enc0re

enc0re, Inc.
Privacy Policy

Effective Date: February 12, 2026

This Privacy Policy describes the privacy practices of enc0re, Inc. (“enc0re,” “we,” “us,” or “our”) and how we collect, use, disclose, and protect information when you use the enc0re mobile application and related services (collectively, the “Service”).

enc0re is a social music platform that allows users to rate, rank, and discover live music events, connect with other users, and contribute event information. enc0re is based in the United States and provides its Service globally, except in certain jurisdictions where availability is restricted.

By using the Service, you agree to the practices described in this Privacy Policy.

1. Personal Information We Collect

We collect information that you provide to us directly, information generated through your use of the Service, and information collected automatically.

Information You Provide to Us

  • Contact data. Such as your name (if provided), email address, and phone number.
  • Account data. Such as your username, date of birth (for age verification), and the phone number you use to authenticate your account. Authentication is handled through Firebase, a third-party service provided by Google.
  • Profile data. Such as your profile photograph, home city and state or country, social connections, and other information you add to your account profile. This may also include up to three artists you identify as your favorites, which you may update or change at any time.
  • Communications data. Based on our exchanges with you, including when you contact us through the Service, email, social media, or otherwise.
  • User-generated content data. When you use the Service, you may create, submit, or interact with content, including:
    • Event and experience data. Such as events you log or attend, performance and atmosphere ratings, written notes, and other experience-based submissions.
    • Media content. Such as photos, images, videos, and other media you upload or share through the Service in connection with your rankings.
    • Social interactions. Such as tags, comments, queue or bookmark entries, and interactions with other users' content.
    • Content metadata. Metadata associated with user-generated content, which may include timestamps, device information, and information about how content was created, edited, or interacted with.
  • Social and invitation data. Such as information related to invitations you send through the Service, whether those invitations are accepted, and friend connections formed with other users. Each user receives a limited number of invite codes to share. If you grant access to your device contacts, we process contact information (including names and phone numbers) to facilitate friend discovery, social tagging features, and user-initiated notifications. For friend discovery, we store hashed versions of phone numbers to identify other enc0re users. If you use features that allow you to tag a contact at an event, we may use that contact's phone number to deliver a notification (such as an SMS) on your behalf, even if that person is not yet an enc0re user. Recipients of such messages may opt out at any time. We do not store your contacts' phone numbers in plaintext for friend-discovery purposes. Please only share contact information with us if you have permission to do so. Users are responsible for ensuring they have permission to share contact information and initiate notifications to third parties.
  • Content reports. If you report content or users (for spam, harassment, nudity, impersonation, or other reasons), we collect the information you include in the report.
  • Promotion data. If you participate in promotions, surveys, contests, or giveaways, we may collect contact data to administer the promotion, verify eligibility, communicate results, or deliver prizes. Participation is voluntary, and additional information may be requested depending on the promotion.

Information We Collect Automatically

We, our service providers, and analytics partners may automatically log information about you, your device, and your interaction with the Service over time.

  • Device data. Such as: Device type (e.g., phone, tablet), Operating system type and version, App version and platform information, IP address, Unique device identifiers, Language settings, Firebase Cloud Messaging (FCM) token for push notification delivery
  • Usage and interaction data. Such as: Screens and features viewed, Time spent on screens and session duration, Navigation paths within the app, Search queries, search result clicks, and conversions from search results, Detailed feature interactions including steps in the ranking creation flow, onboarding progress, social engagement, and invite campaign activity, Rankings created, events queued, and other feature engagement, Whether you open emails or click links in communications
  • Location data. With your permission, we collect your approximate location (city-level) to show you nearby events and personalize your recommendations. The Service requests location access (“When In Use”) through your device's operating system. We use this information at a city level and do not track your precise location on an ongoing basis. You may control location access through your device settings at any time.
  • Marketing data. Such as your preferences for receiving marketing communications and details about your engagement with emails, push notifications, or promotional messages, including whether messages were opened or links were clicked. We use Customer.io to deliver email communications. If you provide your email address—whether during account registration or by joining our waitlist—you may receive occasional marketing emails from us (for example, notifications about guest list availability or new features). You may opt out of marketing emails at any time by using the unsubscribe link included in each email or by contacting us.
  • Background processing data. The App may process data in the background when not actively in use, including background fetch to provide timely content updates and remote notifications for push messaging.
  • Derived data. Such as information we derive or infer from your activity on the Service, including preferences, interests, trends, and other insights generated to personalize your experience or support analytics. This data is generated by enc0re and is not directly provided by you.

