Privacy Policy

Booth Club (“we”, “our”, or “us”) operates TheBooth.Club, a community platform for music-driven conversation and discovery. Our platform is operated from India.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

We collect the following categories of data:

• Account data - your name and email address, provided when you create an account.
• Optional profile data - age and gender, which you may choose to provide in your profile settings.
• User-generated content - posts, takes, replies, and interactions you create on the platform.
• Usage data - information about how you use the platform, including features used, interactions made, and general device or browser information.
• Behavioral data - in-product activity such as rooms visited, time spent in conversations, posts created, ovations given, and interaction patterns with other members. This data is used to generate personalised insights about your journey on the platform (e.g. the “Echoes” feature).
• Community quality data - for curators, we compute scores based on curation activity (pins, highlights, room engagement) to maintain platform quality. For invited members, we evaluate contribution quality during an initial evaluation period.
• Approximate location - when you sign up, we automatically detect your approximate country, city, and region from your IP address. This is used for aggregated analytics only (e.g. understanding where our community is based). We do not track precise GPS coordinates or real-time location.

We do not collect payment information, government IDs, or sensitive personal data as defined under applicable law.

We use the data we collect to:

• Create and manage your account
• Provide access to platform features, rooms, and content
• Personalise your experience based on your preferences and engagement
• Send transactional communications such as account confirmations or notifications you opt into
• Maintain platform security and prevent abuse
• Analyse usage patterns to improve the platform (aggregated and anonymised where possible)
• Generate personalised reflections on your activity and growth within the community (the “Echoes” feature)
• Compute quality scores for curators to maintain community standards and accountability
• Evaluate the contribution quality of newly invited members during their initial evaluation period
• Comply with legal obligations

We do not sell your personal data. We do not run advertising programmes. We do not use your data to build profiles for third-party targeting.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your data under the following legal bases:

• Contractual necessity - processing required to provide the service you signed up for (e.g. account creation, content delivery).
• Legitimate interests - improving platform functionality, maintaining security, and understanding usage patterns.
• Legal obligation - when required to comply with applicable laws.
• Consent - for optional data (e.g. age/gender) and non-essential cookies, where applicable.

We do not sell, rent, or trade your personal data. We share data only with trusted service providers who help us operate the platform, under strict data processing agreements:

• Authentication & database - provided by Supabase, which stores account and content data on our behalf.
• Hosting & infrastructure - provided by Vercel, which serves the platform.
• Transactional email - provided by Resend, used to send account-related emails such as verification codes and notifications.
• Error monitoring - provided by Sentry, which receives anonymised error reports to help us fix bugs and maintain stability.
• Rate limiting - provided by Upstash, which processes request metadata to prevent abuse. No personal content is shared.
• Product analytics - provided by PostHog, which receives pseudonymised usage data including pages visited, feature interactions, and (with your consent) session recordings to help us understand how the platform is used and improve the experience. PostHog may set its own cookies and use local storage for this purpose.
• Music data - we use the Spotify Web API to enable song search and display album artwork. When you search for a song, your search query is sent to Spotify's servers. Album artwork images are loaded directly from Spotify's CDN (i.scdn.co) by your browser. Spotify may collect technical data (such as your IP address) when serving these images. No Spotify account or login is required.
• Email delivery - notification emails (replies, ovations, thread archives) are sent via Gmail SMTP. Your email address is processed by Google's servers for delivery. Account verification emails are sent via Resend.

As the platform grows, we may add further service providers (e.g. payments). This policy will be updated accordingly. We will never share your data with advertisers or data brokers.

We may also disclose data when required by law, court order, or to protect the rights and safety of users or the platform.

We retain your personal data for as long as your account remains active. If you delete your account, we will remove your personal data within a reasonable timeframe, except where we are required to retain it by law or for legitimate safety purposes. Anonymised, aggregated data may be retained indefinitely for analytical purposes.

Depending on your location, you may have the following rights regarding your personal data:

• Access - request a copy of the data we hold about you.
• Correction - ask us to correct inaccurate or incomplete information.
• Deletion - request that we delete your personal data.
• Portability - receive your data in a structured, machine-readable format.
• Objection / Restriction - object to or restrict certain types of processing.
• Withdraw consent - where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at info@thebooth.club. We will respond within 30 days.

We take reasonable technical and organisational measures to protect your data from unauthorised access, loss, or misuse. These include encrypted connections (HTTPS), access controls, and using industry-standard infrastructure providers. No system is completely secure; if you believe your account has been compromised, contact us immediately.

Our service providers - including Supabase, Vercel, PostHog, Spotify, Sentry, and Google (Gmail SMTP) - may process data in countries outside India and the EEA. Where applicable, we ensure that such transfers are covered by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms under applicable data protection law.

We use cookies and similar technologies to operate the platform, maintain your session, and understand how the platform is used. For full details, please see our Cookie Policy.

Booth Club is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

For any privacy-related questions, requests, or concerns, contact us at info@thebooth.club.