Privacy Policy

Effective date: March 1, 2025 · Last updated: March 17, 2026

Gatefold ("Gatefold," "we," "us," or "our") operates the Gatefold.fm website, mobile application, and related services (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use and share it, and your choices regarding that information.

By using the Service you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

a. Information You Provide

  • Account information — email address and display name when you create an account. We use passwordless authentication (one-time codes sent to your email). If you sign in with Apple or Google, we receive your name and email address from those providers.
  • Collection data via Discogs — when you connect your Discogs account, we import your record collection (albums, artists, formats, and associated metadata).
  • Chat & AI inputs — messages you send to "Ask The Clerk" and other AI features.
  • Payment information — processed by our third-party payment provider. We do not store your full credit card number.
  • Support requests — any information you provide when contacting us.
  • Gift subscriptions — if you purchase a gift subscription, we collect the recipient's email address and any personal message you include for delivery. The recipient's email is used solely to deliver the gift and is deleted if the gift is not redeemed within 90 days. The recipient does not become a user until they independently create an account.
  • Marketplace listings — if you list a record for sale, we collect condition grades, pricing, notes, and photos you upload.

b. Information Collected Automatically

  • Device information — device type, operating system version, and general device model. We do not collect hardware identifiers (UDID), advertising identifiers (IDFA/GAID), or fingerprint your device.
  • Usage data — we may collect information about how you use the Service, such as features accessed and general usage patterns, to improve performance and user experience. We do not currently use third-party analytics services.
  • Log & Location data — IP address, browser type, referring/exit pages, and timestamps. We may use your IP address to determine your general region (not precise GPS) to provide localized features, such as factoring local weather into "Today's Spin" recommendations.
  • Push notification tokens — with your permission, we collect device tokens (via Apple Push Notification Service or Firebase Cloud Messaging) to send you notifications such as daily spin reminders, repress alerts, and service updates. You can disable push notifications at any time in your device settings.

c. Information from Third Parties

  • Discogs — collection and wantlist data when you connect your Discogs account.
  • Concert data providers — concert and setlist data to power the On Tour feature.
  • Apple Music & Tidal — library sync data and playback status if you choose to connect your digital streaming accounts.
  • Shazam (Apple Inc.) — audio recognition data returned when identifying a song playing in your environment.
  • Public music databases — we query public music databases to enrich your collection with metadata such as album credits, artist information, and listening statistics. No personal user data is sent to these services.

d. Hardware & Device Sensors

  • Camera — With your permission, we access your device's camera strictly to scan barcodes (EAN/UPC) for identifying physical media using Google ML Kit. We do not record, store, or transmit images or video feeds to our servers.
  • Microphone — With your permission, we access your device's microphone to identify playing music via Shazam (Apple Inc.). Audio signatures are processed securely for identification purposes only. Gatefold does not record, store, or transmit raw audio recordings to our servers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Power AI-driven features such as Today's Spin recommendations, The Clerk commentary, The Flex turntable art, and collection intelligence analytics. Your inputs to AI features (such as chat messages to The Clerk) are processed by Google Generative AI (Gemini) to generate responses. We send album metadata, collection samples, and chat messages to this provider — we do not send your email address, payment information, or account credentials. These providers process data according to their own privacy policies and data processing agreements. We do not permit third-party AI providers to use your data to train their models. AI-generated content is for informational and entertainment purposes only and should not be considered professional advice.
  • Process transactions and send related notices.
  • Send you service updates, security alerts, and support messages.
  • Respond to your comments, questions, and customer service requests.
  • Monitor and analyze trends, usage, and activities to improve user experience.
  • Detect, investigate, and prevent fraud or other unauthorized activities.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service providers — third parties that help us operate the Service, including cloud hosting, payment processing, email delivery, AI model providers, music recognition, concert data, and geocoding services.
  • Legal requirements — when required by law, regulation, legal process, or enforceable governmental request.
  • Safety & rights — to protect the rights, property, or safety of Gatefold, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With your consent — when you explicitly direct us to share information (e.g. sharing a Flex image publicly).

4. Data Retention & Deletion

We retain your personal information for as long as your account is active or as needed to provide you the Service. You may delete your account and associated data at any time through the Settings page within the app, or by emailing hello@gatefold.fm. Upon receiving a verified deletion request, we will delete or anonymize your personal information within 30 days, unless retention is required by law. Deletion includes your profile, collection data, AI chat history, wantlist, marketplace listings, push notification tokens, and any connected third-party account associations.

