MyConcerts

Privacy Policy

Last updated: 18 April 2026

1. Who we are

MyConcerts is a product operated by easyCie, Rue Béribou 12, 4800 Verviers, Belgium (BCE BE 0822.429.445). We are the data controller for the personal data collected through this application.

General inquiries: info@myconcerts.be — Support & data protection: support@myconcerts.be

2. Data we collect

Depending on how you use MyConcerts, we may collect:

  • Account data: email address, display name, and profile picture — provided directly or via a third-party sign-in (Apple, Google, Spotify, Facebook).
  • Spotify data: if you connect your Spotify account, we access your recently played artists and followed artists to personalise recommendations. We do not store your listening history.
  • Location data: approximate geolocation (used only for the “Near Me” feature, with your explicit permission, never stored on our servers).
  • Usage data: concerts you mark as favourites, planning, reviews, polls, theme and language preferences.
  • Technical data: anonymised analytics (page views, country) via Vercel Analytics. No cookies, no cross-site tracking.

3. How we use your data

  • To create and manage your account.
  • To personalise concert and artist recommendations.
  • To save your favourites and preferences across devices.
  • To improve the application through anonymised analytics.
  • To send notifications about upcoming concerts (only if you opt in).

We do not sell your personal data to third parties.

4. Legal basis (GDPR)

  • Contract: processing necessary to provide the service (account, favourites).
  • Consent: Spotify connection, location access, push notifications.
  • Legitimate interest: anonymised analytics to improve the app.

5. Third-party services

  • Supabase — database and authentication (EU region).
  • Vercel — hosting and anonymised analytics.
  • Spotify API — artist and listening data (only with your consent).
  • Apple Sign In / Google Sign In / Facebook Login — authentication only; we receive only the data you authorise.

6. Data retention

Your data is retained for as long as your account is active. If you delete your account, all personal data is permanently deleted immediately (same day). Anonymised statistical data — which no longer identifies you — may be retained indefinitely under GDPR Article 89 for service improvement purposes (see “Account deletion & anonymised statistics” below).

6bis. Account deletion & anonymised statistics

You have three ways to request deletion of your MyConcerts account:

  • In-app (web & mobile) — go to your Profile, scroll to “Danger zone”, click “Delete my account”. The action is immediate and irreversible.
  • Public web form — if you can't sign in, use myconcerts.app/delete-account. We process your request within 72 hours.
  • Email — write to support@myconcerts.be. We confirm within 72 hours and delete within 30 days (GDPR art. 17).

What gets deleted: your profile, favourites, planning, reviews, media, friendships, OAuth tokens (Spotify/Facebook revoked), notification preferences and device tokens.

What is kept (anonymised only): an anonymous event is written to our churn_events table — locale, country, plan, account age in days, signup provider, and aggregate counts. It contains no user_id, no email, no name, no IP — impossible to trace back to you. Legal under GDPR Article 89 (statistical purposes).

6ter. Data portability — data export

Under GDPR Article 20, you have the right to receive a copy of your personal data in a structured, machine-readable format (JSON). To request an export:

  • Write to support@myconcerts.be from the email address linked to your account.
  • Our admin generates a JSON with all your data and emails you a download link valid for 24 hours. Typical delay: under 72 hours (legal maximum: 30 days).
  • The export covers 15+ data tables: profile, favourites, planning, reviews, polls, friendships, Spotify/Facebook data, notifications.

7. Your rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (without affecting prior processing).

To exercise any of these rights, contact us at info@myconcerts.be. You may also lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

8. Security

All data is transmitted over HTTPS. Authentication tokens are managed securely by Supabase Auth. We do not store passwords in plain text.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice.