Privacy Policy
Last updated: 2026-06-03
1. Who we are (Data Controller)
The Livit mobile application (the "App") and the website https://joinlivit.com (the "Website") are operated by StageFront LLC, a Limited Liability Company (LLC) organized under the laws of the State of Wyoming, United States, with principal place of business at 30 N Gould St Ste R, Sheridan, WY 82801, EIN 98-1833660 (referred to as "we", "us", or "the Company").
The Company is the data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and equivalent laws.
For any privacy-related question, contact: support@joinlivit.com.
2. EU / UK Representative
Because the Company is established outside the European Union but offers services to data subjects in the EU, the Company will appoint an EU Representative under Article 27 GDPR before the App's public launch in the European Union. In the interim, EU data subjects may contact the Company directly at support@joinlivit.com on any matter related to the processing of their personal data; the Company remains the data controller.
A UK Representative under UK GDPR § 13 will be appointed before the App's public launch in the United Kingdom on the same terms.
3. Data we collect
3.1 Data you provide
- Email address (via Apple Sign-In or Google Sign-In)
- Username (pseudo) and display name
- Profile photo (optional)
- Biography (optional)
- Music preferences (favorite artists, genres, regions)
- Friends list and friend requests
- Messages sent in private and public conversations
- Shared media (photos, videos, audio)
- Reactions and reports
3.2 Data collected automatically
- Unique account identifier (Firebase UID)
- Device identifier (Firebase Installation ID)
- Push notification token (FCM token)
- Device language
- IP address (server logs, retained 90 days for security purposes)
- Crash and stability data (anonymized via Firebase Crashlytics where applicable)
- Subscription / entitlement status
3.3 Data we do not collect
- Precise geolocation
- Address book
- Photos from the camera roll (other than those you actively choose to share)
- Health, biometric, religious, political, or trade-union data
3.4 Sources other than you
We may obtain data from:
- Apple Inc. and Google LLC at sign-in (the email and unique ID associated with your platform account, plus subscription transaction data)
- RevenueCat, Inc. (subscription status updates from your Apple/Google account)
4. Purposes and legal bases (GDPR Article 6)
| Purpose | Legal basis |
|---|---|
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Displaying conversations, friends, followed artists | Performance of contract |
| Push notifications (concert alerts, messages) | Performance of contract + legitimate interest (Art. 6(1)(f)) |
| Content moderation and abuse reports | Legitimate interest + legal obligation (Art. 6(1)(c)) under French LCEN |
| Subscription management | Performance of contract |
| Security (IP logs, abuse detection) | Legitimate interest |
| Aggregated usage statistics | Legitimate interest |
| Marketing communications (where applicable) | Consent (Art. 6(1)(a)) — revocable at any time |
5. Data processors and recipients
Your data is processed by the following sub-processors, with whom we have signed Data Processing Agreements (DPAs):
| Processor | Country | Purpose |
|---|---|---|
| Google Ireland Limited (Firebase) | Ireland (EU) | Hosting, database, authentication, push notifications, storage |
| Google LLC (Google Cloud) | United States | Cloud Functions, Cloud Tasks, supporting infrastructure |
| Apple Inc. | United States | Apple Sign-In, In-App Purchases, iOS push notifications |
| RevenueCat, Inc. | United States | Subscription management |
If additional processors are added, this section will be updated and material additions notified to users in-app.
5.1 International data transfers
Some processors are located in the United States. These transfers are governed by:
- The European Commission's Standard Contractual Clauses (SCCs) (Module 2: controller-to-processor), incorporated into each DPA we sign with a non-EU processor; and/or
- The EU-US Data Privacy Framework (where the processor is self-certified — verifiable at www.dataprivacyframework.gov).
A copy of the safeguards in place is available on request to support@joinlivit.com or the EU Representative.
