← MyTotem

Privacy Policy

Effective Date: April 30, 2026

Last Updated: April 30, 2026

Introduction

MyTotem ("the App") is a festival squad coordination app that helps friend groups plan and sync their schedules at music festivals. This Privacy Policy explains what information the App collects, how it is collected, how it is used, and your rights regarding that information.

MyTotem is developed and operated by Dennis Ong ("Developer," "we," "us," or "our"). By using the App, you agree to the practices described in this Privacy Policy and our Terms of Service.

Contact: hello@mytotem.me

Age Requirement

MyTotem is restricted to users who are 18 years of age or older. By creating an account, you confirm that you are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a user under 18, we will delete that information immediately. If you believe a user under 18 has provided us with personal data, please contact us at the email above.

Consent

We collect your personal data only with your knowledge and consent. By creating an account, you agree to this Privacy Policy and our Terms of Service. Where specific permissions are required (such as push notifications), we request your explicit consent through a system prompt before enabling that feature. You may withdraw your consent at any time by deleting your account or adjusting your device settings.

Information We Collect

Information You Provide Directly

When you create an account and use the App, you may provide the following information:

  • Email address — collected when you create an account through our signup form; used for authentication, login, and password reset
  • Password — collected when you create an account through our signup form; securely hashed and stored by Supabase Auth; we never see or store your plaintext password
  • Display name — collected when you complete or edit your profile; an optional name shown to your squad members
  • Bio — collected when you complete or edit your profile; an optional short description shown on your profile
  • Festival attendance selections — collected when you tap on a set to mark it as "going" or "interested"; visible to your squad members
  • Squad membership — collected when you create or join a group; includes the groups you belong to and the members within them
  • Meetup spots — collected when you set a meetup location within the App for coordinating with your squad

Information Collected Automatically

  • Crash and error reports — if the App crashes or encounters an error, anonymized diagnostic data is automatically sent to our crash reporting service (Sentry). This data does not include your email, name, IP address, or any personally identifiable information. We actively strip PII before any report is transmitted.
  • Push notification tokens — if you grant notification permission through the system prompt, Apple assigns a device token so we can send you set reminders. This token is not linked to your identity outside of the App.

Information We Do NOT Collect

  • Location data — the App does not request, access, or store your GPS location
  • Contacts — the App does not access your phone contacts
  • Photos or media — the App does not access your camera or photo library
  • Device identifiers for advertising — we do not collect IDFA or any advertising identifiers
  • Usage analytics or behavioral tracking — we do not use analytics platforms, and we do not track how you navigate the App

Do Not Track

We do not track users across third-party websites or services. Because no tracking occurs, the App does not respond to "Do Not Track" (DNT) browser signals, as there is no tracking to disable.

How We Use Your Information

We use the information described above solely for these purposes:

  • Account management — to create and maintain your account, verify your email, and let you log in
  • Core app functionality — to let you mark set attendance, create and join squads, and share your schedule with squad members
  • Push notifications — to send you reminders before sets you've marked (only if you opt in)
  • Crash reporting — to identify and fix bugs that affect your experience
  • Account deletion — to process your request when you choose to delete your account

We do not use your information for advertising, profiling, marketing emails, or selling to third parties.

How Your Information Is Shared

With Your Squad Members

When you join a squad (group), certain information is visible to other members of that squad:

  • Your display name
  • Your bio
  • Your festival attendance selections (which sets you're attending)

This sharing is a core feature of the App — it's how your crew coordinates. Attendance picks are visible to all members of any squad you share a festival with.

With Third-Party Service Providers

We use the following services to operate the App. These providers only process data as necessary to provide their services to us. All third-party service providers are required to provide the same or equal protection of user data as described in this Privacy Policy.

