Privacy Policy

Who we are

BandJam (“we,” “us,” or “our”) is a social music competition app where friends create leagues, submit tracks, and vote.

Data we collect

• Account info: email, display name/username, password stored via Firebase Authentication, and optional profile image.
• Game activity: leagues joined/created, submissions, guesses, votes, chat messages, comments, reactions, and in-app preferences (including notifications).
• Music services (optional): Apple Music or Spotify tokens/IDs used to play previews; we do not store your Apple/Spotify password.
• Device & app info: device model, OS version, app version, and basic diagnostics/logs for performance and debugging.
• Support messages: information you provide when you contact us.

How we use your data

• Operate BandJam features (leagues, submissions, voting, chat, results, leaderboards).
• Personalize your experience (showing your leagues, friends, and history).
• Maintain security, prevent abuse, and troubleshoot issues.
• Send essential notifications (invites, results); you can manage notification settings in-app or at the OS level.
• Comply with legal obligations.

Legal bases (EEA/UK)

• Performance of a contract (running the app and its features).
• Legitimate interests (security, service improvement).
• Consent where required (push notifications, linking Apple Music/Spotify).

How we share data

• Service providers: Firebase (auth, database, storage), Apple Music, Spotify, and notification services—only to operate the app.
• Social features: your display name, avatar, submissions, votes, and chat messages are visible to participants in your leagues.
• Compliance and safety: when required by law or to protect rights, safety, and security.

We do not sell your personal data.

Authentication Options

BandJam offers multiple ways to create and access your account:

• Sign in with Apple: Our recommended privacy-focused option that limits data collection to your name and email address (if you choose to share it). You can keep your email address private from BandJam by selecting "Hide My Email" during setup. Sign in with Apple does not collect your app interactions for advertising purposes.
• Email and Password: Create an account directly with BandJam using your email address and a password.

Apple Music and Spotify

• Tokens are used only to play previews and associate tracks with submissions.
• You can revoke access anytime in Apple/Spotify account settings; revoking may disable music playback in BandJam.

YouTube API Services

BandJam uses YouTube API Services to create and link YouTube Music playlists for the songs submitted in your leagues. By using BandJam, you acknowledge and agree to the YouTube Terms of Service. You can review how Google handles data it receives via these APIs in the Google Privacy Policy.

What we send to and receive from YouTube API Services on your behalf:

• Track identifiers (song titles, artist names, ISRCs) used to look up matching videos and assemble a per-round playlist.
• The resulting playlist URL or playlist ID, which we store in BandJam so members can open the playlist for that round.

BandJam does not request access to your personal YouTube account, your YouTube watch history, or your YouTube subscriptions. The lookups happen using credentials owned by BandJam, not yours.

When you tap a YouTube link inside BandJam, the playlist opens in YouTube or YouTube Music (in the app or in your browser). At that point YouTube may set or read cookies and similar technologies, and may collect information directly from your device under the Google Privacy Policy. You can revoke BandJam's access to the YouTube API Services at any time via the Google security settings page at https://security.google.com/settings/security/permissions.

Cookies, on-device storage, and similar technologies

BandJam, and the third-party services it integrates with (including YouTube API Services, Google, Apple Music, Spotify, and Firebase), store, access, and collect information directly or indirectly on or from your device. This includes placing, accessing, or recognizing cookies, local storage, identifiers for advertising or analytics, secure tokens, and similar technologies. We use these to:

• Keep you signed in and remember in-app preferences.
• Cache images and other content so the app loads quickly offline.
• Diagnose crashes and measure performance.
• Authenticate requests to Firebase, Apple Music, Spotify, and the YouTube API.

You can clear local app data through your device's app settings, and you can manage browser cookies set by YouTube or Google when you open a YouTube playlist link in your browser.

Data retention

• We keep account and league data while you have an account or as needed to operate the service.
• We delete or de-identify data when it is no longer needed or after you request deletion, unless we must keep it for legal reasons.

Your choices

• Manage notifications in BandJam or your device settings.
• Disconnect Apple Music/Spotify in their account settings (and in-app if available).
• Request access, correction, export, or deletion of your data by contacting us.
• Opt out of marketing (if sent) via unsubscribe links or by contacting us.

Security

We use industry-standard security measures, including Firebase Authentication and transport encryption. No method of transmission or storage is 100% secure.

Children

BandJam is not directed to children under 13 (or the minimum age in your region). If we learn we have data from a child, we will delete it.

International transfers

Data may be processed in countries where we or our providers operate (including the US). Where required, we use appropriate safeguards.

Changes to this policy

We may update this policy from time to time. We will notify you of material changes (for example, via in-app notice or email).

Contact

Email: support@bandjam.app