Last updated: May 9, 2025
Band Mine Underground ("we," "us," or "our") is the developer of the Band Mine Underground mobile application (the "App"). If you have questions about this policy, contact us at BMU@sitegroup.com.
The following data is stored entirely on your device using AsyncStorage and Expo Secure Store. It is never transmitted to our servers:
Because this data lives only on your device, it will be lost if you uninstall the app, clear app data, or switch to a new device without a backup.
Connecting Spotify is optional. If you choose to connect your Spotify account, we use Spotify's OAuth 2.0 flow. We never see or store your Spotify password. After authentication, we receive and store (locally on your device only) an access token and refresh token, which we use solely to:
Your Spotify tokens are stored using Expo Secure Store (the device keychain) and are not transmitted to our servers. Your use of Spotify is also governed by Spotify's Privacy Policy.
When you plant a seed and start a dig, the seed text you enter is sent to an AI inference provider (OpenRouter) to generate artist recommendations. We transmit only the seed text — no personally identifying information is attached to these requests. OpenRouter's use of this data is governed by their own privacy policy.
The App shows rewarded ads through Google AdMob. Watching an ad is always optional — you choose to do so in exchange for bonus Digs. When ads are served, Google AdMob may collect:
All ad requests are made with requestNonPersonalizedAdsOnly: true, which limits data use for ad personalisation. For full details, see Google's Privacy Policy and How Google uses data when you use our partners' apps.
On iOS, we respect your App Tracking Transparency (ATT) preference. If you decline tracking, only non-personalized ads will be shown.
The App may collect anonymous crash reports and diagnostic data through the operating system's built-in crash reporting (Apple / Google). This data does not identify you personally and is used solely to improve app stability.
We use the information described above only to:
We do not sell your personal information. We do not use your data for advertising profiling (beyond what Google AdMob does under its own policy when you choose to watch an ad).
We do not sell, rent, or trade your personal information. We share data only with the third-party services described in Section 2 — Spotify (when you connect it), OpenRouter (your seed text only), and Google AdMob (when you choose to watch an ad) — and only to the extent necessary to provide those features.
We may disclose information if required by law or to protect our legal rights, but we have no server-side database of user data to disclose.
Local device data persists until you delete it through the app's Reset Data feature, clear app data through your OS, or uninstall the app. We have no server-side user data to retain or delete.
The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the App, please contact us and we will take appropriate steps.
Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, or delete it. Since we store almost all data locally on your device, you can exercise most of these rights directly within the app:
For any privacy requests not covered above, contact BMU@sitegroup.com.
Spotify tokens are stored in the device keychain (Expo Secure Store), which is the most secure local storage available on iOS and Android. All network requests (Spotify, OpenRouter, AdMob) are made over HTTPS.
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. If changes are material, we'll notify you within the App. Continued use of the App after any changes constitutes acceptance of the updated policy.
Questions or concerns about this Privacy Policy? Email us at BMU@sitegroup.com. We aim to respond within 5 business days.