Salty Digital LLC (“Salty,” “we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Salty mobile application, website, and related services (collectively, the “Service”).
We operate in accordance with New Jersey law and applicable U.S. privacy regulations.
Effective Date: May 31, 2026 · Last Updated: June 28, 2026
1. Eligibility
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years of age. If you are under 13, please do not use our services or provide any personal information. If we learn that we have collected personal information from a child under 13, we will delete it promptly.
2. Information We Collect
2.1 Information You Provide Directly
• Account registration: name, email address, zip code, phone number and password• Profile information: display name and profile photo• Event and ticket information you enter manually• Notes, reflections, and mood tags you attach to events• Email-provider credentials you supply to connect a non-Gmail mailbox (see Section 4.1)• Feedback, support messages, and other communications with us
2.2 Information Collected Automatically
• Device and technical data: IP address, device identifiers, OS, browser type• App usage data: screens viewed, features used, session duration, interaction patterns• Location data (with your permission): GPS used to detect nearby events and match photos. If you turn on Auto-Capture, we also use background (“Always”) location to detect when you arrive at a venue for one of your saved tickets (see Section 4.2)• Photos and camera content (with your permission): used to scan physical ticket barcodes• Cookies and similar tracking technologies
2.3 Information from Third-Party Services
• Google Account (OAuth): name, email address, and profile photo• Gmail (with explicit permission): email content accessed solely to detect ticket confirmations — we do not read, index, store, or share any other email content (see Section 4)• Other email providers via IMAP (Outlook, Yahoo, iCloud, AOL — with explicit permission): accessed solely to detect ticket confirmations (see Section 4.1)• Ticketmaster Discovery API: publicly available event and venue metadata• Setlist.fm: publicly available concert setlist data• TheSportsDB: publicly available sports statistics
3. How We Use Your Information
We use collected information to:
• Create, maintain, and secure your Salty account• Import and organize your live event tickets• Automatically detect and log events you attend when you enable Auto-Capture (see Section 4.2)• Enrich ticket records with setlists, sports stats, venue details, and media• Enable social features including friend connections, tagging, and shared event experiences• Send push notifications about upcoming events, new ticket detections, and friend activity (only if you opt in)• Respond to your support requests and feedback• Analyze aggregate, anonymized usage patterns to improve app features and performance• Detect and prevent fraud, abuse, and security incidents• Comply with legal obligations under applicable law
4. Gmail Integration & Google API Policy
Salty’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
• We request Gmail read-only scope solely to scan for ticket confirmation emails• We extract only the minimum data necessary: event name, date, venue, seat, and confirmation number• To extract these details, the text of matching confirmation emails is processed by our AI provider, Anthropic (Claude API), solely to identify the event name, date, venue, and seat. This content is sent over an encrypted connection, is NOT used to train any AI model, and is NOT retained after extraction.• We do not store the full text or attachments of any email• We do not use Gmail data for advertising, profiling, or any purpose other than importing your tickets• Gmail access and refresh tokens are encrypted at rest (AES-256-GCM) on our servers and protected by row-level security, and are additionally secured on your device using Expo Secure Store• You can revoke Gmail access at any time from Settings → Connected Accounts within the app, or directly from your Google Account settings at myaccount.google.com
4.1 Other Email Providers (IMAP)
If you connect a non-Gmail mailbox (Outlook, Yahoo, iCloud, or AOL), you provide your email address and a password (or app-specific password). We use these credentials solely to scan forticket-confirmation emails and extract the same minimum details described in Section 4, using the same AI processing by Anthropic.
Your email password is encrypted at rest (AES-256-GCM) on our servers, is never used for any other purpose, and is permanently deleted when you disconnect the mailbox.
4.2 Background Location & Auto-Capture
Auto-Capture is an optional feature, turned OFF by default, that you can enable in Settings → Security. When enabled, Salty uses your device location in the background — including when the app is closed or not in use — to detect when you arrive at the venue of one of your upcoming saved tickets. When a match is found, we add a pending event to your review queue and may send you a notification so you can confirm it.
