Back to Home

Privacy Policy

Last updated: December 18, 2024

1. Introduction

NextSet ("we", "us", or "our") operates the nextset.ca website and web application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using NextSet, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Name, email address, and password (for email/password authentication)
  • Profile Information: Profile picture (via Google OAuth), phone number (optional)
  • Event Data: Event names, dates, venues, performer information, rundown schedules
  • Payment Information: Billing details processed through Stripe (we do not store full payment card numbers)
  • Communications: Support requests, feedback, and correspondence with us

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Device Information: Browser type, operating system, device type, screen resolution
  • Usage Data: Pages visited, features used, timestamps, click patterns
  • IP Address: Used for approximate geolocation (country/region) for currency display
  • Cookies and Similar Technologies: Session tokens, authentication cookies, preferences
  • QR Code Scans: When users scan event QR codes, we track scan counts and approximate locations

2.3 Information from Third Parties

We receive information from third-party services:

  • Google OAuth: Name, email, profile picture when you sign in with Google
  • Stripe: Payment status, subscription information, billing events
  • Twilio: SMS delivery status (if SMS notifications enabled)

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Authenticate users and maintain account security
  • Send transactional emails (account verification, password resets, payment receipts)
  • Send optional SMS notifications for event updates (if enabled)
  • Provide customer support
  • Analyze usage patterns to improve features
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Display appropriate currency based on your location

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with trusted third parties that help us operate the Service:

  • Railway: Cloud hosting and database services (Canada)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Google: Authentication services
  • Twilio: SMS notification delivery
  • Vercel: Static site hosting for documentation

4.2 Event Participants

Event organizers may view data related to their events, including performer names and schedules. Projector views are designed to be public-facing and may display performer names, set times, and countdown information to event attendees.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

  • Court orders, subpoenas, or legal process
  • Government requests
  • To protect our rights, privacy, safety, or property
  • To prevent fraud or security threats

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Ownership and Rights

5.1 Your Content

You retain ownership of the content you create (events, rundowns, performer information). However, by using NextSet, you grant us a license to use this content as necessary to provide the Service and for analytical purposes.

5.2 Aggregated Data

We may collect, use, and share aggregated, anonymized data derived from your use of the Service. This data does not identify you personally and may be used for analytics, research, improving our services, and business purposes including sharing with partners.

5.3 Analytics Data

Usage analytics, feature engagement metrics, QR scan data, and similar information may be used to improve the Service and may be retained indefinitely in anonymized form.

6. Your Privacy Rights

6.1 Access and Portability

You can access your account information through your dashboard. You may request a copy of your personal data by contacting us.

6.2 Correction

You can update your profile information directly through your account settings.

6.3 Deletion

You may request deletion of your account by contacting support. Note that:

  • Some information may be retained for legal or legitimate business purposes
  • Backup copies may persist for a limited period
  • Aggregated, anonymized data may be retained indefinitely

6.4 Marketing Opt-Out

You can opt out of marketing communications using unsubscribe links or by contacting us. Note that transactional emails (payment confirmations, security alerts) cannot be opted out of.

7. Canadian Privacy Laws

As a Canadian company, we comply with applicable Canadian privacy legislation including:

  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • Provincial privacy legislation where applicable

Canadian residents have rights under PIPEDA including access to personal information, correction of inaccurate information, and the right to know how their information is used.

8. International Data Transfers

Your information may be transferred to and processed in countries outside of Canada, including the United States, where our service providers operate. These countries may have different data protection laws than Canada.

When we transfer data internationally, we ensure appropriate safeguards are in place, including contractual obligations with our service providers.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted database connections
  • Secure password hashing (bcrypt)
  • Regular security updates
  • Access controls and authentication
  • Stripe PCI-DSS compliance for payment data

However, no method of transmission over the Internet is 100% secure. We can't guarantee absolute security of your data.

10. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active
  • Event Data: Retained while your subscription is active; may be deleted after extended non-payment
  • Payment Records: Retained as required by law (typically 7 years)
  • Analytics: Aggregated data retained indefinitely
  • Support Communications: Retained for reference and improvement

11. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, session management, security
  • Functional Cookies: Preferences, settings
  • Analytics: Understanding how users interact with the Service

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using the Service.

12. Children's Privacy

NextSet is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Privacy Contact: privacy@nextset.ca
General Support: support@nextset.ca
Website: https://nextset.ca

Terms of ServiceHomePricing