Salty Digital LLC
Effective Date: May 31, 2025  |  Last Updated: June 2, 2026
Governing Law: State of New Jersey, USA
Contact: privacy@saltydigital.ai

Salty Digital LLC ("Salty," "we," "our," or "us") values your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Salty mobile application, website, and related services (collectively, the "Service"). Please read this policy carefully before using the Service. We operate in accordance with New Jersey law and applicable U.S. privacy regulations.

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years of age. If you are under 13, please do not use our services or provide any personal information. If we learn that we have collected personal information from a child under 13, we will delete it promptly.

• Account registration: name, email address, and password
• Profile information: display name and profile photo
• Event and ticket information you enter manually (event name, venue, date, seat)
• Notes, reflections, and mood tags you attach to events
• Feedback, support messages, and other communications with us

• Device and technical data: IP address, device identifiers, operating system, browser type
• App usage data: screens viewed, features used, session duration, and interaction patterns
• Location data (with your permission): GPS coordinates used to detect nearby events, auto-suggest venues, and match photos to events by location
• Photos and camera content (with your permission): used to scan physical ticket barcodes and populate your event memory galleries
• Cookies and similar tracking technologies: used for analytics, security, and remembering your preferences

• Google Account (OAuth): your name, email address, and profile photo when you sign in with Google
• Gmail (with your explicit permission): email content is accessed solely to detect and extract ticket confirmation details. We do not read, index, store, or share any other email content. See Section 4 for full details.
• Ticketmaster Discovery API: publicly available event and venue metadata used to enrich your ticket records
• Setlist.fm: publicly available concert setlist data displayed in event detail views
• TheSportsDB: publicly available sports statistics displayed in event detail views

We use collected information to:

• Create, maintain, and secure your Salty account
• Import and organise your live event tickets
• Enrich ticket records with setlists, sports stats, venue details, and media
• Enable social features including friend connections, tagging, and shared event experiences
• Send push notifications about upcoming events, new ticket detections, and friend activity (only if you opt in)
• Respond to your support requests and feedback
• Analyse aggregate, anonymised usage patterns to improve app features and performance
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations under applicable law

Salty's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We request Gmail read-only scope solely to scan for ticket confirmation emails
• We extract only the minimum data necessary: event name, date, venue, seat, and confirmation number
• We do not store the full text or attachments of any email
• We do not use Gmail data for advertising, profiling, or any purpose other than importing your tickets
• Gmail access tokens are stored securely using Expo Secure Store on your device and Supabase with row-level security on our servers
• You can revoke Gmail access at any time from Settings → Connected Accounts within the app, or directly from your Google Account settings at myaccount.google.com

We do not sell your personal information. We may share limited information only in the following circumstances:

When you tag friends in events or use social features, your display name and profile photo are visible to Salty users you are connected with. You control which events are shared via event privacy settings.

We use Supabase (database, authentication, and file storage) to operate the Service. Supabase processes data only as instructed by us and is contractually obligated to protect your information. We may engage other vendors (analytics, crash reporting) under similar data processing agreements.

We may disclose information if required by law, regulation, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

If Salty Digital LLC undergoes a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, your personal data will be removed from our active systems within 30 days, except where retention is required by applicable law. Anonymised aggregate data may be retained indefinitely for analytics purposes.

We implement industry-standard security measures including:

• Supabase Row Level Security (RLS) — each user can only access their own data
• PKCE OAuth flow for secure authentication on mobile devices
• Encrypted storage of authentication tokens using Expo Secure Store
• HTTPS/TLS encryption for all data in transit between the app and our servers
• Service role keys are never bundled in the mobile app

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Our website and web-based components may use cookies and similar technologies to analyse traffic and usage patterns, remember your preferences and authentication state, and improve your experience. You can control or disable cookies through your browser settings. The mobile app uses Expo Secure Store rather than browser cookies for session management.

As a user of our Service, you may have the following rights:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate or incomplete information
• Deletion: request that we delete your personal information (subject to legal retention obligations)
• Portability: request your data in a structured, machine-readable format
• Opt-out of marketing: unsubscribe from promotional emails at any time
• Withdraw consent: withdraw consent for Gmail access or location tracking at any time through app settings

To exercise any of these rights, please contact us at privacy@saltydigital.ai. We will respond within 45 days.

The Service may contain links to third-party websites or integrate with third-party services (Ticketmaster, Setlist.fm, etc.). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our app.

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date and, where appropriate, by in-app notification or email. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Salty Digital LLC
Email: privacy@saltydigital.ai
App: Salty — Save All Life's Tickets

© 2026 Salty Digital LLC. All rights reserved.  |  Terms & Conditio