ServicePurposeData SharedPrivacy Policy
SupabaseAuthentication, database, and backend infrastructureEmail (hashed password stored by Supabase Auth), display name, bio, attendance data, squad datasupabase.com/privacy
SentryCrash and error reportingAnonymized crash logs (no PII — email, IP, and identifying info are stripped before transmission)sentry.io/privacy
Apple Push Notification service (APNs)Delivering push notificationsDevice push token and notification contentapple.com/privacy

We Never

  • Sell your personal data to anyone
  • Share your data with advertisers
  • Use your data for targeted advertising
  • Provide your data to data brokers

Data Storage, Hosting, and Security

  • Server-side data is stored in Supabase, which uses PostgreSQL databases hosted in the United States (North America). Supabase enforces Row Level Security (RLS) — meaning the database itself ensures that you can only access data you're authorized to see
  • On-device data is cached locally using SQLite for offline functionality, and authentication tokens are stored in iOS Secure Enclave via expo-secure-store (hardware-backed encryption)
  • Passwords are never stored in plaintext — Supabase Auth handles hashing and secure storage
  • All data transmitted between the App and our servers is encrypted in transit using HTTPS/TLS

If you are located outside the United States, please be aware that your data is transferred to and stored in the United States. By using the App, you consent to this transfer.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via the email address associated with your account within 72 hours of becoming aware of the breach. The notification will describe the nature of the breach, the types of data involved, and the steps we are taking to address and mitigate the impact.

Data Retention and Deletion

Account Deletion

You can delete your account at any time from within the App (Settings → Delete Account). When you delete your account:

  • All your data in our active database is permanently and immediately deleted — this includes your profile, attendance selections, squad memberships, and any activity history
  • Residual copies of deleted data may persist in automated infrastructure backups maintained by our hosting provider (Supabase) and are purged according to their standard retention schedule
  • All locally cached data on your device is wiped
  • All scheduled notifications are canceled
  • This action is irreversible

Data Retention

We retain your data only for as long as your account exists. We do not independently maintain backups of user data beyond our hosting provider's automated infrastructure backups. If you simply stop using the App without deleting your account, your data remains on our servers until you return or request deletion.

Offline Functionality

MyTotem is designed to work without an internet connection — a common scenario at music festivals. To make this possible:

  • Festival schedules, your attendance selections, and squad data are cached on your device in a local SQLite database
  • Changes you make while offline are queued and automatically synced to our servers when connectivity is restored
  • No data is sent to any third party while you are offline

App Store Privacy Label

When you view MyTotem on the Apple App Store, you will see a Privacy Nutrition Label summarizing our data practices. Here is how our data collection maps to Apple's categories:

Data Linked to You (used for App Functionality)

  • Email address
  • Name (display name)

Data Not Linked to You (used for App Functionality)

  • Crash data (anonymized diagnostics via Sentry)

Data Not Collected

Location, contacts, photos, browsing history, search history, identifiers (IDFA), purchases, financial info, health and fitness data, sensitive info, usage data, diagnostics beyond crash reports

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate data
  • Deletion — delete your account and all associated data (available directly in the App)
  • Data portability — request your data in a portable format

To exercise any of these rights, contact us at hello@mytotem.me. We will respond to all data rights requests within 30 days of receiving them.

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the purposes for which it is used, and whether it is sold or disclosed to third parties. We do not sell personal information. You may request deletion of your data at any time using the in-app account deletion feature or by contacting us. We will respond to verifiable consumer requests within 45 days, as required by the CCPA.

European Residents (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is:

  • Performance of a contract — processing necessary to provide the App's core features (account, squads, attendance)
  • Legitimate interest — crash reporting to maintain App stability
  • Consent — push notifications (you can opt out at any time via device settings)

Please note that your data is stored in the United States. For international data transfers, we rely on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms as provided by our hosting provider, Supabase. You may request a copy of the relevant transfer safeguards by contacting us.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of New York, United States, without regard to its conflict of law provisions.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or via email. The "Last Updated" date at the top of this page reflects the most recent revision.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Dennis Ong
Email: hello@mytotem.me

Version History

VersionDateChanges
1.0April 30, 2026Initial publication

This privacy policy was last updated on April 30, 2026.

← Back to MyTotem