• Auto-Capture is strictly opt-in and requires you to grant “Always” location permission. You can disable it at any time in Settings, or by revoking location permission in your device settings.• Your location is evaluated on your device and compared only against the venues of ticketsalready in your account. We do not continuously transmit your location to our servers, and we do not build or store a history of your movements.• We use background location solely to log live events you attend — never for advertising, profiling, or sale to third parties.• Turning Auto-Capture off stops all background location collection immediately.
5. How We Share Your Information
We do not sell your personal information. We may share limited information only in the following circumstances:
5.1 With Other Salty Users
When you tag friends in events or use social features, your display name and profile photo are visible to Salty users you are connected with. You control which events are shared via event privacy settings.
5.2 With Service Providers
We use Supabase (database, authentication, and file storage) to operate the Service. We use Anthropic (Claude API) to parse the text of ticket-confirmation emails and extract event details — only the relevant email content is sent, solely for that extraction; Anthropic does not use the data to train its models, and we do not retain the email content afterward. These providers process data only as instructed by us and are contractually obligated to protect your information.
5.3 Legal Authorities
We may disclose information if required by law, regulation, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.4 Business Transfers
If Salty Digital LLC undergoes a merger, acquisition, or sale of substantially all of its assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, your personal data will be removed from our active systems within 30 days, except where retention is required by applicable law. Anonymized aggregate data may be retained indefinitely for analytics purposes.
7. Data Security
We implement industry-standard security measures including:
• Supabase Row Level Security (RLS) — each user can only access their own data• OAuth 2.0 authentication, with all tokens encrypted in transit (TLS) and at rest• Encryption at rest (AES-256-GCM) for stored email-provider credentials (Gmail tokens and IMAP passwords); the encryption key is held only in our server environment, never in the database• On-device protection of session tokens using Expo Secure Store• HTTPS/TLS encryption for all data in transit• Service role keys are never bundled in the mobile app
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
8. Cookies & Tracking
Our website and web-based components may use cookies and similar technologies to analyze traffic, remember your preferences, and improve your experience across sessions.
You can control or disable cookies through your browser settings. The mobile app uses Expo Secure Store rather than browser cookies for session management.
9. Your Rights & Choices
As a New Jersey resident and/or user of our Service, you may have the following rights:
• Access: request a copy of the personal information we hold about you• Correction: request that we correct inaccurate or incomplete information• Deletion: request that we delete your personal information• Portability: request your data in a structured, machine-readable format• Opt-out of marketing: unsubscribe from promotional emails at any time• Withdraw consent: withdraw consent for Gmail access or location tracking at any time through app settings
To exercise any of these rights, please contact us at privacy@saltydigital.ai. We will respond within 45 days.
Account Deletion: You may delete your Salty account at any time from Settings → Account → Delete Account. Your personal data will be removed from our active systems within 30 days.
10. Third-Party Links & Services
The Service may contain links to third-party websites or integrate with third-party services (Ticketmaster, Setlist.fm, etc.). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our app.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last Updated” date and, where appropriate, by in-app notification or email. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
12. Google Play Data Safety
Data Collected:
• Name and email address (account registration)• Photos and videos (ticket scanning and event galleries, with permission)• Precise location (nearby event detection and venue matching, with permission), including optional background location when you enable Auto-Capture• Email messages (Gmail integration only, ticket confirmation parsing, with explicit permission)• Device and app identifiers (crash reporting and analytics)• App activity and interaction data
Data Sharing: We do not sell your personal data. Data is shared only with Supabase (our infrastructure provider), Anthropic (AI parsing of ticket-confirmation email text only), and third-party analytics vendors under data processing agreements. Gmail data is never used for advertising and is never shared beyond the processing described in this policy.
Security: All data is encrypted in transit using HTTPS/TLS. Email-provider credentials (Gmail tokens and IMAP passwords) are encrypted at rest using AES-256-GCM with Supabase Row Level Security; session tokens are protected on-device using Expo Secure Store.
13. Contact Us
Questions about how your data is handled? Contact us at privacy@saltydigital.ai.
Salty Digital LLC · Effective May 31, 2025 · Last Updated June 28, 2026
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.