Effective date: February 26, 2026
This Privacy Policy describes how TSF Band ("we," "us," or "our") collects, uses, stores, and shares information about you when you use our mobile application and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.
The developer of TSF Band is the data controller responsible for your personal data as defined by the General Data Protection Regulation (EU) 2016/679 ("GDPR"). For privacy-related inquiries, you may contact us using the contact form on our website at tsf-band.com or through the in-app support feature.
We collect and process the following categories of personal data when you use the Service:
We process your personal data on the following legal bases as defined by the GDPR:
We use the personal data we collect for the following purposes: (a) to provide, operate, maintain, and improve the features and functionality of the Service; (b) to synchronize your data across all devices on which you use the Service; (c) to deliver push notifications for which you have opted in, including event reminders, messages, and task updates; (d) to protect your account against unauthorized access; (e) to diagnose and resolve crashes, bugs, and other technical issues; and (f) to respond to support requests you submit through the application or website.
We do not sell, rent, or trade your personal data to third parties. Your data may be disclosed only in the following limited circumstances:
Your personal data may be transferred to and processed in countries outside the European Economic Area ("EEA"), including the United States, where our service providers maintain infrastructure. We ensure that appropriate safeguards are in place for such transfers, including: (a) Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to Firebase/Google LLC; (b) Google's Data Processing Terms and security certifications for cloud infrastructure; and (c) Apple's privacy policies and appropriate safeguards for push notification services, App Store processing, and crash reporting.
Your data is stored on Firebase (Google Cloud) infrastructure. All data is encrypted in transit using Transport Layer Security (TLS) and encrypted at rest through Firebase's built-in encryption mechanisms. Sensitive credentials on iOS devices are stored using the iOS Keychain.
Additional security measures include: Firebase Authentication with optional biometric verification (Face ID/Touch ID), where biometric data is processed entirely on your device and never transmitted to our servers; role-based access controls and data access limitations within band groups; device login tracking with automatic account lockout after multiple consecutive failed authentication attempts; and continuous monitoring for unauthorized access patterns.
While we implement industry-standard security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your personal data, we will notify affected users without undue delay as required by applicable law.
If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data: the right to access and obtain a copy of your personal data; the right to rectification of inaccurate or incomplete data through your profile settings; the right to erasure of your account and all associated data through the application settings; the right to data portability in a structured, machine-readable format; the right to restrict certain processing activities; the right to withdraw consent at any time without affecting the lawfulness of processing based on consent prior to withdrawal; the right to lodge a complaint with your local data protection supervisory authority; and the right not to be subject to automated decision-making, including profiling, that produces legal or similarly significant effects. We do not engage in such automated processing.
To exercise any of these rights, you may use the contact form at tsf-band.com or the in-app support feature. We will respond to your request within 30 days as required by applicable law.
We retain your personal data for the following periods: account data is retained until you delete your account or after 3 years of account inactivity; band and event data is retained until manually deleted by you or your group administrator; messages and chat data are retained until deleted by the sender or upon account deletion; financial records are retained until manually deleted by the user; analytics and crash data are retained for up to 24 months and then automatically anonymized. Following account deletion, all personal data is permanently removed from our systems within 30 days, except where longer retention is required by applicable law.
We do not collect, process, or store credit card numbers, banking details, or other payment instrument data. All subscription purchases and in-app transactions are processed exclusively by Apple Inc. through the App Store payment infrastructure. Billing history and payment records are maintained by Apple, not by TSF Band. We may verify the status of your subscription through Apple's server-to-server notification system.
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. Users between the ages of 13 and 18 must obtain consent from a parent or legal guardian prior to using the Service. If you believe that a child under 13 has provided personal information to us, please contact us immediately through our contact form so that we can take appropriate steps to delete such information.
The Service may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to any third-party services, and we are not responsible for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.
We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you through the application and update the "Effective date" at the top of this page. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the contact form on our website.