Privacy Policy
Last updated: 2026-06-09
1. What we collect
To operate AABA we collect:
- Email address. Required for sign-in via a one-time code.
- Profile details. Name, bio, urls, self-declared roles (improviser, coach, accompanist) including hourly/flat rates for each, improv styles, user region(s)
- Phone number (optional). Provided by you for contact with confirmed booking counterparties.
- Booking and event data. Events you create or participate in, availability flags, scheduling poll responses.
- Team data. Memberships, team admin relationships, and content you contribute.
- Last active date. The date of your most recent sign-in, used to display activity recency on your profile.
2. How we use it
- To authenticate you and operate the Service.
- To show your profile to other members so they can book you, including an approximate "last active" date.
- To share your contact information with confirmed booking counterparties.
- To send activity and transactional emails (sign-in codes, booking confirmations, event/team requests, availability flags, drop-in signups, scheduling reminders). You can turn off non-essential notifications, individually or all at once, in your profile settings. Sign-in codes are essential and always sent.
- To debug, secure, and improve the Service.
3. Privacy Permissions Definitions
- Public: Searchable and viewable by any signed-in user
- Required only: Viewable only to confirmed counterparties and team members
- Private: Only viewable by you
- Contact information: Email, phone number, links
New profiles default to Public profile visibility and Required only contact information visibility. These settings are never changed automatically — they stay as you set them, and you can update them at any time from your profile settings.
4. How we store it
Data is stored on Amazon Web Services in the United States (region us-east-1). Database storage is encrypted at rest. Sign-in codes are hashed and expire after five minutes.
5. How long we keep it
- Active accounts: as long as your account exists.
- Completed events: 1 year past the event date, then deleted.
- Cancelled events: retained as soft-deleted records to preserve history for confirmed participants, then deleted 1 year past the proposed event date.
- Authentication codes: 5 minutes (then deleted).
6. Your rights
- Access & correction: view and edit your profile at any time.
- Deletion: delete your account from profile settings. Personal information is removed; historical event records may retain a placeholder reference for confirmed counterparties.
- Export: contact us for a copy of your data.
7. Cookies and tracking
We use a single first-party session cookie set by our authentication provider. We do not currently use third-party analytics or advertising trackers.
8. Third-party services
- Amazon Web Services — hosting, database, email delivery (SES).
- Ko-fi — optional tip widget; loads on authenticated pages.
9. Children
The Service is not directed to children under 13. If you believe a child under 13 has created an account, please contact us so we can remove it.
10. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice.
11. Contact
Questions about this Privacy Policy? Email hello@aaba.app.
Tip Me