Ovationly

Privacy Policy

CNTRL, Inc. / Ovationly — Last updated April 14, 2026

1. Introduction

Welcome to Ovationly, operated by CNTRL, Inc. (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Ovationly application and website (collectively, the “Service”). By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, password (stored as a secure hash), first name, and username.

2.2 Profile Information

You may optionally provide a display name, bio, and profile image. Your username and display name are visible to other users.

2.3 User Content

We collect photos, videos, ticket stub images, and text descriptions that you upload when creating memories. This content is stored in our cloud infrastructure and displayed according to your visibility settings (public, followers-only, or private).

2.4 Event Information

We collect data about the events you attend, including artist or team names, venues, dates, setlists, and scores. Some of this information is retrieved from third-party APIs (Setlist.fm, ESPN, Bandsintown) based on your searches.

2.5 RSVP and Social Data

We collect information about your RSVPs to events, the users you follow, the artists and teams you follow, and your notification preferences.

2.6 Usage Data

We collect analytics data about how you use the Service, including pages visited, features used, search queries, and interaction patterns. This data is collected through Google Analytics, Vercel Analytics, and our own internal analytics system.

2.7 Device and Browser Information

We automatically collect device type, browser type, operating system, IP address, and general location information when you access the Service.

2.8 Cookies

We use cookies to maintain your authentication session and preferences. These are essential cookies required for the Service to function. We do not use third-party advertising cookies.

2.9 Log Data

Our servers automatically record information including your IP address, browser type, referring/exit pages, and timestamps when you access the Service.

2.10 Third-Party Data

When you use our search features, we may retrieve publicly available data from third-party services including Setlist.fm (concert setlists), ESPN (sports scores and schedules), Bandsintown (tour dates), Spotify (track information, if you connect your account), and ACRCloud (song identification). We do not share your personal data with these services beyond what is necessary to fulfill your requests.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Display your memories according to your visibility preferences
  • Enable social features such as following, notifications, and sharing
  • Process and display event information including setlists, scores, and venue data
  • Generate thumbnails, compress media, and transcode video for optimal playback
  • Identify songs in your uploaded videos (when you use the identification feature)
  • Send notifications about activity related to your account
  • Analyze usage patterns to improve the Service
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. How We Share Your Information

4.1 Public Content

Memories you mark as “public” are visible to anyone with the link. Your username, display name, and profile image are visible on public profiles. Public share pages include Open Graph metadata for social media previews.

4.2 Service Providers

We use the following third-party services to operate the platform:

  • Supabase — Database hosting, authentication, and file storage
  • Vercel — Application hosting and edge delivery
  • Mux — Video transcoding and streaming
  • Google — Analytics and advertising measurement

These providers process data on our behalf and are contractually obligated to protect your information.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

If CNTRL, Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information is subject to a different privacy policy.

5. Data Storage and Security

Your data is stored on servers operated by Supabase (PostgreSQL database) and Vercel (application hosting). Media files are stored in Supabase Storage with access controls. Video files may be processed through Mux for transcoding. We implement industry-standard security measures including encryption in transit (TLS), row-level security policies on database tables, and secure authentication via Supabase Auth. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Update or correct inaccurate personal data via your account settings
  • Deletion — Request deletion of your account and associated data

To exercise any of these rights, contact us at ovationly@gmail.com. We will respond to your request within 30 days.

7. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at ovationly@gmail.com.

8. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at ovationly@gmail.com.

9. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, accounting, or compliance purposes. Anonymized analytics data may be retained indefinitely.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: