Privacy Policy

Last updated: June 24, 2026

ShowDiary is a small, independent app for remembering concerts you’ve been to, operated by Malsbury Media LLC. This policy explains, in plain English, what information we collect and what we do with it. We’ve tried to keep it honest and short.

The short version: We collect only what we need to run ShowDiary. We don’t sell your information, we don’t show ads, and we don’t use third-party analytics or tracking. Your concert history is private by default.

What we collect

Account info: your email address, a password, and a username. Optionally, a display name and short bio if you add them.
Your concert entries: the artists, dates, venues, locations, setlists, and any private notes or ratings you choose to add.
Basic technical info: like any website, our hosting and database providers process standard request information (such as your IP address and timestamps) to run and protect the service.
Login & security activity: when you sign in, we record the date and time, an approximate location (country, region/state, and city) derived from your IP address, and basic browser and device/operating-system details. We never collect GPS or precise location. See “Login & security activity” below.

How we use it

We use your information only to operate ShowDiary: to sign you in, store and show your concert diary, calculate your personal stats, display your public profile if you turn it on, send you account emails (like a password reset), and search Setlist.fm when you ask us to find a show.

Login & security activity

Each time you sign in, ShowDiary records a login event. This includes the date and time, your approximate location (country, region/state, and city) derived from your IP address, and basic browser and device/operating-system information read from your browser’s user-agent. We use this only for account security (so you can spot sign-ins you don’t recognize), fraud and abuse prevention, and basic service analytics. You can review your recent sign-ins anytime under Account → Security.

ShowDiary does not collect GPS or precise location, and we never ask your browser for location permission. We do not store your raw IP address — if one is kept for abuse detection, it is stored only as a one-way, salted hash that can’t be reversed back to your address. This login audit is first-party: it is not shared with any third-party analytics or advertising service.

Service providers we rely on

ShowDiary uses a few trusted services to function:

Supabase stores your account and concert data and handles sign-in.
Vercel hosts the app and delivers it to your browser.
Brevo sends account emails (for example, password-reset links) and sees the email address it’s sent to.
Setlist.fm powers concert/setlist search — when you search, we send your search terms (like the artist and venue) to their API. We do not send them who you are.

Each of these has its own privacy policy. They act as our service providers; we don’t sell your data to them or anyone else.

Cookies

We use a single, necessary cookie to keep you signed in. We do not use advertising or tracking cookies, and we do not run third-party analytics. (That’s why you won’t see a cookie banner.)

Public vs. private

Everything you log is private by default. You can choose to turn on a public profile, which shows only aggregate stats — totals, your top artists and venues by name, and the years you started and most recently went. Your private notes, individual shows, exact dates, and email are never made public.

Keeping your data & deleting it

We keep your data for as long as you have an account. You can edit or delete individual shows at any time. To delete your whole account and data, email us at hello@showdiary.com and we’ll remove it.

Security

Your connection to ShowDiary uses HTTPS. Your password is handled by Supabase’s authentication system and stored only as a secure hash — we never see or store your plaintext password. Access to your data is restricted by database row-level security, so accounts can only read their own information. No online service can promise perfect security, but we keep the data we collect to a minimum and rely on reputable providers.

Your choices

Make your profile public or private anytime in Account.
Edit or delete any concert you’ve logged.
Email us to export or delete your account and data.

Children

ShowDiary isn’t directed to children under 13. If you believe a child has created an account, contact us and we’ll remove it.

Changes

If we change this policy, we’ll update the date above and, for significant changes, note it in the app.

Contact

Questions? Email hello@showdiary.com.

This policy describes our actual practices. It isn’t a claim of certification under any specific privacy law.