Last updated: May 10, 2026

Plain-English summary: we use your location to find events near you, we don't sell your data, and we hand approximate location to a few event-API partners (Ticketmaster, SeatGeek, the US Census Bureau) so we can return events in your area. The details follow.

1. Information We Collect

We collect the following categories of personal information:

Account Information: Email address, first name, display name, and birthdate when you create an account.
Profile Information: City, state, ZIP code, default search radius, interest/category preferences, profile image, and bio.
Precise Location (GPS): If you grant browser geolocation permission, we read your GPS coordinates to find events near you. Coordinates are stored on your profile and overwritten each time you share a new location. We do not keep a location history.
Usage Data: Events you view, save, and submit; groups you join; plans you create.
Device Information: Browser type, operating system, IP address, and device identifiers for analytics and security.
Payment Information: Processed by Stripe. We do not store credit card numbers.

2. How We Use Your Location

Your location is used to find events near you. To do that, we send your approximate location to the following service providers, on your behalf, when you sign in or change your location:

Ticketmaster Discovery API (api.ticketmaster.com): receives your latitude and longitude with a 50-mile search radius to return ticketed events near you.
SeatGeek (api.seatgeek.com): receives your latitude and longitude with a 50-mile search radius to return ticketed events near you.
US Census Bureau Geocoder (geocoding.geo.census.gov): receives your coordinates (or ZIP) to resolve them to a city and state.
Zippopotam.us (api.zippopotam.us): public ZIP-to-coordinates lookup used as a fallback when the Census geocoder cannot resolve a rural ZIP. Receives only your 5-digit ZIP code.
National Park Service Events API (developer.nps.gov): receives only a park code matched to your city. Your GPS coordinates are not sent to NPS.

These services act as service providers under California law, using your location only to return events to us on your behalf. We do not sell, rent, or trade your location data to anyone for advertising, data brokerage, or any other secondary use.

3. How We Use Your Other Information

Personalize event recommendations based on your location and interests.
Send account-related communications (email confirmations, weekly event digests).
Process subscriptions and payments through Stripe.
Improve the Service through aggregated, anonymized analytics.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Event Content from Public Sources

We aggregate event information from publicly available calendars, chamber of commerce sites, community newspapers, and the event-API partners listed above. We extract factual event details (title, date, venue, price, age guidance) verbatim and link back to the original source on every listing. We do not claim ownership of third-party event content. If you operate a website we crawl and want changes, see our scraper info page for opt-out and takedown instructions.

5. AI Processing

We use Anthropic Claude in two narrow ways. (a) Content moderation on user-submitted events: only the title, description, and location of the submission are sent. No personal user data is transmitted. (b) Structured extraction from public event-source HTML during scraping: only the publicly fetched page contents are sent, never your profile data, location, or messages.

6. Service Providers

We use the following third-party services to operate the Service. Each acts under a contractual obligation to use your data only for the stated purpose.

Supabase (database, authentication): hosted on AWS, US region.
Vercel (web hosting, serverless functions): may collect anonymous request-level data.
Stripe (payment processing): PCI-DSS compliant.
Resend (transactional email).
Ticketmaster, SeatGeek, NPS, US Census Bureau: described in section 2.
Anthropic: described in section 5.

7. Data Retention

We retain your profile and account information for as long as your account is active. Internal logs of event-search activity are kept for diagnostic and rate-limiting purposes for up to 90 days and then automatically purged. When you delete your account, we delete your profile, location data, and associated log records within 30 days, except that records held by our payment processor (Stripe) may be retained by Stripe under its own retention policies and tax/accounting requirements. We retain anonymized records and transaction information where the law requires it.

8. Data Storage & Security

Your data is stored on Supabase (hosted on AWS in the United States). We use industry-standard encryption for data in transit (TLS 1.2+) and at rest (AES-256). Access to production databases is restricted to authorized personnel.

9. Your Rights

You have the following rights:

Right to Know: Request a copy of the personal information we hold about you.
Right to Correct: Update your profile (display name, city, state, ZIP, radius, interests) directly in Settings, or contact us for any other correction.
Right to Delete: Delete your account and associated data from the Settings page.
Right to Opt-Out of Sale or Share: We do not sell or share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: Precise geolocation is treated as Sensitive Personal Information under the California Privacy Rights Act. We use it only to find events near you and do not use it to infer characteristics about you. You may ask us to limit its use to that purpose by contacting the address below.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit any request, email hello@theboredplan.app. We will respond within 45 days, consistent with the California Consumer Privacy Act.

10. Children's Privacy (COPPA)

The Bored Plan is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at hello@theboredplan.app and we will delete the account and associated data.

11. Cookies & Tracking

We use the following cookies:

Authentication cookies set by Supabase to keep you signed in.
Preference cookies remembering your theme, language, and interface layout (sidebar state, layout style).
CSRF cookies protecting form submissions and authenticated API calls from cross-origin abuse.
Partner attribution cookie (tbp_partner_id): set when you scan a partner QR code (chamber of commerce, venue, business) so we can credit that partner if you sign up or submit an event. HMAC-signed, 90-day lifetime, no third party reads it.

