companion.

Privacy Policy

Effective date: July 1, 2026

This Privacy Policy describes how Companion App LLC (“Companion,” “we,” “us,” or “our”) collects, uses, and shares information across our Services. We are based in Florida, United States.

1. Scope

This Policy covers the marketing site at yourcompanion.io (including the waitlist and contact forms), the companion. dashboard application at dashboard.yourcompanion.io, and the companion. mobile app for iOS distributed through the Apple App Store (the coordination platform for live event production), together “the Services.” The iOS app is a mobile view of the same dashboard and is governed by this same Policy.

2. Information we collect

Account information. When an account is created — by an administrator, by invitation, or through self-registration — we collect your name, email, and authentication credentials, plus any optional details you choose to provide such as a phone number or profile photo. We also assign you an internal account identifier used to reference you across the Services.

Third-party sign-in. You may choose to sign in using a third-party identity provider. When you do, that provider shares a basic set of profile information with us — typically your name and email address — so we can create or access your account. If your provider offers a private email relay, you may sign in with a relayed address instead of your real one, and we will use that relayed address to communicate with you. We do not receive your password from these providers.

Authentication and security information. If you enable two-factor authentication, we store the information needed to verify your second factor (in encrypted form) along with single-use backup and recovery codes. When you sign in, we record sign-in events — including IP address, device and browser description, and approximate location at the city level derived from your IP address — so you can review and revoke your active sessions and so we can alert you to new or unusual sign-ins.

Content you create through the Services. Information you and other members of your Organization create, share, or store within the dashboard for event coordination — such as messages, file attachments, event details, itineraries, tasks, and talent profiles and intake information (which may include contact details, emergency contacts, dietary and travel preferences, and similar logistics data). We refer to this collectively as “Content.” You retain ownership of your Content; the license you grant us to host and process it is described in our Terms of Service.

Location data. For users assigned to designated team roles whose organization and event have enabled location tracking, we collect precise GPS location while the feature is active. Collection is strictly opt-in and bounded — see Section 12 for the full description of what we collect, when, who can see it, and how it stops.

Payment and billing information. When you subscribe to a paid plan, our payment processor, Stripe, collects and processes your payment details (such as your card information) directly. We do not receive or store your full card number. We do retain billing information needed to manage your subscription, including your billing contact and address, your plan and subscription status, the card brand and last four digits, and your invoice and payment history.

Waitlist submissions. When you submit our waitlist form, we collect your first and last name, email address, organization, role, and industry.

Contact form submissions. When you submit our contact form, we collect your first and last name, email address, and message text.

Usage and device data.Our hosting provider processes standard server logs when you visit the Services, including IP address, user agent, timestamp, and pages visited. When you sign in to the dashboard, we set an authentication session cookie that keeps you signed in. If you enable push notifications — either through your browser or, on the iOS app, through Apple's push service — we receive a unique subscription identifier or device token so we can deliver notifications to your device.

Operational metadata. We maintain audit logs of administrative actions taken within the dashboard (for example, role changes, deletions, member additions). When the application encounters an error, we collect error metadata such as stack traces and request metadata, but not the content of your messages, files, or talent profiles.

Aggregate usage analytics.When you visit the marketing site, we use a third-party analytics provider to collect aggregate usage data such as page views, referrer, browser type, and approximate location at the country level (derived from IP address) so we can understand how visitors find us and which content resonates. That provider processes this data on our behalf; we do not sell it, use it to build advertising profiles, or use it for cross-site advertising. We do not use analytics or behavioral tracking on the dashboard application or the iOS app, and the iOS app does not track you across other companies' apps or websites.

3. How we use your information

We use the information we collect to:

  • Provide, operate, secure, and improve the Services
  • Send transactional email, push notifications, and calendar feed updates that you have enabled or that are necessary to operate the Services
  • Authenticate users, enforce role-based access within an Organization, and protect accounts (including two-factor verification and new-sign-in alerts)
  • Share the live location of opted-in team members with their event administrators during an active event window
  • Process payments, manage paid subscriptions and add-ons, issue invoices, and prevent billing fraud (through our payment processor)
  • Maintain security, monitor for abuse, and prevent fraud
  • Notify you when access opens (waitlist) or respond to your inquiries (contact form)
  • Comply with applicable law and respond to lawful requests

We do not sell your information. We do not share it with third parties for their own advertising or marketing purposes.

4. Lawful basis for processing

Where applicable law (such as the GDPR or UK GDPR) requires a lawful basis for processing personal data, we rely on:

  • Contract performance — to provide the Services to you and to your Organization
  • Legitimate interest — to keep the Services secure, available, and reliable (server logs, error monitoring, audit logs, sign-in security records, rate limiting)
  • Consent — for processing that depends on your active consent, such as enabling push notifications or location sharing. You may withdraw consent at any time.
  • Legal obligation — where we are required by law to process or retain certain information

5. Cookies and similar technologies

The Services use the following:

  • Authentication session cookie — set when you sign in to the dashboard; required for the Services to function. The cookie is HTTP-only and Secure.

On the marketing site, our analytics provider (described in Section 2) uses your browser's local storage to deduplicate and group page views from the same visit. It is not a cookie and is not used for advertising. We do not set advertising or cross-site tracking technologies on the Services.

6. Service providers

We rely on third-party service providers to operate the Services, including for hosting, data storage, transactional email, push notification delivery (including the operating system's push service on mobile), payment processing for paid subscriptions (Stripe), map tiles for the tracking map, aggregate usage analytics on the marketing site, error monitoring, and other operational functions. These providers process information only to provide their services to us, subject to their own privacy practices and contractual obligations. Our error monitoring tools receive application error metadata only — not the content of your messages, files, or talent profiles — and session-replay features are not enabled.

