Pre-launchthese documents are pending professional legal review before public launch. Provided here for transparency.

privacy policy

Effective date: May 8, 2026 · Last updated: May 9, 2026

This Privacy Policy describes how divehouse ("we", "us", "our") collects, uses, and shares information when you use our services (the "Service"). divehouse is operated by divehouse, LLC, with offices at 6901 S. Custer Rd, McKinney, TX 75070, USA. Questions? Contact support@divehouse.app.

The Service is intended for users in the United States. We do not actively market or offer the Service to users outside the United States, and we do not currently configure the Service for compliance with non-US data protection regimes such as the EU/UK GDPR.

information we collect

account information

When you sign up, we collect your email address. Authentication is handled by our identity provider, WorkOS, which issues you a session cookie when you sign in. After signing in, you may optionally provide additional profile details (display name, username, bio, profile photo). Profile photos you upload are stored in Cloudflare R2 and served from a public URL on our domain. You may also provide an optional preferred email for divehouse communications, separate from your sign-in email.

activity & engagement data

As you use the Service, we collect information about your interactions:

  • Events you save, RSVP to, or follow
  • Organizations (bands, venues, promoters) you follow
  • Genre and event-type preferences you set or that we infer from your activity
  • Search queries within the Service
  • Information about your device and browser (user agent, IP address) for security and fraud prevention

You control which categories of email divehouse sends you (event reminders, new shows from accounts you follow, event updates, marketing) and the visibility of your profile and activity through your account settings at /discover/profile/settings. Profile visibility, activity visibility, and transactional emails default to on; marketing email defaults to off.

precise location

When you click the location button on divehouse, your browser asks for permission to share your device's precise location. If you allow it, we receive a latitude and longitude in your browser. Those coordinates are then sent to our own server endpoint, which forwards them to BigDataCloud, our reverse-geocoding subprocessor, and returns the corresponding city, region, and country.

We store the coordinates and resolved city and region in your browser's local storage so you don't have to re-set your location on each visit. If you are signed in, we also store your last-set location on your divehouse user profile so it follows you across devices.

You may revoke geolocation permission at any time through your browser's site settings. To clear the stored value, clear your browser's storage for divehouse. Signing out of divehouse on a shared device also clears the local copy. Signed-in users can remove the value from their profile via the location button or by contacting support.

optional integrations

You may connect third-party music services (currently Spotify and Apple Music). When you do, we receive limited information from those services (such as your top artists and listening history) to provide personalized recommendations. You may disconnect these integrations at any time, which removes our ongoing access.

organization data

If you operate as a band, venue, or promoter on the Service, we collect information about your organization (name, description, location, branding) and the events you list (titles, descriptions, dates, locations, ticket types, photos, attachments).

performer placeholder profiles

If an organization lists you as a performer at an event before you've signed up for divehouse, we may create a placeholder artist profile under your name so the event listing has somewhere to point. The profile contains only the name the organization provided; no personal information is associated with it until you claim it. You can claim, correct, or remove the profile by emailing support@divehouse.app.

venue placeholder profiles

Similarly, when an organization selects a venue for an event, we may create a placeholder venue profile for that location so the listing has consistent venue information across the Service. The profile contains only publicly available business information (name, address, coordinates) sourced from Google Places. A venue owner can claim the profile by emailing support@divehouse.app or through the claim flow when it launches.

venue data from Google Places

When an organization configures the venue for an event, the organizer's typed search string is sent to the Google Places API to surface real venues and addresses. We store the resulting venue's structured data (name, address, coordinates, Google's stable place id) so the listing has consistent information across the Service.

communications

If you opt in to receive communications from organizations you follow, those organizations may send you email or SMS via our messaging tools. You can opt out at any time using the link or instructions in each message.

analytics

We use PostHog to understand how the Service is used. PostHog collects events such as page views and clicks. This data is used in aggregate to improve the Service.

how we use information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Personalize event discovery and recommendations
  • Allow organizations to communicate with their followers (only when you opt in)
  • Send transactional messages (sign-in codes, ticket confirmations, updates for events you've RSVP'd to)
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Comply with legal obligations

how we share information

service providers (subprocessors)

We share information with vendors who help us operate the Service. These providers process information on our behalf under contractual data protection terms:

  • WorkOS — identity & authentication
  • Convex — application database & backend
  • Vercel — web hosting
  • Cloudflare R2 — file storage (user-uploaded profile photos, event flyers, organization assets)
  • Resend — transactional email
  • PostHog — product analytics
  • BigDataCloud — reverse geocoding to resolve coordinates to city and region (when you set your location)
  • Google Places API — venue and address lookup when an organization adds a venue to an event
  • Stripe — payment processing for tickets and divehouse subscriptions; uses Stripe Connect so ticket payouts go directly to the listing organization, not to divehouse

with other users & organizations

Some of your activity is visible to others by design:

  • If you RSVP to a public event, the listing organization can see that you RSVP'd
  • Your public profile (name, avatar) appears on actions like RSVPs and follows

You can adjust what's visible in your account settings.

legal & safety

We may disclose information if required by law, subpoena, or to protect the rights and safety of users or the Service.

we do not sell your information

We do not sell personal information to third parties for advertising or marketing purposes.

cookies & similar technologies

We use a small number of cookies and similar browser storage:

  • Session cookie — set by WorkOS to keep you signed in
  • Local storage — used to remember your set location and other UI preferences. Local storage is similar to cookies but stays in your browser and isn't automatically sent to our servers.
  • Analytics cookies — set by PostHog (subject to your consent state where applicable)

You can control cookies through your browser settings. Disabling the session cookie will prevent you from staying signed in.

your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to certain processing
  • Withdraw consent for optional processing (e.g., music service integrations)

To exercise these rights, email support@divehouse.app.

If you are a California resident, you have rights under the CCPA/CPRA, including the right to know what personal information we hold, request deletion or correction, and opt out of any "sale" or "sharing" (we do neither). You may exercise these rights via the contact above.

data retention

We retain account information while your account is active. When you delete your account, we delete or anonymize your personal information within 30 days, except where we have legal obligations to retain it (e.g., financial records related to ticket purchases, retained for 7 years).

minors

The Service is intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, please contact us at support@divehouse.app so we can remove it.

security

We use reasonable technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, and regular security reviews. No system is perfectly secure; we encourage you to use a strong, unique password for the email address you use to access the Service.

changes to this policy

We will update this policy when our practices change. For material changes, we'll notify you by email and/or in-app banner before the changes take effect. The effective date at the top reflects the current version.

contact

Email: support@divehouse.app
Mailing address: divehouse, LLC, 6901 S. Custer Rd, McKinney, TX 75070, USA