Policy
Privacy Policy
Last updated 2026-05-18
ConcertQueue is a Denver concert-discovery app operated solo by AJ. This document explains what data ConcertQueue collects, how we use it, and what controls you have over it.
Questions about this policy: support@concertqueue.com.
1. What we collect
1.1 Account data
- Email address: collected when you sign in (via Sign in with Apple, Sign in with Google, or magic-link). Used to identify your account, send you a magic-link if you choose that path, and notify you of important account changes. If you use Sign in with Apple's "Hide my email" relay, we store the relay address Apple gives us; we don't see your real email.
- Apple user identifier (
sub): if you sign in with Apple, we store the stable per-user identifier Apple provides so we can recognize you on subsequent sign-ins. - Google user identifier (
sub): if you sign in with Google, we store the stable per-user identifier Google provides so we can recognize you on subsequent sign-ins. - Username: the @handle you pick during onboarding (2–20 lowercase letters / digits / underscores). Visible to other users.
- Display name: the name you choose to display. Visible to other users.
- Profile photo: if you upload one. Stored on Cloudflare R2. Pre-screened for inappropriate content via an automated check before upload.
- Sign-up source: which authentication path you used to create your account (Apple, Google, magic-link, or invite). Internal-only signal used to track which sign-in flows are popular.
- Inviter: if you signed up by tapping someone else's share link, we record which existing user invited you so we can auto-friend the two of you on the spot. Not currently exposed publicly.
- Public-schedule preference: a flag you can toggle in Settings → Share my schedule. When ON, your upcoming Going + Interested shows are visible on your public profile page to anyone with your link. Default is OFF (only header counts visible).
1.2 Usage data
- Swipe decisions: your Going / Interested / Pass choices on each show. Going and Interested are visible to your accepted friends; Pass is private to you.
- Attendance confirmations: the morning after a show you marked Going, we may send a push notification asking whether you actually attended. Your answer (yes / no / unanswered) is stored alongside the original Going commitment. Used to distinguish "claimed Going" from "confirmed attended" for your friends and for aggregate analytics; the per-row answer is visible to your accepted friends in the same way the Going commitment was.
- Friendships: which other users you're friends with. Mutual-friend counts are visible to other users; the friend list itself is visible only to accepted friends.
- Ticket-link clicks: when you tap "Buy Tickets," we record the click for analytics and to substantiate qualified-traffic value to potential ticketing partnerships.
- Session pings: when you open the app we record a lightweight "session" row used for aggregate DAU/WAU/MAU counts. We do not track per-session activity.
1.3 Device data
- APNs device token: required to send push notifications. Stored only while you have notifications enabled.
- App version, iOS version, and device model: included in session pings for support and analytics.
1.4 Moderation data
- Content reports: if you report another user, we record the report with your user ID, the target user ID, the reason, and any details you provide. Used to action the report.
- User blocks: if you block another user, we record the block so we can hide them from your discovery surfaces. They are not notified that you blocked them.
- Show corrections: if you flag a wrong genre / date / venue / etc. on a show, we record the correction so an admin can review and apply it.
2. What we do NOT collect
- Location data: we do not request or use any location permission. Denver-area shows are a global setting, not based on your phone's location.
- Contacts: we do not access your phone's contacts.
- Photos: beyond the single profile photo you optionally upload, we do not access your photo library.
- Microphone, camera, motion data: we don't request these permissions.
- Browsing history or activity in other apps: we have no third-party SDKs that track you across other apps or websites.
- Financial information: we don't process payments. Ticket purchases happen on the ticketing provider's site, not ours.
3. How we use your data
| Data | Used for |
|---|---|
| Authentication, account-related notifications | |
Apple sub | Recognizing you across Apple Sign In sessions |
Google sub | Recognizing you across Sign in with Google sessions |
| Username, display name, avatar | Showing you to other users in friend search, profile views, and friend lists |
| Swipe decisions | Building your personalized calendar; computing social signal ("3 friends going to this show") |
| Attendance confirmations | Distinguishing "claimed Going" from "confirmed attended" for friends and aggregate analytics |
| Friendships | Routing friend-aware features (mutual counts, friend activity in feeds, push notifications about friend activity) |
| Sign-up source / Inviter | Aggregate attribution analytics; auto-friending the inviter when you signed up via their share link |
| Public-schedule preference | Controlling whether your upcoming shows render on your /@username share page |
| Ticket clicks | Aggregate analytics for ticketing partnership pitches |
| Session pings | Aggregate DAU/WAU/MAU for product health |
| APNs device token | Sending push notifications you've opted into |
| Reports, blocks, corrections | Moderating the catalog and the user base |
We do not use any of this data for cross-app advertising, behavioral targeting, or sale to third parties.