We also use Vercel Analytics for privacy-preserving usage statistics about which pages get visited. We do not use third-party advertising trackers, Facebook Pixel, Google Tag Manager, or programmatic ad networks.

12. Our Scraper

We operate an automated bot, TheBoredPlanBot, that reads publicly available event calendars to populate listings. The bot honors robots.txt, throttles to one request every 3 seconds per host, and identifies itself with a User-Agent that links to our scraper info page. Site operators may opt out via robots.txt or by emailing us.

13. Changes to This Policy

If we update this Privacy Policy, we will post the new version and update the “Last updated” date at the top.

14. Contact

Privacy questions or data requests? Email hello@theboredplan.app.

Last updated: May 10, 2026

1. Information We Collect

We collect the following categories of personal information:

Account Information: Email address, first name, display name, and birthdate when you create an account.
Profile Information: City, state, ZIP code, default search radius, interest/category preferences, profile image, and bio.
Precise Location (GPS): If you grant browser geolocation permission, we read your GPS coordinates to find events near you. Coordinates are stored on your profile and overwritten each time you share a new location. We do not keep a location history.
Usage Data: Events you view, save, and submit; groups you join; plans you create.
Device Information: Browser type, operating system, IP address, and device identifiers for analytics and security.
Payment Information: Processed by Stripe. We do not store credit card numbers.

2. How We Use Your Location

Your location is used to find events near you. To do that, we send your approximate location to the following service providers, on your behalf, when you sign in or change your location:

Ticketmaster Discovery API (api.ticketmaster.com): receives your latitude and longitude with a 50-mile search radius to return ticketed events near you.
SeatGeek (api.seatgeek.com): receives your latitude and longitude with a 50-mile search radius to return ticketed events near you.
US Census Bureau Geocoder (geocoding.geo.census.gov): receives your coordinates (or ZIP) to resolve them to a city and state.
Zippopotam.us (api.zippopotam.us): public ZIP-to-coordinates lookup used as a fallback when the Census geocoder cannot resolve a rural ZIP. Receives only your 5-digit ZIP code.
National Park Service Events API (developer.nps.gov): receives only a park code matched to your city. Your GPS coordinates are not sent to NPS.

3. How We Use Your Other Information

Personalize event recommendations based on your location and interests.
Send account-related communications (email confirmations, weekly event digests).
Process subscriptions and payments through Stripe.
Improve the Service through aggregated, anonymized analytics.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Event Content from Public Sources

5. AI Processing

6. Service Providers

We use the following third-party services to operate the Service. Each acts under a contractual obligation to use your data only for the stated purpose.

Supabase (database, authentication): hosted on AWS, US region.
Vercel (web hosting, serverless functions): may collect anonymous request-level data.
Stripe (payment processing): PCI-DSS compliant.
Resend (transactional email).
Ticketmaster, SeatGeek, NPS, US Census Bureau: described in section 2.
Anthropic: described in section 5.

7. Data Retention

8. Data Storage & Security

9. Your Rights

You have the following rights:

Right to Know: Request a copy of the personal information we hold about you.
Right to Correct: Update your profile (display name, city, state, ZIP, radius, interests) directly in Settings, or contact us for any other correction.
Right to Delete: Delete your account and associated data from the Settings page.
Right to Opt-Out of Sale or Share: We do not sell or share personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: Precise geolocation is treated as Sensitive Personal Information under the California Privacy Rights Act. We use it only to find events near you and do not use it to infer characteristics about you. You may ask us to limit its use to that purpose by contacting the address below.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit any request, email hello@theboredplan.app. We will respond within 45 days, consistent with the California Consumer Privacy Act.

10. Children's Privacy (COPPA)

11. Cookies & Tracking

We use the following cookies:

Authentication cookies set by Supabase to keep you signed in.
Preference cookies remembering your theme, language, and interface layout (sidebar state, layout style).
CSRF cookies protecting form submissions and authenticated API calls from cross-origin abuse.
Partner attribution cookie (tbp_partner_id): set when you scan a partner QR code (chamber of commerce, venue, business) so we can credit that partner if you sign up or submit an event. HMAC-signed, 90-day lifetime, no third party reads it.

12. Our Scraper

13. Changes to This Policy

If we update this Privacy Policy, we will post the new version and update the “Last updated” date at the top.

14. Contact

Privacy questions or data requests? Email hello@theboredplan.app.

Privacy Policy

Our privacy policy and how we use your data

1. Information We Collect

2. How We Use Your Location

3. How We Use Your Other Information

4. Event Content from Public Sources

5. AI Processing

6. Service Providers

7. Data Retention

8. Data Storage & Security

9. Your Rights

10. Children's Privacy (COPPA)

11. Cookies & Tracking

12. Our Scraper

13. Changes to This Policy

14. Contact

Privacy Policy

Our privacy policy and how we use your data

1. Information We Collect

2. How We Use Your Location

3. How We Use Your Other Information

4. Event Content from Public Sources

5. AI Processing

6. Service Providers

7. Data Retention

8. Data Storage & Security

9. Your Rights

10. Children's Privacy (COPPA)

11. Cookies & Tracking

12. Our Scraper

13. Changes to This Policy

14. Contact