Privacy Policy

Last updated: February 25, 2026

ConcertsToAttend ("we", "us", "our") operates concertstoattend.com (the "Service"). This policy explains what personal data we collect, why we collect it, and your rights under the EU General Data Protection Regulation (GDPR).

1. Data controller

The data controller is ConcertsToAttend. For privacy questions or data requests, email admin@concertstoattend.com.

2. What data we collect

Account data

When you create an account we store:

Email address
Display name (optional)
Password (securely stored, never in plain text)

Usage data

Artists you track and concerts you save
Notification delivery records (to avoid duplicates)
Email notification preferences

Technical data

IP address prefix — stored temporarily for rate limiting and abuse prevention
Anonymised page-view and performance data via Google Analytics (only if you opt in via the cookie banner)

3. Why we collect data (legal basis)

Purpose	Legal basis (GDPR Art. 6)
Provide the Service (accounts, saved concerts, artist tracking)	Performance of contract
Send concert alerts and reminders you opted into	Consent
Send transactional emails (welcome, account changes)	Legitimate interest
Measure site usage with analytics (when you opt in)	Consent
Prevent abuse (rate limiting)	Legitimate interest

4. Third-party services

We share data with the following processors, solely to operate the Service:

Vercel — hosting (privacy policy)
Neon — database (privacy policy)
Resend — email delivery (privacy policy)
Google — sign-in and analytics (privacy policy)
Mapbox — venue maps (privacy policy)

We also query public music APIs (such as Spotify, Ticketmaster, MusicBrainz, and YouTube) for artist and event metadata. No user personal data is sent to these services.

We do not sell your data to anyone.

5. Cookies

Necessary cookies

We use a single session cookie to keep you signed in. It is strictly necessary for the Service to function and is not used for tracking or advertising.

Analytics cookies

If you give consent via our cookie banner, we enable Google Analytics, which sets its own cookies to measure how visitors use the site. IP addresses are anonymised. You can enable or disable analytics cookies at any time using the "Cookie Settings" link in the footer.

We do not use advertising cookies or third-party tracking cookies for ad targeting.

6. Data retention

Account data is kept as long as your account exists.
Notification records are kept while your account exists.
IP-based rate-limiting records are kept temporarily and purged automatically.
If you enable analytics, Google retains aggregated data according to its own retention settings.

7. Your rights

Under the GDPR you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — delete your account and all associated data
Portability — export your data in a machine-readable format
Withdraw consent — e.g. disable email notifications at any time
Lodge a complaint — with a supervisory authority (in Denmark: Datatilsynet)

To exercise any of these rights, email admin@concertstoattend.com or use the relevant controls in your account settings.

8. Security

Passwords are securely hashed. All connections use HTTPS. Database access is restricted to application services only.

9. International data transfers

Some of our processors (Vercel, Google, Mapbox) are based in the United States. Where data is transferred outside the EU/EEA, it is protected by the EU–U.S. Data Privacy Framework or Standard Contractual Clauses, as applicable.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.

← Back to home