Information We Obtain from Third Parties

We may receive information about you from other users—for example, when they tag you in a ranking, refer you to the Service via an invite code, or when their synced contacts match your phone number. If you are invited to enc0re through our invite system, we associate your account with the referring user for referral tracking purposes.

We may also combine personal information we receive from you with information obtained from other sources, including:

  • Public sources, such as publicly available event-related information used to populate our event database.
  • Marketing or event partners, such as co-hosted events or promotional collaborations, where you choose to engage with enc0re through those channels.

We do not purchase personal data from data brokers.

Other data. Any other information not specifically listed here that you provide or that is collected in connection with your use of the Service, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

2. How We Use Your Personal Information

We use your personal information for the following purposes:

Service Delivery and Operations

To operate, maintain, and improve the Service and our business, including to:

  • • Create and maintain your account and authenticate your identity via phone-based verification
  • • Provide and personalize the Service
  • • Enable you to rate, rank, and discover live music events
  • • Display your rankings, profiles, and content to other users
  • • Facilitate social features such as friend connections, tagging, and event queues
  • • Facilitate invitations and connections with other users, including delivering SMS notifications to contacts on behalf of users who tag them at events
  • • Process and moderate user-submitted events using automated tools, including artificial intelligence
  • • Deliver push notifications about activity relevant to you, including updates about events and artists in your queue, events and artists that correspond to your past rankings or favorite artists, content we infer you may be interested in, activity from your friends (such as events they attended, liked, or queued), and updates from promoters whose events you have queued or opted into following
  • • Power search functionality across events, artists, venues, and users
  • • Remember preferences, prior activity, and device logins
  • • Communicate service-related announcements, updates, security alerts, and administrative messages
  • • Provide customer support and respond to requests, questions, and feedback

Research, Development, and Analytics

To analyze usage patterns, understand trends, and improve the Service and our business. We track detailed usage events through Firebase Analytics, including screen views, feature interactions (such as steps in the ranking creation flow, search activities, social engagement, and onboarding progress), and engagement metrics. Search analytics data—including search queries, result clicks, and conversions—is also processed through our search providers (Algolia and Typesense) to optimize search relevance and performance. As part of these activities, we may create aggregated, de-identified, or anonymized data from personal information. We may use and share such aggregated, de-identified, or anonymized data for lawful business purposes, including:

  • • Improving and optimizing the Service
  • • Developing new features or products
  • • Generating derived data and inferred insights to personalize the Service
  • • Testing new features via remote configuration and feature flags
  • • Generating insights and analytics
  • • Promoting and growing our business

Aggregated or anonymized data does not identify individual users.

Marketing and Communications

To send marketing or promotional communications, personalize such communications based on your interests, and measure engagement with those communications. This includes:

  • • Email communications delivered through Customer.io, such as notifications about guest list availability, new features, or other updates about the Service
  • • Push notifications about activity, recommendations, or promotional content
  • • SMS or text messages, if you have opted in to receive them
  • • Measuring engagement with our communications, including email open rates and click-through rates

You may opt out of marketing emails at any time by following the unsubscribe instructions in those communications. We may still send essential service-related or account-related messages.

User-generated content—including media uploads, rankings, notes, and other submissions—may be used by enc0re for marketing, promotional, or informational purposes, including on social media or other channels, subject to applicable privacy settings. Use of such content does not imply endorsement by the user.

Advertising and Marketing Partners

We may run general awareness campaigns on third-party platforms, such as Meta (Facebook and Instagram), to promote enc0re to potential new users. These campaigns are managed entirely within those platforms and do not involve sharing personal information collected from enc0re users. We do not use advertising SDKs, behavioral targeting, or ad delivery within the Service, and we do not share user-level data with advertising platforms for targeting or measurement purposes.

