Privacy Policy

This Privacy Policy explains how UpNext DJ ("we", "us", or "our") collects, uses, and protects your information when you use the UpNext DJ mobile application and UpNext DJ Host desktop application for macOS (collectively, the "Service").

Information We Collect

Data Linked to Your Identity

The following data is collected and linked to your user account:

User ID

• What we collect: Unique identifier from Firebase Authentication (whether you sign in with Apple or use the mobile app anonymously)
• Purpose: To authenticate you, enable core app features, and sync your data across devices

User Content

• What we collect: Event names you create, song requests you submit, votes you cast, and any other content you contribute within the Service
• Purpose: To provide the core functionality - displaying events, managing song queues, counting votes, and creating playlists

Purchase History & Subscription Data

• Mobile App: Records of in-app purchases (vote credits) processed through Apple's App Store
• Desktop App: Subscription status (tier, activation date, expiration date), payment method details (stored by Stripe, not by us), and transaction records for monthly, yearly, or lifetime subscriptions
• Purpose: To track your purchased vote credits, manage your subscription status, provide access to premium features, and process billing

Payment Information

• What we collect: For desktop app subscriptions, we use Stripe to process payments. Stripe collects and stores your payment card details, billing address, and transaction history. We only receive limited information from Stripe (customer ID, subscription status, last 4 digits of card) and do not have access to your full payment card information.
• Purpose: To process subscription payments, manage billing, and verify subscription status

Usage Data

• What we collect: Information about how you interact with the Service, including features used, session duration, and interaction patterns via Firebase Analytics
• Purpose: To analyze user behavior, improve performance, evaluate feature effectiveness, and ensure functionality

Crash Data

• What we collect: Crash reports, stack traces, device model, and OS version via Firebase Crashlytics
• Purpose: To identify and fix bugs, improve app stability, and ensure reliable functionality

Data Not Linked to Your Identity

Device Identifiers

• What we collect: Firebase Installation IDs (automatically generated by Firebase SDK) and device identifiers for desktop app license management
• Purpose: To enable basic functionality like push notifications, cloud messaging, and prevent subscription sharing
• Note: These identifiers are not connected to your user account or personal information

Third-Party Services

We use the following third-party services to operate the Service:

• Firebase (Google): Authentication, cloud database (Firestore), analytics, crash reporting, cloud functions, and push notifications
• Apple Services: Sign in with Apple, Apple Music API (for playlist creation), StoreKit (for mobile in-app purchases), and App Store
• Stripe: Payment processing for desktop app subscriptions. Stripe handles all payment card information securely. We never see or store your full payment card details. View Stripe's privacy policy at https://stripe.com/privacy

These services may collect additional data as described in their respective privacy policies. We do not control how these third parties handle your data.

How We Use Your Information

We use the collected information for the following purposes:

• App Functionality: To authenticate users, display events and song requests, process votes, manage playlists, handle purchases, verify subscription status, and deliver core features
• Billing & Subscriptions: To process payments, manage subscriptions, send billing notifications, and handle refunds through Stripe
• Analytics: To understand how users interact with the Service, measure feature effectiveness, and plan improvements
• Stability & Performance: To identify crashes, fix bugs, optimize performance, and ensure server uptime
• Customer Support: To respond to your questions, resolve technical issues, and process refund requests

Data Sharing

We do not sell your personal data.

We do not use your data for cross-app tracking or third-party advertising. Your data is only shared with:

• Firebase/Google: As necessary to provide backend services (authentication, database, analytics, crash reporting)
• Apple: For Sign in with Apple authentication, Apple Music playlist creation, and mobile in-app purchase processing
• Stripe: For desktop app subscription payment processing. Stripe receives your payment information, billing address, and transaction details to process payments securely
• Other Users: Content you create (event names, song requests, votes) is visible to other users participating in the same event
• Legal Requirements: We may disclose your information if required by law, court order, or government request

Data Retention

• User Content: Event data, song requests, and votes are stored in Firebase Firestore for as long as the event is active. You can delete your events at any time within the app
• Subscription Data: Subscription status and payment history are retained for as long as your subscription is active, plus up to 7 years after cancellation for tax and legal compliance purposes
• Analytics & Crash Data: Automatically deleted by Firebase after a limited retention period in accordance with Google's data retention policies (typically 2-14 months)
• User Accounts: If you delete your account, associated user data will be permanently deleted within 30 days. Subscription and payment records may be retained longer for legal compliance
• Payment Information: Stored by Stripe according to their data retention policies. We do not store full payment card details

Your Rights

You have the following rights regarding your data:

• Access: Request a copy of the data we have about you
• Deletion: Delete your account and associated data through the app settings or by contacting us. Note that subscription and payment records may be retained for legal compliance
• Correction: Update or correct your information within the app or by contacting us
• Opt-Out: You cannot opt out of essential data collection required for app functionality, but you may delete your account if you wish to stop using the Service
• Payment Data: To update or delete payment information, log into your Stripe customer portal (accessible from app settings) or contact us for assistance

Children's Privacy

UpNext DJ is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Security

We implement industry-standard security measures to protect your data, including:

• Firebase App Check for API security
• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via Firebase Auth and Sign in with Apple
• Server-side validation and security rules
• PCI DSS compliant payment processing through Stripe
• Regular security audits and monitoring

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our servers and third-party service providers are located. These countries may have different data protection laws than your country. By using the Service, you consent to the transfer of your information to these countries.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this policy and, for material changes, by sending an email or displaying a notice in the app. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

Email: djbkruz@gmail.com

For subscription and billing inquiries, you may also manage your subscription through the desktop app settings or the Stripe customer portal.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to Know: You can request information about what personal information we collect, use, disclose, and sell
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your rights, contact us at the email above. We will verify your identity before processing requests.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at the email above. You also have the right to lodge a complaint with your local data protection authority.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide the Service and fulfill subscription agreements
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Legal Obligations: To comply with tax, accounting, and legal requirements
• Consent: For analytics and marketing communications (where required)