, or abuse-prevention purposes. Deleted data may persist in encrypted backups for a limited period before those backups are rotated out. Session logs (IP/user-agent) are retained for [N days] and then purged.
7. Security
We use hashed passwords, encrypted OAuth-token storage, access controls, rate limiting, and HTTPS. No system is perfectly secure; in the event of a breach we will notify affected users and regulators as required by Florida’s Information Protection Act (within 30 days).
8. Children
Riff Circle is not for anyone under 18. We do not knowingly collect information from minors and will delete such accounts on discovery.
9. Cookies
We use strictly necessary cookies for login/sessions. We do not use advertising or cross-site tracking cookies. Pages that show embedded third-party media (YouTube, SoundCloud) load content from those providers, which may set their own cookies governed by their privacy policies; we use YouTube’s privacy-enhanced (no-cookie) mode where available.
10. Changes
We’ll post updates here and revise the effective date; material changes will be notified in-app or by email.
Contact
- privacy@riffcircle.com
- [Riff Circle LLC business/registered-agent address]