BYF App Go Home
Legal

Privacy Policy

Last updated: March 23, 2026

Open Source

Project License

This project is released under the GNU General Public License v3.0. We believe in transparency and the power of open source software.

View Full License

TL;DRSummary

  • Your Data: We collect only what is necessary (email, name, usage logs) to provide the service. We do not sell your personal data.
  • Critical Notifications: Security and assignment emails are always enabled for account and operational safety.
  • AI Learning: Our AI learns from non-personal musical patterns. Your private messages and personal details are never used for training.
  • Third Parties: We use industry-standard providers like Google, Vercel, and Sentry to keep your data secure.

We value your privacy. This document explains how we collect, use, and handle your data when you use the BYF App.

Data Collection

1. What We Collect

We believe in data minimization. We only collect the information absolutely necessary to operate the BYF App effectively.

Active Input

Account Info: Name, Email, Password, Profile Picture.
User Content: Songs, Setlists, Comments, Event Schedules.

Passive Telemetry

Technical Data: IP Address, Device Type, Browser Version.
Usage Logs: Error reports (via Sentry) and performance metrics (via Vercel Analytics).

Children's Privacy

2. Children's Privacy (COPPA)

Protecting the privacy of young children is especially important. The BYF App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you are a parent or guardian and believe we might hear have any information from or about a child under 13, please contact us immediately at privacy@bchyouth.space so we can remove that information.

Usage

3. How We Use Your Data

We use your data for the following specific purposes:

  • Service Provision: To create and manage your account, store your setlists, and facilitate team coordination.
  • Communication: To send you inevitable service notifications (e.g., password resets, assignment updates, security alerts) and optional updates (via Resend/Firebase).
  • Optimization: To understand how the app is used (via Vercel Analytics) and to identify and fix crashes (via Sentry).
  • Security: To detect and prevent fraudulent activity or abuse of our services.
Infrastructure

4. Third-Party Service Providers

We trust the following third-party providers to power our infrastructure. Each provider is carefully selected for their security standards. By using our app, you acknowledge that your data may be processed by these parties, subject to their own privacy policies.

Vercel

Hosting, Deployment, and Performance Analytics.

Privacy Policy

Google (Firebase)

Authentication, Database, and Backend Services.

Privacy Policy

Appwrite

Secure Database and File Storage solutions.

Privacy Policy

Sentry

Real-time Error Monitoring and Crash Reporting.

Privacy Policy

Resend

Transactional Email Delivery.

Privacy Policy

Firebase Cloud Messaging

Push Notifications and Messaging.

Privacy Policy
AI Processing

5. AI & Machine Learning

Important: Our AI models are trained on anonymized, structural musical data only.

We utilize Machine Learning technologies to assist with features like chord generation:

  • Anonymization: All personal identifiers are removed before data is used for training. The AI analyzes musical patterns (e.g., chord progressions) without linking them to specific users.
  • Permanent Learning: Once the AI learns a pattern, that knowledge becomes part of the model. This aggregated learning cannot be isolated or deleted, even if the original source data is removed.
  • No Personal Data Training: We strictily do NOT use your messages, emails, or personal profile data to train our generative models.
Operational Controls

6. Operational Logging & Recovery

  • Dev Email Logs: Outbound operational mail sent from the dev workspace is logged for auditability, troubleshooting, and abuse prevention.
  • Setlist Trash: Deleted setlists are moved to a recoverable trash state before permanent deletion to reduce day-of service disruption.
  • Restricted Access: Dev-only tools and recovery actions are role-gated and monitored through authenticated access controls.
Your Rights

7. Your Rights & Data Portability

You have full control over your data. You have the right to:

  • Access: Request a copy of all data we hold about you.
  • Correction: Fix any inaccurate or incomplete data in your profile.
  • Deletion: Delete your account at any time. Upon deletion, your direct personal data is removed from our active databases. However, anonymized musical patterns previously used to train our AI models are retained as part of the system's aggregated knowledge. Certain operational records (e.g., abuse/security audit logs) may be retained for a limited period where required for legal, safety, or incident-response purposes.

Contact Us

If you have any questions about this policy, please contact us.

Email Support