Privacy Policy

Last updated: 2026-12-01. Effective date: 2026-12-01.

1. Who we are

Snagmap is an iOS app that lets you log the live events you attend - concerts, sports games, theatre, comedy shows, and festivals - and visualise them on a globe. This privacy policy describes what data the app handles, how we handle it, and the choices you have.

If you have questions, contact us at privacy@snagmap.app.

2. Account and authentication (Sign in with Apple)

Snagmap is usable without an account. The app fully works for solo logging without ever signing in.

Account-required features (friends, profiles, friend overlap, public sharing) use Sign in with Apple. When you sign in, Apple sends us:

• A stable user identifier (a Snagmap-specific ID, not your Apple ID).
• An email address - either your real address, if you choose to share it, or a private relay address from Apple.
• Optionally, a display name you provide.

We use this to create your Snagmap profile so friends can find you and overlaps can be detected. You can delete your account at any time from Settings, which removes everything we have stored on our servers about you.

3. Where your data lives

On your device and in your iCloud

The events you log - artist, venue, date, optional notes, ratings, and companions - are stored locally using SwiftData and synced privately via your iCloud account using CloudKit. This is the same private CloudKit database used by other Apple-first apps. Only you can access it.

We do not have access to this CloudKit data. It moves between your devices via your iCloud account directly.

On our backend (Supabase)

We use Supabase (Postgres, hosted in the EU and US regions) to power friends, friend overlap, and public profiles. Data syncs to Supabase only when:

• You sign in with Apple and accept at least one friend connection, or
• You toggle your profile to public.

Until then, Snagmap is a fully local-only app and zero event data leaves your device.

When sync is enabled, we store on Supabase:

• Your handle, optional display name, and optional avatar URL.
• A small "public events" record per show: artist name, venue name, city, country, date. Used only to detect friend overlap. We strip notes, ratings, photos, companions, and import source.
• Your friendships (who you are connected to).
• Detected friend overlaps.
• Hashed contact identifiers, only if you opt in to contact-based friend discovery (see Section 5).

Crash and error reporting

We use Sentry to capture anonymous crash reports and errors so we can fix bugs. Reports include device model, iOS version, the stack trace, and a random installation ID. Reports do not include your name, email, contacts, location, or event data. You can disable crash reporting in Settings.

4. Photos library access

If you grant Photos permission, Snagmap reads photo metadata (EXIF date and approximate location) on your device to suggest shows to log. The matching happens locally on your iPhone.

• Photos are never uploaded to our servers.
• If you attach a photo to a show, we store only a local reference (a PHAsset identifier). The photo itself stays in the iOS Photos app.
• If you delete the photo from Photos, it disappears from Snagmap too. That is correct behaviour.

5. Contacts permission

If you opt in to "Find friends from your contacts", Snagmap performs the following entirely on your device before anything is sent to our server:

1. Reads phone numbers and email addresses from your Contacts app.
2. Normalises each value (digits-only for phones with country code preserved when present; lowercase + trim for emails).
3. Combines the normalised value with a fixed app-wide salt and hashes it with SHA-256.
4. Sends only the digests to our server, where we compare them to digests stored for registered Snagmap users.

Plaintext phone numbers and emails from your contacts never leave your device. We use a global app-wide salt (not a per-installation salt) so that two users hashing the same number produce the same digest - which is what makes friend matching work. To prevent rainbow-table attacks against the global salt, the server enforces a rate limit on contact-hash queries per user.

You can disable contact sync at any time in Settings, and your stored hashes can be cleared by signing out or deleting your account.

6. Location permission

Snagmap requests location only when you tap the "locate" button while adding a show, to suggest nearby venues. We use your location for that single lookup and never record it.

The optional "Miles travelled for shows" stat uses a home location you set manually in Settings. The home location stays on your device only and is never uploaded to our servers.

7. Camera permission

The camera is used solely to scan a QR code when you add a friend in person at a show. We do not record video, take photos, or transmit anything from the camera. The QR code contains only a Snagmap user ID for friend invitation.

8. Apple Wallet (PassKit)

If you use the "Scan Wallet" feature, Snagmap reads event ticket passes saved in Apple Wallet to extract event name, venue, and date. We do this on your device and never modify or remove your passes.

9. Subscriptions and purchases

Snagmap Pro is sold as an in-app subscription via Apple's StoreKit. Apple handles payment processing. We do not see your credit card, billing address, or full purchase history. We receive only a confirmation that your subscription is active for entitlement purposes. Refunds are handled by Apple per their refund policy.

10. Third-party services we query

To enrich the shows you log, Snagmap queries the following third-party APIs. We send only the minimum context (e.g. artist name, date, venue), never your account information, contacts, or device identifiers:

• Setlist.fm - artist autocomplete and setlist lookup.
• Ticketmaster - event details, venues, and your order history if you connect your Ticketmaster account via OAuth (Pro feature).
• MusicBrainz - genre tags for artists.
• NHL, MLB, ESPN, API-Football, TheSportsDB - sports event metadata when you log sports.

Each of these services has its own privacy policy. We do not share your Snagmap profile, contacts, or events with them - we only ask "what is the setlist for this concert" or "what game was played at this venue on this date."

11. What we never collect

• Your real name (unless you provide it as a display name).
• Your home address.
• Your payment information.
• Your photos (only PHAsset references).
• Your location traces.
• Browsing history outside Snagmap.
• Microphone, HealthKit, motion, or calendar data. We do not request any of these permissions.

Snagmap does not run third-party advertising, does not embed analytics SDKs that track you across apps, and does not sell or share your data with data brokers.

12. Your rights

You have the right to:

• Access your data. Export everything to CSV from Settings -> Export my data.
• Correct your data. Edit any show, profile, or friendship in the app.
• Delete your account. Settings -> Delete account removes your profile, friendships, public events, and overlaps from our servers within 30 days. iCloud-stored data is yours and can be deleted from your device or iCloud.
• Opt out of crash reporting and contact sync at any time in Settings.
• Withdraw consent for friend features by signing out, which stops all server-side sync.

If you are in the EU/UK, you have additional rights under the GDPR including the right to lodge a complaint with your local data protection authority. Contact privacy@snagmap.app for any data request.

13. Children's privacy

Snagmap is rated 13+ on the App Store and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. If you are a parent or guardian and believe your child has signed up, contact privacy@snagmap.app.

14. Data retention

• Profile, friendship, and public-event records: retained while your account is active. Deleted within 30 days of account deletion.
• Hashed contact identifiers: stored on your profile row while contact sync is enabled; cleared when you disable sync, sign out, or delete your account.
• Sentry crash reports: retained for 90 days.
• iCloud-stored data: retained by Apple under your iCloud terms; deleted when you delete it.

15. Security

Data in transit is encrypted with TLS 1.2+. Data at rest in Supabase is encrypted at the disk level. Sign in with Apple uses Apple's secure authentication. We use Row-Level Security policies in Postgres so that one user cannot read another user's records, even by accident on our side.

No system is perfectly secure. If we ever discover a breach affecting you, we will notify you within 72 hours.

16. International transfers

Our servers run in the United States and the European Union. If you are outside these regions, your data may be transferred to one of them. We rely on Standard Contractual Clauses for transfers from the EU/UK.

17. Changes to this policy

We may update this privacy policy as the app evolves. Material changes will be announced in-app and via email (where you have provided one) at least 30 days before they take effect. The effective date at the top of this page reflects the latest version.

18. Contact

Privacy questions: privacy@snagmap.app
Support: support@snagmap.app
Legal: legal@snagmap.app