Privacy Policy
Last Updated: February 15, 2026 | Effective: February 15, 2026
1. Introduction
In this policy, "I," "me," and "my" refer to the operator of Psychic Homily.
I respect your privacy and am committed to protecting your personal information. This Privacy Policy explains how I collect, use, disclose, and safeguard your information when you use the website and services.
By using Psychic Homily, you agree to the collection and use of information in accordance with this policy. If you do not agree with these policies and practices, please do not use the services.
2. Information I Collect
2.1 Information You Provide Directly
- Account Information: Email address, username, password (stored securely as a hash), first name, last name, profile photo/avatar URL, and bio.
- User-Generated Content: Shows you save to your collection, show submissions, and any other content you create on the platform.
- Uploaded Content: Images you upload (such as show flyers) for AI-assisted show creation. These images are processed to extract event details and are not stored permanently.
- Preferences: Theme settings, timezone, language preference, and notification preferences.
- Communications: Information you provide when contacting me for support or feedback.
2.2 Information from Third-Party Services
If you choose to sign in using OAuth providers, I receive:
- Google: Your Google account ID, email address, name, and profile photo.
- GitHub: Your GitHub account ID, email address, username, and avatar.
2.3 Automatically Collected Information
- Device Information: Browser type, operating system, and device identifiers.
- Usage Data: Pages visited, time spent on pages, and interaction patterns.
- Log Data: IP address, access times, and referring URLs.
- Cookies: Session cookies for authentication and preference cookies for your settings. See Section 7 for details.
3. How I Use Your Information
I use the information I collect for the following purposes:
- Provide Services: To create and manage your account, display your saved shows, and enable show submissions.
- Authentication: To verify your identity and maintain secure access to your account.
- Communications: To send you transactional emails (password resets, magic links, email verification) and, with your consent, promotional updates about new features.
- Personalization: To remember your preferences such as theme, timezone, and language.
- Improvement: To analyze usage patterns and improve the services.
- Security: To detect and prevent fraud, abuse, and security incidents.
- Legal Compliance: To comply with applicable laws and regulations.
4. Third-Party Services and Data Sharing
I share your information with the following categories of third parties:
4.1 Service Providers
- Resend: Email delivery service. I share your email address to send transactional and notification emails. Resend Privacy Policy
- Railway: Cloud hosting provider where the application and database are hosted. Railway Privacy Policy
- Google Cloud Storage: Used for backup storage. Google Cloud Privacy Notice
- Anthropic (Claude AI): I use AI to help extract show details from uploaded flyer images and to discover music links for artists. Uploaded images and artist names may be processed by Anthropic's Claude API. I do not intentionally include account identifiers (such as your email address or internal user ID) in Anthropic requests, unless you include personal information in submitted content. Anthropic Privacy Policy
- PostHog: I use PostHog for product analytics, including page views and session recordings (with all inputs masked). PostHog is configured with tracking disabled by default. Analytics events and session recording are only captured after you consent to analytics cookies via the cookie banner. If you decline or revoke consent, capturing is disabled. PostHog Privacy Policy
- Sentry: I use Sentry for error monitoring and diagnostics to detect, investigate, and fix application issues. Sentry may process technical metadata such as stack traces, browser information, and request context. Sentry Privacy Policy
- Vercel Analytics and Speed Insights: I use Vercel-provided analytics and performance monitoring to understand site usage and reliability. These services may process technical metadata, such as page URLs, browser characteristics, and performance timings. Vercel Privacy Policy
4.2 Authentication Providers
- Google OAuth: If you choose to sign in with Google. Google Privacy Policy
- GitHub OAuth: If you choose to sign in with GitHub. GitHub Privacy Statement
4.3 Embedded Content
The site may embed content from third-party music platforms:
- Spotify: Embedded players may set cookies and collect data per Spotify's Privacy Policy
- Bandcamp: Embedded players may set cookies and collect data per Bandcamp's Privacy Policy
- SoundCloud: Embedded players may set cookies and collect data per SoundCloud's Privacy Policy
4.4 Discord Notifications
I use Discord webhooks to send notifications about new show submissions. No personal user data is shared with Discord users beyond what you include in public submissions.
4.5 I Do NOT Sell Your Data
I do not sell, rent, or trade your personal information to third parties for their marketing purposes. I do not share your data with data brokers.
5. Data Retention
- Active Accounts: I retain your information for as long as your account is active.
- Deleted Accounts: When you delete your account, I retain your data for 30 days to allow account recovery if requested. After this grace period, your data is permanently deleted.
- Legal Requirements: I may retain certain information longer if required by law or to protect legal interests.
