Privacy Policy
Privacy, cookies, and California rights
Rehearsal Scheduler is a general-audience scheduling service for stage managers, casts, and production teams. This page explains what we collect, how we use it, the service providers that help us operate the product, and how California residents can submit privacy-rights requests.
Who is responsible for this service
Use this contact for privacy questions and manual California rights requests in this release.
Operator: Rehearsal Scheduler
Privacy contact: privacy@rehearsalscheduler.app
California rights requests are handled manually through this privacy contact email in the current release.
Current privacy position
These statements reflect the product as currently implemented in this repository.
We do not sell personal information.
We do not use optional analytics cookies in the current release.
Optional analytics, if enabled later, will stay off unless you opt in through cookie preferences.
Advertising and cross-context behavioral tracking are out of scope for this release.
What we collect and why
We collect information directly from you, from workspace activity, and from the systems required to run authentication and storage.
| Category | Examples | Purpose |
|---|---|---|
| Account and contact details | Name, email address, password login data, organization name, and password-reset requests. | Create accounts, authenticate users, deliver account emails, and manage workspace access. |
| Production and scheduling data | Productions, scenes, cast assignments, rehearsal plans, scene notes, call sheets, and publishing choices. | Provide the rehearsal-planning product and preserve the workspace history you create. |
| Actor and availability data | Actor profiles, invite emails, conflict windows, conflict reasons, approvals, and notifications. | Coordinate rehearsals, invite participants, and show the right schedule and conflict information to the right people. |
| Uploads and public-homepage assets | Logo uploads, banner uploads, and related file metadata. | Host and display production branding and published production-homepage assets. |
| Session, device, and security data | Auth cookies, demo-session cookies, cookie-preference records, IP/log data, and browser session state. | Keep the service secure, maintain sign-in state, remember privacy choices, and support essential product behavior. |
Sources, sharing, and service providers
We collect data from your direct submissions, your use of workspace features, and the infrastructure that runs the product.
Sources include forms you submit, files you upload, workspace actions you take, and providers that support sign-in and storage.
We share personal information with service providers only as needed to host the product, authenticate users, store workspace data, send transactional mail, and run background jobs.
| Provider | Role | Data involved |
|---|---|---|
| Vercel | Hosting and delivery | Application traffic, performance, and deployment-related logs needed to serve the site. |
| Supabase | Authentication, database, storage, and realtime services | Account records, workspace data, uploads, authentication state, and related operational logs. |
| Resend via Supabase SMTP | Transactional account email when configured | Email addresses and message-delivery metadata for sign-in, invitation, and password-reset mail. |
| Inngest | Background job infrastructure when configured | Queued job payloads and operational metadata tied to scheduling workflows. |
Retention and security
We keep data for as long as it is reasonably necessary to run the service and protect the workspace.
Account, production, actor, scheduling, and upload data are retained while the workspace remains active and for reasonable operational follow-up.
Transactional email and infrastructure logs may be retained for shorter operational, security, or debugging windows.
Cookie-preference records are stored for up to one year unless you clear them sooner in your browser.
We use access controls, authenticated sessions, hosted infrastructure safeguards, and provider security measures to protect the data we store. No system can promise absolute security.
Cookies and browser storage
The current product uses essential cookies and storage for authentication, privacy preferences, demo access, and temporary editor state.
| Name | Type | Purpose | Category |
|---|---|---|---|
| Supabase auth/session cookies | Cookie | Maintain authenticated sessions and complete Supabase sign-in and callback flows. | Essential |
| rehearsal-demo-role | Cookie | Stores the selected local demo role when demo mode is enabled. | Essential |
| rehearsal-cookie-consent | Cookie | Stores your cookie-preference choices so the site can remember them. | Essential |
| rehearsal-cookie-consent | localStorage | Mirrors your cookie-preference record on this browser for client-side consent checks. | Essential |
| published-schedule-snapshot:{scheduleId} | sessionStorage | Temporarily stores a published-schedule snapshot in the browser while a user is working in the schedule editor. | Essential |
Access, deletion, correction, and choice
California residents may have rights under the CCPA/CPRA, subject to exceptions and verification.
You may request access to categories and specific pieces of personal information we hold about you.
You may request deletion of personal information, subject to legal and operational exceptions.
You may request correction of inaccurate personal information.
Because we do not sell personal information and do not use optional analytics cookies today, there is no sell/share opt-out flow in the current release.
Submit requests by emailing privacy@rehearsalscheduler.app. We may need to verify your identity before fulfilling a request.
13+ only in this release
This version of the service is intended for a general audience and is not designed for children under 13.
We do not intend to create or invite under-13 accounts in this release.
If you believe a child under 13 has provided personal information through the service, contact us at the privacy address above so we can review and respond.
A separate COPPA-focused project would be required before under-13 workflows are supported.