5. Your Rights & Choices

Depending on your location, you may have the following rights:

  • Access — request a copy of your personal data.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your personal data.
  • Portability — request your data in a structured, machine-readable format.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.
  • Opt out — unsubscribe from marketing emails using the link in any message.

To exercise any of these rights, contact us at hello@gatefold.fm.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest. All database access is protected by row-level security policies that isolate each user's data. To support offline browsing (e.g. at record fairs without connectivity), the app may cache collection data locally on your device using IndexedDB. This data remains on your device and is not shared. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and, for users in the European Economic Area, notify the relevant supervisory authority within 72 hours as required by the GDPR.

7. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Tracking & Analytics

Gatefold does not track you across other companies' apps or websites for advertising purposes. We do not participate in ad networks or sell data to advertisers. We use basic, first-party analytics to understand how the Service is used and to improve performance. We do not use third-party advertising identifiers (IDFA/GAID).

9. Third-Party Links & Services

The Service may contain links to third-party websites or services, including affiliate links to retailers such as eBay and Amazon. Gatefold LLC may earn a commission from purchases made through these links. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.

10. International Data Transfers

Gatefold is operated from the United States. Your information is transferred to and processed in the United States by the following service providers:

  • Supabase — database, authentication, and file storage
  • Vercel — application hosting and serverless functions
  • Google Generative AI (Gemini) — AI-powered features (The Clerk, commentary, recommendations)
  • Stripe — payment processing and subscription management
  • Apple (MusicKit / ShazamKit) — music playback and audio recognition
  • Firebase Cloud Messaging / Apple Push Notification Service — push notification delivery

Where your data is transferred outside of your country of residence, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognized by applicable data protection authorities, to ensure your data receives an adequate level of protection.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us.
  • The right to opt out of the sale of personal information.
  • The right to non-discrimination for exercising your rights.

We do not sell personal information. To exercise your rights, contact hello@gatefold.fm.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Performance of a contract — account creation, collection sync, subscription management, and core Service functionality.
  • Legitimate interests — AI-powered features (The Clerk, commentary, recommendations), service improvement, fraud prevention, and security.
  • Consent — push notifications, marketing communications, and optional third-party account connections (Apple Music, Tidal, Last.fm).
  • Legal obligation — to comply with applicable law.

Under the GDPR, you have the right to:

  • Access — obtain a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — request we limit processing of your data in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@gatefold.fm. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

AI Transparency: In accordance with the EU AI Act, we disclose that The Clerk and other AI-powered features within Gatefold are automated systems. You are interacting with artificial intelligence, not a human. These systems use third-party language models to generate content based on your collection data and inputs.

13. Japan Privacy Rights (APPI)

If you are a resident of Japan, the following applies under the Act on the Protection of Personal Information (APPI):

  • Purpose of use — we collect and use your personal information for the purposes described in Section 2 of this policy.
  • Cross-border transfers — your personal data is transferred to the United States for processing by the service providers listed in Section 10. The United States does not have data protection laws recognized as equivalent by Japan's Personal Information Protection Commission; however, our service providers maintain data protection measures through contractual obligations and industry-standard security practices.
  • Third-party data provision — we provide personal data to the third-party service providers listed in Section 10 for the purposes of operating the Service. You may opt out of non-essential third-party data sharing by disconnecting optional services (Apple Music, Tidal, Last.fm) in your Settings.
  • Disclosure & correction — you may request disclosure, correction, or deletion of your personal information by contacting hello@gatefold.fm.

14. Data Retention Periods

We retain different categories of data for different periods based on their purpose:

  • Account data — retained until you delete your account.
  • Collection data — retained until you delete your account or disconnect your Discogs account.
  • AI-generated commentary — cached for up to 14 days, then regenerated.
  • Collection analytics — cached for up to 7 days.
  • Third-party metadata (MusicBrainz, Last.fm, Setlist.fm) — cached for 30–90 days for performance, then refreshed.
  • Chat conversations — not persisted beyond the active session.
  • Push notification tokens — retained while your account is active; tokens inactive for 30 days are automatically removed.
  • Payment records — retained as required by tax and financial regulations.

15. Cookies & Local Storage

Gatefold does not use cookies for tracking or advertising. We do not use third-party cookies, advertising identifiers, or cross-site tracking technologies.

We use browser local storage (not cookies) to save your display preferences such as shelf view layout and sort order. This data remains on your device and is never transmitted to our servers. The app also uses IndexedDB for offline caching of your collection data (designed for use at record fairs without connectivity). You can clear this data at any time through your browser settings.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Gatefold
Olathe, KS
Email: hello@gatefold.fm
Website: www.gatefold.fm