- Anonymized Data: I may retain anonymized, aggregated data indefinitely for analytics purposes.
6. Your Privacy Rights
Depending on your location, you may have the following rights:
6.1 All Users
- Access: Request a copy of the personal information I hold about you.
- Correction: Update or correct inaccurate information via your profile settings.
- Deletion: Delete your account and associated data through your account settings.
- Portability: Request an export of your data in a machine-readable format.
6.2 California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act and updated regulations effective January 1, 2026, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information I collect.
- Delete: Request deletion of your personal information.
- Opt-Out of Sale/Sharing: I do not sell or share your personal information for cross-context behavioral advertising.
- Non-Discrimination: I will not discriminate against you for exercising your privacy rights.
- Correct: Request correction of inaccurate personal information.
- Limit Use of Sensitive Personal Information: I only use sensitive personal information (such as your email and account credentials) for purposes necessary to provide the services.
6.3 Global Privacy Control (GPC)
I honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, I will treat it as a valid opt-out request for the sale or sharing of personal information, as required by California law and other state privacy laws effective in 2026 (including Kentucky, Rhode Island, and Indiana).
6.4 European Economic Area (GDPR)
If you are in the EEA, you have additional rights under the General Data Protection Regulation:
- Legal Basis: I process your data based on: (a) your consent, (b) performance of the contract with you, (c) legitimate interests, or (d) legal obligations.
- Withdraw Consent: Where I rely on consent, you may withdraw it at any time.
- Restriction: Request that I restrict processing of your data.
- Object: Object to processing based on legitimate interests.
- Lodge Complaint: File a complaint with your local data protection authority.
6.5 How to Exercise Your Rights
To exercise any of these rights, please contact me at hello@psychichomily.com. I will respond to your request within 45 days (or 30 days for GDPR requests). I may need to verify your identity before processing your request.
7. Cookies and Tracking Technologies
7.1 Cookies I Use
- Essential Cookies: Required for authentication and security. These cannot be disabled without breaking core functionality.
- Preference Cookies: Remember your settings like theme preference. These improve your experience but are not strictly necessary.
- Analytics Cookies: With your consent, I use PostHog to collect anonymized usage data such as page views and session recordings (with all inputs masked). These cookies are only set after you accept analytics via the cookie consent banner. You can change your preference at any time through the cookie preferences link in the footer.
7.2 Third-Party Cookies
Embedded content from Spotify, Bandcamp, and SoundCloud may set their own cookies. These are governed by their respective privacy policies. You can manage third-party cookies through your browser settings.
7.3 Managing Cookies
Most browsers allow you to control cookies through their settings. Note that disabling essential cookies may prevent you from using authenticated features of the service.
8. Data Security
I implement appropriate technical and organizational measures to protect your personal information:
- Encryption: All data transmitted between your browser and the servers is encrypted using TLS/HTTPS.
- Password Security: Passwords are hashed using bcrypt. I check passwords against known breach databases (HaveIBeenPwned) to prevent use of compromised credentials.
- Authentication: The service supports secure authentication methods including passkeys/WebAuthn, magic links, and OAuth.
- Access Controls: Access to personal data is restricted to authorized personnel only.
- Backups: Regular encrypted backups ensure data recovery in case of incidents.
While I strive to protect your information, no method of transmission over the Internet is 100% secure. I cannot guarantee absolute security.
9. Children's Privacy
The services are not directed to individuals under the age of 16. I do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided personal information, please contact me at hello@psychichomily.com and I will delete such information.
10. International Data Transfers
The servers are located in the United States. If you access the services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the services, you consent to this transfer. I take steps to ensure that your data receives adequate protection in accordance with this Privacy Policy.
11. Changes to This Privacy Policy
I may update this Privacy Policy from time to time. I will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, I may also send you an email notification. Your continued use of the services after any changes indicates your acceptance of the updated policy.
12. Contact Us
Psychic Homily is operated by an individual sole proprietor based in Arizona, United States.
If you have any questions about this Privacy Policy or privacy practices, please contact me at hello@psychichomily.com.
Quick Reference: Your Rights by Location
| Right | All Users | California | EEA |
|---|---|---|---|
| Access your data | ✓ | ✓ | ✓ |
| Correct your data | ✓ | ✓ | ✓ |
| Delete your data | ✓ | ✓ | ✓ |
| Export your data | ✓ | ✓ | ✓ |
| Opt-out of sale/sharing | N/A* | ✓ | ✓ |
| Restrict processing | — | — | ✓ |
| Lodge complaint with authority | — | ✓ | ✓ |
* I do not sell or share personal information, so opt-out is not applicable.