Privacy Policy

1. Introduction

SetBook (“we”, “us”, “our”) operates the set-book.com website and the SetBook mobile application (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Account information: When you create an account we collect your email address, username, and password (hashed — we never store plaintext passwords).

Profile information: You may optionally provide your name, photo, bio, location, skills, phone number, and social media links. All profile fields beyond email and username are optional.

Content you create: Songs (charts), setlists, gigs, notes, and any other content you enter into the Service.

Contacts: If you choose to invite friends by phone number, the app may access contact information you provide. We do not bulk-upload or store your device address book.

Identifiers: We generate a unique user ID for your account. On mobile devices, we may collect a device identifier for push notifications. We do not use identifiers for advertising or tracking.

Usage data: We collect basic server logs (IP address, browser/device type, pages visited) to operate and secure the Service. We do not use third-party analytics or tracking pixels.

Payment data: Subscription payments are processed by Stripe. We do not store your credit card number. Stripe may collect billing details as described in Stripe's Privacy Policy.

3. How We Use Your Information

We use your information solely to:

• Provide, maintain, and improve the Service
• Authenticate your account and keep it secure
• Send transactional emails and SMS (gig invites, friend requests, subscription reminders)
• Display your profile to bandmates and, if you opt in, to the public
• Process subscription payments via Stripe
• Respond to support requests

We do not sell, rent, or share your data with advertisers. We do not display ads.

4. Data Sharing

We share your data only in these limited circumstances:

• With your bandmates: Content you share (charts, setlists, gig details) is visible to the bandmates you explicitly invite or share with.
• Public profiles: If you enable a public profile, your name, bio, social links, and public charts are visible to anyone.
• Service providers: We use Supabase (database & auth), Stripe (payments), Resend (email), Twilio (SMS), and Vercel (hosting). These providers process data on our behalf under their own privacy policies.
• Legal requirements: We may disclose data if required by law or to protect the rights, safety, or property of SetBook or its users.

5. Data Storage & Security

Your data is stored on Supabase infrastructure (hosted on AWS) in the United States. We use row-level security (RLS) policies to ensure users can only access their own data. All connections are encrypted via TLS. Passwords are hashed using bcrypt.

6. Data Retention

Your data is retained as long as your account is active. When you delete content (songs, setlists, gigs), it is soft-deleted and moved to your Trash for 14 days, after which it is permanently purged.

When you delete your account, all your data is permanently removed. We retain only your email address in a hashed form to prevent abuse of the free trial system.

7. Your Rights

You have the right to:

• Access your data — everything you enter is visible in the app
• Correct your data — edit your profile, songs, setlists, and gigs at any time
• Delete your data — delete individual items or your entire account from Settings
• Export your data — contact us at [email protected] and we will provide a copy
• Opt out of email and SMS notifications from Settings

If you are a resident of the European Economic Area (EEA), you have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

If you are a California resident, you have rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. We do not sell personal information.

8. Cookies & Local Storage

We use browser local storage to persist your authentication session and language preference. We do not use third-party cookies, advertising cookies, or tracking cookies of any kind.

9. Children's Privacy

SetBook is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we will promptly delete it.

10. SMS & Push Notifications

We may send transactional SMS messages (gig invites, reminders) and push notifications if you enable them. You can opt out of SMS by replying STOP or from your Settings page. You can disable push notifications in your device settings.

We never send marketing or promotional messages. All notifications are directly related to your account activity.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the app. Your continued use of the Service after changes constitutes acceptance of the updated policy.