Privacy Policy.

Account data — your email address (used for magic-link sign-in) and, if you subscribe, billing identifiers held at Stripe.

Organization data — the org name, slug, accent color, optional logo, and the email of every member you invite.

Program content — everything you type into the editor or upload to a program (title, dates, schedule, cast names and bios, sponsor info, photos, dedications, notes).

Operational metadata — timestamps of edits, IP and user-agent of sign-in events (for security audits).

Almost nothing by design. When someone scans a QR or visits a public program URL, we record an anonymous page-view event for the host's scan count. No email, no name, no account.

If someone follows a token-protected cast invite link, we store the photo and bio they upload against the cast member record they were invited to edit.

We do not capture audience email addresses, build audience contact lists, send marketing emails, or set advertising trackers. We do not sell or rent your data to third parties.

To run the Service: authenticate sign-ins, render your programs, deliver QR codes and print sheets, send transactional emails (sign-in links, billing receipts), and detect abuse.

To improve the Service: aggregated metrics about feature use. No individual-level profiling.

We use the following sub-processors. Each has its own privacy policy.

• Supabase — database, authentication, file storage
• Vercel — application hosting and CDN
• Stripe — billing and payments
• Resend — transactional email delivery

We set a small number of cookies for authentication and session continuity. We do not set advertising cookies. See Cookie Policy for the list.

Account and program data is kept as long as your account is open. When you delete a program, it's removed from public view immediately and purged from backups within 30 days.

Closing your account deletes all org content within 30 days. Stripe retains billing records per its own retention policy and applicable tax law.

You can edit or delete any program, cast member, or organization from your dashboard. You can close your account at any time and we will purge accordingly.

Residents of the EU, UK, and California have additional rights — access, correction, deletion, portability, restriction. Email privacy@hallflyers.com to exercise them.

Row-level security is enforced at the database. Storage is gated by org membership. Service-role credentials never reach the browser. We use HTTPS everywhere in production.

No system is perfectly secure. We'll notify affected users of any breach that creates a real risk of harm, as required by applicable law.

The Service is not intended for children under 13. Hosts who include minors in cast lists are responsible for obtaining the necessary consents from parents or guardians.

Our infrastructure is hosted in the United States. If you access the Service from outside the US, you understand that your information will be transferred to and processed in the US.

We update this policy when our practices change. Material updates will be flagged in the Service or sent to the email on file. The "Last updated" date at the top reflects the current version.

Privacy questions: privacy@hallflyers.com. Mailing address available on request.