4. Third-party services
| Service | Purpose | Data sent |
|---|---|---|
| Apple | Sign in with Apple, Push Notifications | Identity token (for verification), device token (for push) |
| Sign in with Google | OIDC ID token (for verification). When you tap "Sign in with Google," Google sees that you're signing in to ConcertQueue and returns your email, name, and a stable identifier to us. Google does not receive any of your in-app activity. | |
| Cloudflare R2 | Profile-photo hosting | Your uploaded photo, processed to WebP at 256×256 |
| Resend | Transactional email (magic-link sign-in) | Your email address, magic-link URL |
| Anthropic Claude | Genre classification of public show metadata + automated avatar pre-screening | Show titles + artist names (public concert data) + your uploaded avatar bytes (one-off NSFW screening; not retained by Anthropic) |
| Ticketmaster | Public show metadata (when applicable) | None of your personal data. Outbound public catalog reads only. |
These services are bound by their own privacy policies. None of them are used for tracking you across other apps.
5. Your controls
- Delete your account: Settings → Danger Zone → Delete account. Type-to-confirm required. This permanently deletes your user row and cascades to your swipe decisions, friendships, device tokens, reports, blocks, and corrections.
- Reset your swipes: Settings → Danger Zone → Reset my schedule. Wipes your Going / Interested / Pass decisions without deleting your account.
- Block another user: User profile → menu → Block. They will not see you in search and you will not see them in any discovery surface.
- Report content: User profile → menu → Report, or any show → menu → Report a problem. Reports go to an admin who reviews them within 24 hours.
- Manage push notifications: Settings → Notifications, plus your phone's system Settings → ConcertQueue.
- Remove your profile photo: Settings → Profile photo → Remove. The image is dereferenced from your row immediately.
- Sign out: Settings → Sign out. Clears your authentication token from this device.
- Change your username: Settings → Username. One change is allowed; the handle locks after that.
- Make your schedule public or private: Settings → Share my schedule. Toggling this OFF reverts your /@username public page to header counts only. Toggling ON exposes your upcoming Going + Interested shows to anyone with your link. Past shows never appear publicly. Default is OFF.
- Answer or skip attendance prompts: the morning-after "Did you go?" sheet is optional. You can dismiss it anytime; unanswered rows just stay unanswered. You can disable all push notifications via the controls above to stop the prompt push.
5.1 What people see on your public profile page
Your /@username page is a public web page at app.concertqueue.com/@yourhandle. It always shows: your display name, your @handle, your profile photo (if you have one), and aggregate counts of your Going + Interested shows. When you turn on "Share my schedule" in Settings, the page additionally renders your upcoming shows.
A small image preview (1200×630 PNG) is generated server-side at /@username/og.png and referenced via Open Graph meta tags. This image renders the same data the page shows: avatar, name, top three upcoming Going shows (only when public-schedule is ON). iMessage / Twitter / Slack request this image when someone shares your link. The image is cached at the network edge for 1 hour.
Profile pages for users with the hidden-from-search flag (typically: admin or internal accounts) return 404 to deny direct access. Toggling public-schedule OFF does not hide the page itself — only the list of shows.
6. Data retention
- Active accounts: we retain your account data for as long as you have an account.
- Deleted accounts: when you delete your account, your account data is purged. Some derived analytics (anonymized ticket-click counts) are retained as we no longer have a user identifier attached.
- Magic-link tokens: expire after 10 minutes.
- Session pings: retained indefinitely for the foreseeable future; a 90-day rolling window will be introduced before this volume becomes meaningful.
7. Children's privacy
ConcertQueue is rated 17+ on the App Store. Concert metadata may reference alcohol, late hours, and similar themes appropriate for adult audiences. We do not knowingly accept signups from users under 13. If you believe a minor has created an account, email support@concertqueue.com and we will delete it.
8. Security
- All data in transit is encrypted via HTTPS / TLS.
- Authentication uses JWTs signed with a server-side secret. Apple Sign In tokens are verified against Apple's published public keys before any account is created or read.
- We do not store passwords (we don't support password authentication).
- Profile photos are pre-screened by an automated content classifier before upload, then EXIF-stripped and resized to 256×256.
9. Changes to this policy
If we make material changes to this policy, we'll update the "Last updated" date at the top and surface a notice on the next app launch.
10. Contact
Email: support@concertqueue.com
Operator: AJ, Denver, Colorado
We commit to responding to data-deletion requests within 7 days.