Setlist - Asset Manager for Creative Teams

1. Introduction

Welcome to Setlist. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our application and tell you about your privacy rights.

2. Information We Collect

We collect and process the following types of information:

Account Information

Name and email address (when you sign up)
Profile picture (if provided through your authentication provider)
Authentication credentials

Content You Create

Sets (images, color palettes, text snippets)
Setlists and their organization
Tags and descriptions
Comments on shared content

Usage Information

How you interact with the application
Features you use
Time and date of your visits

3. How We Use Your Information

We use your information to:

Provide and maintain our service
Manage your account and authenticate your access
Store and organize your content
Enable sharing and collaboration features
Send important service notifications
Improve and optimize our service
Detect and prevent abuse or security issues

4. Data Storage and Security

Your data is stored securely using industry-standard practices. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

File Storage

Uploaded files are stored in secure cloud storage
Files are encrypted in transit and at rest
Access to files is controlled through authentication

Database Security

All passwords are securely hashed
Database access is restricted and monitored
Regular security updates are applied

5. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With your consent: When you explicitly choose to share content using our sharing features
With team members: When you collaborate in teams, team members can see shared content
Service providers: We use trusted third-party services for hosting, authentication, and storage (e.g., Cloudflare)
Legal requirements: When required by law or to protect our rights and safety.

6. Data Subprocessors

We use trusted third-party service providers (subprocessors) to deliver Setlist services. These subprocessors process your data only as necessary to provide the services and are bound by appropriate data protection agreements.

Subprocessor	Purpose
Hetzner (Ashburn, Virginia)	Hosting for the Setlist databases.
Cloudflare (Worldwide)	Application hosting, Asset storage, Database hosting, and security services.
PostHog (United States)	Product analytics to help us understand user behavior and improve Setlist features.
OpenAI (United States)	AI model processing for generative features (alt text generation, tag suggestions, color harmony).

These subprocessors each have their own privacy policies and are bound by their own terms of service. We limit the data we share to only what is necessary to provide the services.

7. Your Rights and Choices

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct your information
Deletion: Request deletion of your account and data
Export: Download your content at any time
Opt-out: Unsubscribe from non-essential communications

To exercise these rights, please contact us through the support channels provided in the application.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session and provide a personalized experience. These are essential for the application to function properly.

Types of Cookies We Use:

Authentication cookies: Keep you signed in
Preference cookies: Remember your settings (theme, etc.)
Session cookies: Maintain application state

We do not use third-party advertising or analytics cookies that track you across websites.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you delete your account:

Your personal data will be deleted within 30 days
Your content will be permanently removed from our servers
Shared links will stop working immediately
Some data may be retained in backups for up to 90 days for disaster recovery purposes

10. Children's Privacy

Setlist is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. By using Setlist, you consent to this transfer. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us through the support channels provided in the application.