Privacy Policy

Last updated: 2026-05-11

Jamory (“we”, “us”) is a music collaboration tool for bands and musicians. This policy explains what we collect, why, and your rights over your data.

1. Information we collect

Account data: email address, display name, password hash. Optionally a profile picture if you upload one.

Content you create: bands you create or join, songs, audio recordings, photos, setlists, chat messages, and notes. This content is visible to the members of the bands you belong to.

Usage data: pages visited, features used, errors encountered, approximate device type, browser, screen size. We use this to improve the product and fix bugs.

Cookies: a small number of cookies and similar storage are used to keep you signed in and (with your consent) to power product analytics and advertising measurement.

2. How we use your information

• To provide the service: store your songs, sync your band, send invite emails, send jam reminders.
• To keep the service secure: detect abuse, debug crashes, prevent unauthorized access.
• To improve the product: anonymous-ish funnel analytics on which features are used.
• To communicate with you: transactional emails (password reset, jam reminders). We do not send marketing emails without explicit opt-in.

3. Service providers

We share data only with the following providers, each acting on our behalf:

• Supabase - database, authentication, file storage. Hosted in Asia-Pacific.
• Vercel - web hosting and CDN.
• Cloudflare R2 - encrypted off-site backups of the database and stored files, hosted in the EU region. Backups are symmetric-AES-encrypted before upload, so Cloudflare stores only ciphertext.
• Resend - transactional email (password resets, jam reminders).
• PostHog - product analytics. Used only with your consent.
• Sentry - error monitoring. Used only with your consent.
• Meta (Facebook) and Google - advertising measurement pixels. Used only with your consent.

We do not sell your personal data. We do not share band content (recordings, chat, photos) with anyone outside the providers above.

4. International transfers

Some providers process data in the United States or other regions. By using Jamory you consent to your data being transferred to those regions for the purpose of providing the service.

5. Your rights

You can, at any time:

• Access and export your data - available in account settings or by emailing us.
• Delete your account and all associated data - available in account settings.
• Withdraw your consent for analytics or advertising cookies - via the cookie banner or by clearing your browser storage.
• Lodge a complaint with your local data protection authority.

6. Data retention

Account data is kept while your account is active. When you delete your account, your personal data and band content owned by you is removed within 30 days. Bands you collaborated on but did not own remain with the band. Encrypted off-site backups are retained for up to 30 days for disaster recovery, after which deleted data is permanently purged from backups as well.

7. Security

Audio, photos, and band content are stored with row-level security so only band members can access them. Files are served via signed URLs that expire. Passwords are hashed by Supabase Auth. We cannot guarantee absolute security but follow current best practices.

8. Children

Jamory is not intended for users under the age of 13 (or 16 in the EU/UK). If we learn that we have collected data from a child below this age, we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of Jamory after a change constitutes acceptance.

10. Contact

Questions about privacy or data requests: privacy@jamory.app.