Privacy Policy
Last Updated: January 18, 2025
Welcome to The Scene ("App," "Service," "we," "us," or "our"). Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.
Please read this Privacy Policy carefully. By using The Scene, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
Summary of Key Points
| What We Collect | Why | Who Sees It |
|---|---|---|
| Apple ID | Authentication | Only us |
| Account recovery, communications | Only us | |
| Location | Check-ins, venue discovery | Aggregated only (anonymized) |
| Check-in history | Service functionality | Only you |
| Device token | Push notifications | Only Firebase for delivery |
| Profile photo | Personalization | Only you |
| Trust score | Data integrity | Internal use only |
1. Information We Collect
We collect information in several ways: information you provide directly, information collected automatically, and information from third parties.
1.1 Information You Provide Directly
Account Information:
- Apple ID (used for authentication)
- Email address (if provided through Apple Sign-In or profile settings)
- Display name
- Profile photo (avatar)
- Home city and current city
User Activity:
- Check-ins to venues (including timestamp)
- Intents (planned visits to venues)
- Notification preferences
- Venue-specific alert settings
1.2 Information Collected Automatically
Location Data:
- Precise geolocation when checking in to venues
- Approximate location for venue discovery features
- Distance from venues during check-in
Device Information:
- Device type and model
- Operating system and version
- Unique device identifiers
- Push notification tokens
- App version
Usage Data:
- Features accessed
- Time spent in the App
- Interaction patterns
- Error logs and crash reports
1.3 Derived Information
Trust Score:
We calculate a trust score based on your usage patterns, including consistency of check-ins with stated intents, geographic plausibility of check-ins, and historical accuracy of your contributions. This score helps maintain data integrity and does not reflect any judgment about you as a person.
1.4 Information from Third Parties
Apple Sign-In:
When you authenticate using Apple Sign-In, we receive: Apple User ID (unique identifier), email address (if you choose to share it), and name (if you choose to share it). We do not receive your Apple password or have access to your Apple account.
2. How We Use Your Information
2.1 Providing the Service
- Create and manage your account
- Enable check-ins and intent features
- Display nearby venues based on your location
- Calculate and display real-time crowd levels
- Process and display user-generated content
- Send push notifications based on your preferences
2.2 Safety and Integrity
- Detect and prevent fraud, abuse, and fake check-ins
- Enforce our Terms of Service
- Protect users from harmful or illegal activity
- Maintain data accuracy through trust scoring
2.3 Improving the Service
- Analyze usage patterns to improve features
- Identify and fix bugs and technical issues
- Develop new features and functionality
3. How We Share Your Information
We do not sell your personal information.
3.1 Aggregated and Anonymized Data
We share aggregated, anonymized data about venue activity (crowd levels, trends, popular times). This data cannot be used to identify individual users. Example: "35 people are currently at Venue X" is displayed without revealing who those people are.
3.2 Service Providers
We share information with third-party vendors who perform services on our behalf:
- Amazon Web Services (AWS): Cloud hosting, file storage, content moderation
- MongoDB Atlas: Database hosting
- Firebase (Google): Push notifications
- Apple: Authentication
- Redis: Caching and real-time features
3.3 With Venue Owners (Business Accounts)
Venue owners may receive aggregated, anonymized analytics:
- Total check-in counts
- Intent counts (how many people plan to visit)
- Peak times and trends
Venue owners do NOT receive individual user identities, specific user check-in information, or personal contact details.
4. Third-Party Services
4.1 Apple Sign-In
We use Apple Sign-In for authentication. Apple may share your name and email based on your preferences. You can choose to hide your email (Apple generates a private relay email). Apple's privacy practices are governed by Apple's Privacy Policy.
4.2 AWS Rekognition (Content Moderation)
Automatically scans uploaded images for inappropriate content. Detects nudity, violence, drugs, hate symbols, and disturbing content. No human review unless content is flagged. Processed images are not stored by AWS Rekognition.
4.3 Firebase Cloud Messaging
Delivers push notifications to your device. Requires a device token (not linked to your identity). Does not access your location or personal data.
5. Data Storage and Security
5.1 Security Measures
- Encryption in transit (TLS/SSL)
- Encryption at rest (AES-256)
- Secure password hashing (bcrypt)
- JWT-based authentication with expiration
- Rate limiting to prevent abuse
- Input validation and sanitization
5.2 Breach Notification
In the event of a data breach, we will notify affected users as required by law, describe the nature of the breach, and provide steps you can take to protect yourself.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Check-in history | 2 years from check-in date |
| Intent history | 1 year from intent date |
| Device tokens | Until deactivated or account deletion |
| Location data (precise) | 90 days |
| Trust score data | Until account deletion |
| Support communications | 3 years |
7. Your Privacy Rights
- Access Your Data: Request access to the personal information we hold about you. Access most of your data directly in the App's settings.
- Correct Your Data: Update your profile information at any time through the App.
- Delete Your Data: Use the "Delete Account" option in App settings or contact privacy@xavierplatforms.com.
- Data Portability: Request a copy of your data in a machine-readable format.
- Opt-Out: Disable push notifications, location tracking, or marketing communications.
8. Location Data
Location data is essential to The Scene's core functionality:
- Venue Discovery: Find venues near you
- Check-Ins: Verify you are at a venue when checking in
- Crowd Data: Calculate real-time crowd levels
- City Detection: Determine your current city for relevant content
Your precise location is NEVER shared with other users. Venue owners see only aggregated crowd counts.
9. Push Notifications
With your permission, we may send:
- Going Tonight Reminders: Remind you of venues you planned to visit
- Venue Threshold Alerts: Notify when a venue reaches a crowd level you set
- Trending Alerts: Notify when venues you've visited are getting busy
- Event Reminders: Upcoming events at venues you've visited
You can customize or disable notifications in the App settings, including setting quiet hours.
10. Children's Privacy
The Scene is not intended for users under 18 years of age (or 21 in jurisdictions where that is the minimum age for accessing nightlife venues). We do not knowingly collect personal information from children under 18. If we discover that we have inadvertently collected data from a child, we will promptly delete it.
11. International Data Transfers
Your data is primarily stored and processed in the United States. By using The Scene, you consent to the transfer of your data to the United States. When transferring data internationally, we implement appropriate safeguards including standard contractual clauses with service providers.
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise your CCPA rights, contact privacy@xavierplatforms.com with subject line "CCPA Request".
13. European Privacy Rights (GDPR)
If you are in the EEA or UK, you have rights under GDPR:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion ("right to be forgotten")
- Restriction: Request limited processing
- Data Portability: Receive your data in a portable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
For GDPR inquiries, contact dpo@xavierplatforms.com.
14. Contact Us
If you have questions about this Privacy Policy, please contact us:
Privacy Inquiries: privacy@xavierplatforms.com
General Support: support@xavierplatforms.com
Legal Matters: legal@xavierplatforms.com
We will respond to privacy inquiries within 30 days.
By using The Scene, you acknowledge that you have read and understood this Privacy Policy.