Privacy Policy

1. Introduction

Mystery Gigs ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our website and services.

By using Mystery Gigs, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, username, password
• Profile Information: Display name, location (city/country), profile picture, bio
• Preferences: Music genre preferences, notification settings
• Activity Data: Artists you follow, venues you follow, events you RSVP to

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on site
• Device Information: Browser type, operating system, IP address
• Cookies: See our Cookies section below

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Create and manage your account
• Process your event RSVPs
• Send you notifications about events and artists you follow
• Personalize your experience with event recommendations
• Communicate with you about service updates
• Improve our services and develop new features
• Detect and prevent fraud or abuse

4. Cookies and Tracking

4.1 Essential Cookies

We use essential cookies to provide core functionality. These cookies are necessary for the service to work and do not require consent:

• auth-storage: Stores your login session (expires after 30 days)
• artist-storage: Stores your followed artists and discovery preferences (localStorage)

4.2 Analytics Cookies (Future)

When we implement analytics, we will ask for your consent before setting any non-essential cookies. You will be able to opt-out at any time.

5. How We Share Your Information

We do not sell your personal data. We may share data with:

• Service Providers: AWS (hosting), email services (transactional emails only)
• Event Organizers: Your name and RSVP status (for capacity management)
• Legal Requirements: If required by law or to protect our rights

6. Data Security

We implement security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing (AWS Cognito)
• Regular security audits
• Limited employee access to personal data

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Data Portability: Receive your data in a portable format
• Withdraw Consent: Stop processing based on consent
• Object: Object to certain processing activities

To exercise these rights, contact us at privacy@mysterygigs.org

8. Data Retention

We retain your data for as long as:

• Your account is active
• Necessary to provide our services
• Required by law (e.g., tax records)

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal reasons.

9. Children's Privacy

Our services are not intended for users under 16 years old. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA where our service providers operate (e.g., AWS data centers). We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or requests, contact: