Privacy Policy
This privacy policy explains how Codelio ("we", "us") collects, uses and shares information when you use the Festivo mobile application (the "App"). By installing or using the App you agree to the practices described here.
1. Who is the data controller
Codelio, reachable at contact@codelio.fr, is the controller of personal data processed in connection with the App.
2. What data we process
Festivo is designed to keep on-device data on-device wherever possible. The categories below describe everything the App can collect.
2.1 Data you provide
- Authentication tokens — when you connect a third-party music account (SoundCloud, Apple Music, Spotify) to listen to artist previews, an access token is stored on your device and used only to call that provider's API.
- Saved festivals and preferences — your favourites, filters and settings are stored locally on your device.
2.2 Data collected automatically
- Device & usage analytics — anonymous events such as screens viewed and feature usage, processed via Firebase Analytics to help us improve the App.
- Crash diagnostics — if the App crashes, technical information (device model, OS version, stack trace) is sent to Firebase Crashlytics so we can fix the issue.
- Approximate & precise location — only when you explicitly grant the location permission, and only while the App is in use, in order to highlight the festival stage you are currently near. Location data is processed on-device and is not stored on our servers.
- Push notification token — if you opt in to notifications, a Firebase Cloud Messaging token is generated so we can send set-time reminders.
2.3 Data we do not collect
- We do not require you to create an account.
- We do not collect your name, email, phone number or address.
- We do not sell personal data.
- We do not run advertising trackers.
3. Why we process this data (legal bases)
| Purpose | Legal basis (GDPR) |
|---|---|
| Operating core App features (browsing festivals, saved list, timetable) | Performance of the contract you enter into when using the App |
| Analytics and crash diagnostics | Our legitimate interest in maintaining and improving the App |
| Location-based stage detection | Your explicit consent (the OS permission prompt) |
| Push notifications | Your explicit consent (the OS permission prompt) |
| Connecting a music provider account | Your explicit consent when you initiate the connection |
4. Third-party services
The App relies on the following processors and integrations. Each has its own privacy policy that governs the data they receive.
- Google Firebase (Analytics, Crashlytics, Cloud Messaging) — firebase.google.com/support/privacy
- Cloudflare (Workers, KV, R2) — used to host helper APIs that proxy music-provider requests; see cloudflare.com/privacypolicy
- SoundCloud — when you sign in, see soundcloud.com/pages/privacy
- Apple MusicKit — when you sign in, see apple.com/legal/privacy
- Spotify — when you open an artist via Spotify, see spotify.com/legal/privacy-policy
5. Data retention
- On-device data (saved festivals, preferences, music tokens) — kept until you uninstall the App or sign the account out.
- Analytics events — retained by Firebase Analytics according to the retention period configured in our Firebase project (default 14 months).
- Crash logs — retained by Firebase Crashlytics for up to 90 days.
6. International transfers
The third-party processors listed above may process data in countries outside the European Economic Area, including the United States. Where this happens, transfers are protected by the European Commission's Standard Contractual Clauses or an equivalent safeguard offered by the provider.
7. Your rights
If you are located in the EEA, the United Kingdom or a jurisdiction with comparable rules, you have the right to:
- access the personal data we hold about you,
- request rectification or erasure,
- restrict or object to processing,
- data portability,
- withdraw any consent at any time, and
- lodge a complaint with your local data protection authority.
To exercise any of these rights, email contact@codelio.fr. You can also clear all on-device data at any time by uninstalling the App or by signing out of the connected music account from inside the App.
8. Children
Festivo is not directed to children under 13 (or under 16 in the EEA) and we do not knowingly collect data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Security
We use industry-standard transport security (HTTPS) for all network calls and rely on the security primitives of iOS and Android for on-device storage. No method of transmission over the internet is 100% secure, however, and we cannot guarantee absolute security.
10. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be highlighted inside the App.
11. Contact
Questions or requests? Email contact@codelio.fr.