Home/Legal
Privacy Policy

Privacy Policy

Last updated · June 5, 2026
This is a working draft prepared by the LOUD ROW team. It is not yet a final legal document and may change before launch. For binding legal matters, please consult a qualified lawyer.

1. Who we are

LOUD ROW is a live-music archive operated by the LOUD ROW team ("we", "us", "the Service"). For privacy questions, contact us at guilhermenunescunhaneto@gmail.com (a dedicated address will replace this before launch).

2. What we collect

When you create an account

  • Email address — for sign-in and account recovery.
  • Display name and handle — public, visible to all users.
  • Date of birth — to verify the 16+ age requirement. Stored privately. Never shown publicly.
  • Profile information you add — bio, home city, avatar image, social-media handles.

When you use the Service

  • Content you create — photos, comments, setlists, RSVPs, votes, follows.
  • EXIF metadata embedded in uploaded photos (camera, lens, exposure) — used to display gear information and to suggest matching shows by date.
  • Sign-in events — for security and to detect compromised accounts.
  • Locale preference — stored as a cookie so the site loads in your language.

When you sign in with a third party

If you sign in with Google or Apple, we receive a unique provider ID, your email address, and optionally a profile picture and display name.

3. Why we collect it

  • To operate the Service — show your profile, your photos, your attendance.
  • To verify your age — accounts under 16 are removed.
  • To moderate — flag reports, mod actions, and account-level interventions.
  • To recover your account — if your sign-in method stops working.
  • For security — detecting abuse and unauthorized access.

Legal basis (LGPD): consent (when you sign up) and legitimate interest (operating and protecting the Service).

4. Who we share it with

We share data with these service providers:

  • Google (Firebase) — authentication, database, and file storage. Located in Google Cloud regions.
  • Vercel — hosting and edge delivery. Located in Vercel infrastructure.
  • Catalog data sources — Setlist.fm, MusicBrainz, and Ticketmaster (read-only).
  • Future processors — search (Typesense), error monitoring, analytics — added under data-processing agreements.

We never sell your data. We never use your photos in paid advertising without separately asking. We comply with valid legal requests from authorities (subpoenas, court orders) and do not voluntarily hand over private data.

5. How long we keep it

  • Account data: until you delete your account, then permanently removed within 30 days.
  • Photos: until you delete the photo or your account.
  • Modlog entries: 12 months (for appeals and pattern detection).
  • Flag reports: 12 months after the report is resolved.
  • Server logs: 90 days.

After account deletion we may retain limited records (e.g. modlog entries, copyright takedown records) if legally required.

6. Your rights

Under the Brazilian Lei Geral de Proteção de Dados (LGPD) and similar laws worldwide, you have the right to:

  • Access — request a copy of data we have about you.
  • Correction — fix incorrect data.
  • Deletion — delete your account and all linked content.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to specific processing activities.
  • Withdrawal of consent — withdraw consent at any time.

Send requests to guilhermenunescunhaneto@gmail.com. We respond within 15 days.

7. Cookies

We use cookies for:

  • Keeping you signed in (Firebase Auth session).
  • Remembering your locale preference (EN / PT-BR).
  • Future: aggregate analytics on which pages people view.

You can clear cookies in your browser at any time.

8. Children

LOUD ROW is for users 16 and older. We do not knowingly collect data from children under 16. If you believe we have such data, contact us and we will delete it.

Users aged 16 or 17 are flagged as minors. Their social-media links are hidden from logged-out viewers by default to limit off-platform contact.

9. International transfers

Your data may be processed outside Brazil (in Google Cloud and Vercel regions globally). Where this happens, we rely on Standard Contractual Clauses or equivalent legal mechanisms.

10. Security

We use industry-standard practices:

  • Encrypted transit (HTTPS).
  • Firebase at-rest encryption.
  • Role-based access (admins, moderators, fans).
  • Append-only modlog for auditability.

No system is 100% secure. If a breach occurs, we will notify affected users within 72 hours of discovery.

11. Changes

We may update this Policy. Material changes will be announced via a banner on the home page at least 14 days before they take effect.

12. Contact

  • General privacy questions: guilhermenunescunhaneto@gmail.com
  • Data Protection Officer: TBD before launch.
Privacy PolicyTerms of Service