6. Retention periods
| Data | Period |
|---|---|
| Active user account | For the entire duration of use |
| Inactive account | 3 years after last login (then deletion / anonymization) |
| Messages | For the duration of use; deleted on account deletion |
| Connection logs (IP, timestamp) | 1 year |
| Billing-related data | 7 years (US tax record-keeping obligation) |
| Marketing data | 3 years after the last contact |
| Reports and moderation data | 1 year after resolution |
| Backups | Rolling 30-day window, then overwritten |
7. Your rights under GDPR (EU/EEA/UK users)
You have the following rights regarding your personal data:
- Right of access (Art. 15) — obtain a copy of your data.
- Right to rectification (Art. 16) — correct inaccurate data.
- Right to erasure (Art. 17) — delete your account and data ("right to be forgotten").
- Right to restriction of processing (Art. 18).
- Right to object (Art. 21) — particularly for marketing.
- Right to data portability (Art. 20) — receive your data in a structured, commonly-used format.
- Right to withdraw consent at any time, where processing is based on consent.
- Right to lodge a complaint with a supervisory authority — the French CNIL (www.cnil.fr) for French residents, or the lead authority in your country.
To exercise these rights:
- Write to support@joinlivit.com, OR
- Contact our EU Representative once appointed (interim: support@joinlivit.com), OR
- Use the "Delete my account" feature inside the App.
We respond within a maximum of one month (extensible to three months for complex requests, with notice).
8. Your rights under US state privacy laws
8.1 California — CCPA / CPRA
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information we collect, use, disclose, and sell or share.
- Right to delete personal information.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of personal information.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising any of these rights.
To exercise CCPA rights, contact support@joinlivit.com.
We do not sell personal information as defined by the CCPA, and we do not share personal information for cross-context behavioral advertising as defined by the CPRA. If this changes, this section will be updated and the opt-out mechanism described.
This section is provided as a courtesy. Whether StageFront LLC meets the CCPA's quantitative thresholds at any given time may vary; the protections described below are extended to California residents regardless.
8.2 Virginia, Colorado, Connecticut, and other states
Comparable rights are granted by the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA). Residents of those states may exercise the same rights via support@joinlivit.com.
9. Security
We implement technical and organizational measures to protect your data: TLS encryption in transit, encryption at rest on Firebase infrastructure, authentication-based access control, admin access logging, periodic security reviews.
No system is invulnerable. In the event of a data breach affecting your rights and freedoms, we will notify the CNIL within 72 hours (GDPR Art. 33) and you when required (Art. 34).
10. Minors
Livit is intended for users aged 15 and older. Users under 15 may only use the App with valid parental consent under applicable law.
The App is not directed to children under 13, and we do not knowingly collect data from children under 13 (COPPA compliance). If we become aware that an account belongs to a child under 13 without verified parental consent, we will delete it without notice.
11. Cookies and trackers
The mobile App does not use cookies in the classical sense. It uses technical identifiers (Firebase Installation ID, FCM token, RevenueCat App User ID) strictly necessary for the service to function. These do not require prior consent under Article 82 of the French Data Protection Act because they are essential.
The Website https://joinlivit.com may use cookies — see the separate Cookie Policy on the Website if applicable.
If we add third-party analytics or advertising trackers in the future, we will obtain consent first.
12. Automated decision-making
We do not perform automated decision-making, including profiling, that produces legal or similarly significant effects on you (GDPR Art. 22).
Content moderation may use automated filtering (e.g., slur detection); positive matches trigger human review before any account action.
13. Changes to this policy
We may modify this policy to reflect legal or functional changes. Material changes (new processors, retention period changes, new categories of data) will be notified by email or via an in-app banner at least 15 days before they take effect. Continued use of the App after that date constitutes acceptance.
14. Contact
For any question about this policy or your personal data:
- Email: support@joinlivit.com
- Postal: StageFront LLC, 30 N Gould St Ste R, Sheridan, WY 82801
- EU Representative: to be appointed before EU public launch (interim contact: support@joinlivit.com)
- UK Representative: to be appointed before UK public launch (interim contact: support@joinlivit.com)
To file a complaint:
- France: CNIL, 3 place de Fontenoy — TSA 80715 — 75334 PARIS CEDEX 07 (www.cnil.fr)
- Other EU countries: your national supervisory authority (list at edpb.europa.eu)
- California: California Attorney General's office (oag.ca.gov)