A current list of our specific subprocessors is available on request by emailing contact@yourcompanion.io.

If you are an event guest, talent, or other individual whose information was entered by one of our customers, that customer is the controller of your information; please direct requests to access, correct, or delete it to the customer, and we will assist them in responding. We provide our customers with a current list of subprocessors on request and give advance notice of changes to subprocessors to customers who have a data processing agreement with us.

7. Sharing with other parties

We share information with the service providers listed in Section 6 to operate the Services. Beyond that, your Content within an Organization — including, where enabled, your live location during an active event — may be visible to other authorized members of that Organization in line with the role-based access controls you have configured.

We may disclose information when we believe in good faith that disclosure is required to comply with applicable law, respond to lawful requests, enforce our Terms, or protect the safety of our users or the public.

We do not sell your information.

8. International transfers

We operate from the United States. Some of our service providers may process information in regions outside your country of residence. Where international transfers occur, we rely on standard contractual clauses or equivalent safeguards as required by applicable law.

9. Data retention

We retain account information and Content while your account is active. Location data is retained only for the limited period described in Section 12 and is then deleted automatically. Sign-in security records are retained for a limited period to support the active-sessions and security-alert features. Billing and invoice records are retained for as long as required to meet our tax, accounting, and other legal obligations, even after your account is closed.

When you delete your account (see Section 10), we deactivate it immediately and then permanently delete or anonymize your associated personal data after a 30-day grace period, subject to legal and operational retention obligations and to residual copies in routine backups. Content you have shared within an Organization may remain accessible to other authorized members of that Organization until they remove it.

10. Your rights and account deletion

You may at any time:

  • Request a copy of the personal data we hold about you
  • Ask us to correct inaccurate data
  • Ask us to delete your data, subject to the retention exceptions in Section 9
  • Object to or restrict our processing on grounds permitted by applicable law
  • Withdraw consent for processing based on your consent (such as push notifications or location sharing)
  • Receive your personal data in a portable format where applicable law requires

Deleting your account. You can delete your account yourself from Settings in the dashboard or the iOS app. Deletion takes effect immediately by deactivating your account and signing you out everywhere; your personal data is then permanently removed after a 30-day grace period, during which you can restore the account by signing back in. (Organization owners must first transfer ownership or contact us before deleting.) You can also request deletion by emailing contact@yourcompanion.io; we will respond within 30 days.

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with applicable data protection laws (such as GDPR or CCPA), the rights above are available to you under those laws. You may also have the right to lodge a complaint with your local supervisory authority.

11. Mobile app permissions

The iOS app may ask your permission to use certain device capabilities. None of these are required to sign in, and you can change or revoke any of them at any time in your device's Settings:

  • Location — used only for the live event tracking feature described in Section 12, and only for designated team roles that have opted in
  • Notifications — used to deliver chat, mention, status, and team alerts
  • Camera and photo library — used only when you choose to take or pick a photo for your avatar or a guest profile

12. Location data

companion. includes an opt-in live location feature so that, during an active event, administrators can see where on-shift team members (such as drivers or on-site staff) are on a live map and coordinate them without phone calls. Location sharing is off by default and is gated by several conditions that must all be true before any location is collected:

  • Your Organization has location tracking enabled
  • Your event role is one that an administrator has designated for tracking
  • You have agreed to a one-time, in-app consent notice that explains what is collected and when it stops
  • An event you are working is within its active task window for the day

When active, we collect your device's precise GPS coordinates, accuracy, and timestamp. On the iOS app, with your permission, collection can continue in the background (for example, while you use a navigation app or your screen is locked) so your position stays current on the admin map. Tracking automatically stops when the last task on your itinerary for the day is completed, and you can stop it at any time by revoking the location permission in your device Settings or by your administrator disabling it for your role or Organization.

Your live location is visible only to authorized administrators of your event within your Organization. We do not use it for advertising, profiling, or any purpose other than real-time event coordination, and we do not share it with third parties for their own purposes. Location records are automatically and permanently deleted once an event is completed or cancelled, and in any case for events that ended more than 30 days ago.

13. Push notifications and calendar feeds

If you enable push notifications — through your browser or, on the iOS app, through Apple's push service — your browser or device shares a unique subscription identifier or device token with us so we can deliver operational messages to your device. You can disable push notifications at any time through your browser or device settings.

When you subscribe to an event or group calendar, your calendar application periodically fetches an iCal feed from our servers. The feed URL contains a unique token; anyone with that URL can view the calendar contents, so we recommend keeping it private.

14. Children's privacy

The Services are intended for use by professionals coordinating live events and are not directed at children; account holders must be 18 or older, and we do not knowingly collect personal data directly from children. Our customers may, however, enter information about event participants — including minors — as part of coordinating their events. When they do, the customer is the controller of that information and is responsible for providing any notices and obtaining any consents required by law (including parental or guardian consent and any obligations under the Children's Online Privacy Protection Act). We process such information only as a service provider to the customer. If you believe a child's personal data has been provided to us and should be removed, please contact the relevant customer, or email contact@yourcompanion.io and we will work with the customer to address it.

15. Changes to this Policy

We may update this Privacy Policy from time to time. The “Effective date” above will reflect the most recent change. If we make material changes, we will take reasonable steps to notify you, including via in-app notice or email to the address associated with your account.

16. Contact

Companion App LLC
Florida, United States
contact@yourcompanion.io