We use AppsFlyer, a mobile attribution and analytics platform, to support deep linking functionality (such as invite links and event links). AppsFlyer processes this data on our behalf as a service provider and does not use your personal information for its own advertising purposes. Attribution-based data collection through AppsFlyer is active. AppsFlyer processes install attribution and deep link data to connect referral invites with new user signups.

We do not sell personal information to advertisers, and we do not display third-party advertisements within the Service.

App Tracking Transparency (ATT)

The Service requests the iOS App Tracking Transparency (ATT) permission on first launch. If you grant permission, we access your device's Identifier for Advertisers (IDFA) to improve referral invite attribution accuracy through AppsFlyer. You can change this at any time in Settings > Privacy & Security > Tracking. If you deny permission, the Service continues to function normally; attribution relies on non-IDFA signals.

Events, Promotions, and Contests

To administer promotions, surveys, contests, or events; verify eligibility; communicate with participants; and deliver prizes where applicable. We may also collect personal information at events or through co-sponsored promotions and use it to follow up with participants. Participation in promotions is voluntary.

Compliance and Protection

To:

  • • Comply with applicable laws, regulations, and legal processes
  • • Enforce our Terms of Service and other agreements
  • • Protect the rights, safety, and property of enc0re, our users, and others
  • • Prevent, detect, investigate, and address fraud, abuse, security incidents, or unlawful activity
  • • Use bot detection tools (reCAPTCHA) to protect against automated abuse
  • • Establish, exercise, or defend legal claims
  • • Audit internal processes for compliance with legal and contractual requirements

With Your Consent

Where required by law, we may process personal information based on your consent. You may withdraw consent at any time, subject to legal or contractual restrictions.

3. How We Share Your Personal Information

We do not sell personal information. We may share information in the following circumstances and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

  • Other users and public visibility. All user profiles on the Service are public by default. Your profile information, rankings, scores, reviews, media, and other content you post are visible to other users of the Service. Your username and profile photo are displayed alongside your activity. The Service includes personalized feeds that may surface content from users beyond your immediate friend connections, including friends of friends and other users. No user content is private from other users of the Service or from enc0re. Information you post may be viewed, collected, copied, shared, reposted, or stored by others, and may be distributed beyond the Service. You acknowledge that once you make content publicly available, we cannot control how it is used by others. We are not responsible for the use of publicly available content by other users or third parties.
  • Service providers. We share personal information with third-party service providers that perform services on our behalf or help us operate the Service, including: Firebase (Google) – authentication, database hosting, file storage, push notifications, analytics, remote configuration, and cloud functions; Algolia and Typesense – search indexing, delivery, and search analytics; OpenAI – AI-powered verification and validation of user-submitted event information; Google BigQuery – data warehousing and analytics; Google reCAPTCHA – bot detection and abuse prevention; Customer.io – email marketing delivery and engagement analytics; AppsFlyer – deep linking functionality (such as invite links and event links). Attribution-based data collection is not active in the current version of the Service. These providers are authorized to use personal information only as necessary to provide services to us. We require that each third-party service provider maintain privacy and security protections for personal information that are no less protective than those described in this Privacy Policy.
  • Aggregated, de-identified, or anonymized data. We may use, disclose, license, or sell aggregated, de-identified, or anonymized data that does not identify you personally. This may include insights, analytics, trends, benchmarks, or performance data derived from user activity. Such information may be shared with third parties, including promoters, venues, labels, agencies, partners, researchers, or other commercial counterparties, for lawful business purposes.
  • Business and marketing partners. We may share personal information with business or marketing partners in connection with co-sponsored events, joint promotions, or collaborations, where necessary to administer the applicable program or where you have chosen to participate.
  • Third parties designated by you. We may share personal information with third parties when you direct us to do so or provide consent.
  • Professional advisors. We may disclose personal information to professional advisors, such as lawyers, auditors, accountants, insurers, and financial institutions, where necessary in the course of professional services provided to us.
  • Legal compliance and protection. We may disclose personal information to law enforcement, government authorities, regulators, courts, or private parties where we believe in good faith that disclosure is necessary to comply with applicable law, regulation, or legal process; enforce our Terms of Service or other agreements; protect the rights, safety, or property of enc0re, our users, or others; or prevent, investigate, or address fraud, abuse, security incidents, or unlawful activity.
  • Business transfers. We may disclose personal information in connection with actual or prospective business transactions, such as investments, financings, mergers, acquisitions, reorganizations, asset sales, or similar transactions. In the event of such a transaction, personal information may be transferred to a successor, acquirer, or affiliate as part of the business assets. We will notify you via the Service or email of any such change in ownership or control of your personal information.

