Privacy Policy

Last updated: 2026-05-29

Open Michael (“we”, “our”, or “the app”) is a community discovery app for Los Angeles comedy open mics. This page explains what we collect, why, and what we do with it.

If you have questions, contact [email protected].

Data we collect

Account data

When you create an account we collect:

Email address (required) — used to sign you in, to identify your Slotted signups (see below), and to send password resets.
Username and display name — shown publicly on your profile, the leaderboard, and the comment threads under each open mic.
A unique user ID assigned by our backend (Supabase Auth).

If you sign in with Apple or Google, your name and email come from that provider. We do not receive your password.

Location data

With your permission we collect your precise location for two purposes and never persistently:

Check-in geofencing. When you tap “Check In” at a mic, we read your current GPS coordinates and compare them to the venue’s coordinates server-side. If you are within ~200m of the venue we record the check-in with the coordinates attached. If you are not within range we reject the check-in. Coordinates are stored on the check-in row in our database.
“Near me” sort and distance display. When you grant location access in the Explore tab, we compute distances client-side from your phone to each mic so you can sort by proximity. These distances are not sent to our servers.

You can deny or revoke location access in iOS Settings → Privacy → Location Services. Without location access you can browse, comment, and sign up for mics, but you cannot check in.

Check-in and gameplay data

Each check-in records the user, mic, date, optional “I performed” flag, XP earned, and the latitude/longitude reported by your device at the moment of check-in.
Achievement unlocks, badge progress, and rank are derived from your check-in and comment activity.
Comments and ratings you leave on mics are public to other users.
“Follows” and “likes” on check-ins are public to other users.

Slotted integration

Many LA open mics use the third-party platform slotted.co to manage sign-ups. With your permission we connect our app to your Slotted activity as follows:

When you tap “Sign Up on Slotted” inside our app, we open Slotted’s signup page in an in-app browser. You sign up directly with Slotted; we do not handle your Slotted password or payment.
We periodically scrape the public signup pages of Slotted venues to surface live slot availability. The scrape includes the names and email addresses of people who have signed up (which Slotted shows on the public page). We use the email field server-side to detect which slot you signed up for so we can highlight it as yours and offer to add it to your Google Calendar. We never display other people’s email addresses inside the app.

Google Calendar integration

With your permission we connect to your Google Calendar via OAuth to add events for the mics you’ve signed up for. We store:

Your Google account email (so the profile card can show which account is connected).
A long-lived refresh token, stored in our database with strict access controls (read only by server-side functions, never returned to the client). The refresh token grants only the calendar.events scope (create / read / update / delete events) plus openid email for identity. We do not read your existing events.

You can disconnect at any time from the Profile tab. Disconnecting deletes the refresh token from our database. Past events we created on your calendar remain on your calendar.

Data we do NOT collect

We do not collect contacts, photos, call history, browsing history, microphone or camera data, biometric data, or health data.
We do not use third-party advertising SDKs, do not track you across apps, and do not sell or share data for targeted advertising.

How long we keep your data

Account, profile, and gameplay data: kept while your account is active. Deleting your account permanently removes your data.
Check-in coordinates: kept indefinitely so leaderboards and streaks remain consistent. We may aggregate / anonymize older check-ins.
Google Calendar refresh token: kept until you disconnect or your token is revoked by Google.
Slotted cache: refreshed every ~15 minutes; older cache entries are overwritten.

Children

The app is intended for users 13 and older. We do not knowingly collect data from children under 13.

Your rights

You may at any time:

Delete your account (Profile → Settings → Delete Account).
Disconnect Google Calendar (Profile → Google Calendar → Disconnect).
Revoke location permission (iOS Settings).
Request a copy or deletion of your data by emailing [email protected].

Security

Data is stored with Supabase (PostgreSQL with row-level security). Refresh tokens are stored in a dedicated table with no client read policies; only our server functions can read them. All network traffic uses HTTPS.

Third parties we share data with

Supabase, Inc. — our backend / database provider.
slotted.co — when you sign up for a mic via the in-app browser, your signup is handled by Slotted; we do not see your Slotted password or payment information.
Google Calendar — only the events you ask us to create.
Sentry, Inc. — crash and performance diagnostics. Sentry receives your user ID (not your email), the device model, the OS version, the app version, and the error stack trace. Sentry does not receive your location, comments, check-ins, or any gameplay data.
Apple / Google / Expo — infrastructure providers for the app itself; they do not receive your gameplay data.

Changes

We will update this page when our practices change and note the date at the top.