4. Your Choices and Controls

In this section, we describe the rights and choices available to all users. California residents can find additional information about their rights in the Notice to California Residents section below. Users located in the European Economic Area (EEA), United Kingdom, or Switzerland can find additional information about their rights in the Notice to European Users section below.

  • Access or update your information. If you have registered for an account, you may review and update certain account information by logging into your account and accessing your profile settings.
  • Account deletion. You may request deletion of your account and associated personal data at any time through the App's settings or by contacting us at info@enc0re.com. Upon deletion, personal information will be deleted or de-identified across our systems (including Firestore, Firebase Storage, Algolia, Typesense, BigQuery, Customer.io, and AppsFlyer) within 30 days. Certain information may be retained as required by law or for legitimate business purposes such as fraud prevention. Aggregated or de-identified data may be retained.
  • Device permissions. You can control the App's access to your device's camera, photo library, contacts, and location through your device's operating system settings. Disabling certain permissions may limit the functionality of the Service.
  • Push notifications. You can opt out of receiving push notifications by adjusting the notification settings on your device.
  • Marketing communications. You may opt out of marketing-related emails by following the unsubscribe instructions included in those emails or by contacting us at info@enc0re.com. If you receive SMS or text messages from us, you may opt out of receiving further text messages by replying STOP to the message or following the instructions provided in the communication. Standard messaging rates may apply. If you opt out of marketing communications, you may still receive service-related messages, such as account notifications, security alerts, and administrative communications.
  • Data collection preferences. The Service requests the iOS App Tracking Transparency (ATT) permission. You may deny or revoke this permission at any time in Settings > Privacy & Security > Tracking. Denying permission does not affect core functionality. Cross-app attribution through AppsFlyer is used solely for referral invite tracking.
  • Third-party platforms. If you encounter enc0re promotions on third-party platforms, those platforms' own privacy settings govern how they display content to you. enc0re does not control or receive data from those interactions.
  • Contact syncing. You may choose not to grant the App access to your contacts. If you have previously synced your contacts, you can revoke this permission through your device settings. We will delete your stored contact hashes upon request or account deletion.
  • Do Not Track. Some web browsers may transmit “Do Not Track” signals. Because there is currently no uniform industry standard governing such signals, we do not respond to them at this time.
  • Declining to provide information. Certain personal information is necessary to provide the Service. If you choose not to provide required information, we may not be able to provide certain features or functionality.

5. Other Sites and Services

The Service may contain links to websites, mobile applications, ticketing platforms, social media pages, or other online services operated by third parties. In addition, certain content or event information displayed within the Service may be provided by third parties. These links and integrations do not constitute an endorsement of, or representation that we are affiliated with, any third party unless explicitly stated. We do not control and are not responsible for the privacy practices, content, or actions of third-party websites, applications, or services. We encourage you to review the privacy policies of any third-party services you access.

6. Security

We employ technical, organizational, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit, secure cloud infrastructure provided by Google Firebase and Google Cloud Platform, phone-based authentication with SMS verification, and hashing of sensitive data (such as contact phone numbers). However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the security of your account access and for restricting access to your device.

7. International Data Transfers

enc0re, Inc. is headquartered in the United States, and our service providers operate in the United States and other countries. Your personal information may be transferred to, stored, and processed in the United States or other countries that may not have the same data protection laws as your country of residence.

When we transfer personal information from the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, to ensure that your personal information is protected in accordance with this Privacy Policy and applicable law.

8. Children

The Service is not intended for children under the age of 18. We require all users to verify that they are at least 18 years old during account registration. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe that a child under 18 has provided us with personal information, please contact us at the address provided below.

9. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time. If we make material changes, we will update the “Effective Date” at the top of this Privacy Policy and provide notice as required by applicable law, such as by posting the updated policy within the Service, through an in-app notification, or through other appropriate communication channels. Any modifications to this Privacy Policy will become effective when we post the revised version (or as otherwise indicated at the time of posting). Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acknowledgment of the updated terms.

10. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

enc0re, Inc.
10719 Rochester Avenue
Los Angeles, CA 90024
Email: info@enc0re.com

11. Notice to California Residents

If you are a California resident, you may have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”). This section describes those rights and how to exercise them.

Right to Know

You have the right to request that we disclose:

  • • The categories of personal information we collect about you
  • • The categories of sources from which personal information is collected
  • • The business or commercial purposes for collecting, selling, or sharing personal information
  • • The categories of third parties to whom we disclose personal information
  • • The specific pieces of personal information we have collected about you

Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain legal exceptions (such as where the information is needed to complete a transaction, detect security incidents, comply with legal obligations, or for certain internal uses compatible with the context in which you provided the information).

Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes for which we process it.

Right to Opt Out of Sale or Sharing

We do not sell your personal information, and we do not share personal information with third parties for cross-context behavioral advertising purposes. The Service requests the iOS App Tracking Transparency (ATT) permission. If granted, IDFA is shared with AppsFlyer solely for referral invite attribution. AppsFlyer acts as a service provider and does not use this data for its own profiling or advertising purposes. You may opt out by denying the ATT prompt or revoking permission in Settings > Privacy & Security > Tracking.

Right to Limit Use of Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those permitted under applicable law, such as providing the Service, ensuring security and integrity, and short-term transient use. As such, no opt-out of this type of use is required.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights, including by denying you access to the Service, providing a different level or quality of service, or charging different rates.

How to Exercise Your California Rights

To exercise your California privacy rights, you may:

  • • Use the in-app account deletion feature to delete your account and associated personal data
  • • Contact us at info@enc0re.com with a description of the right you wish to exercise

We may need to verify your identity before processing certain requests. We will verify your identity by matching information you provide in your request with information we already have on file (such as your phone number or email address associated with your account). You may also designate an authorized agent to make a request on your behalf. If you use an authorized agent, we may require proof of your written authorization and verification of the agent's identity.

We will respond to verifiable consumer requests within 45 days of receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.

12. Notice to European Users

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, this section provides additional information about our processing of your personal data under the General Data Protection Regulation (“GDPR”) and equivalent legislation.

Controller

enc0re, Inc. is the controller of your personal data for purposes of European data protection law. You can reach us using the contact information in Section 10 above.

Legal Bases for Processing

We process your personal data on the following legal bases:

  • Performance of a contract. We process your account information, profile data, rankings, and content as necessary to provide the Service to you under our Terms of Service.
  • Legitimate interests. We process usage data, device data, derived data, analytics, and search queries for our legitimate interests in improving and securing the Service, provided these interests are not overridden by your data protection rights. We process data for fraud prevention, content moderation, and platform safety.
  • Consent. We process your device contacts (for friend discovery), location data, push notification tokens, and marketing communications (including email and SMS) based on your consent, which you can withdraw at any time by adjusting your device settings, unsubscribing from emails, replying STOP to text messages, or contacting us.
  • Legal obligation. We may process your data as necessary to comply with applicable laws and regulations.

Your Rights

Under European data protection law, you have the following rights regarding your personal data:

  • Access. You may request a copy of the personal data we hold about you.
  • Rectification. You may request that we correct inaccurate or incomplete personal data.
  • Erasure. You may request that we delete your personal data in certain circumstances.
  • Restriction. You may request that we restrict the processing of your personal data in certain circumstances.
  • Portability. You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Objection. You may object to our processing of your personal data based on legitimate interests.
  • Withdraw consent. Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us using the information in Section 10. We will respond to your request within the timeframes required by applicable law. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or de-identify your personal data within 30 days, except where we are required by law to retain certain information or where retention is necessary for legitimate business purposes (such as resolving disputes or enforcing our agreements). Aggregated or anonymized data that cannot reasonably be used to identify you may be retained indefinitely for analytical purposes.

Cross-Border Transfers

As described in Section 7, your personal data may be transferred to the United States. When we transfer your data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms recognized under UK or Swiss law.