1. Introduction
BroadwayGPT ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, mobile application, and AI-powered chatbot services (collectively, the "Service").
This Privacy Policy complies with:
- General Data Protection Regulation (GDPR) for EU/UK users
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Children's Online Privacy Protection Act (COPPA)
- California Age-Appropriate Design Code Act (CAADCA)
- State-specific privacy laws (Virginia, Colorado, Connecticut, Utah)
2. Information We Collect
2.1 Information You Provide
- Chat Interactions: Questions, queries, and messages you send to our AI chatbot
- Account Information: Email address, username, password (if you create an account)
- Contact Information: Name, email when you contact us for support
- Preferences: Show preferences, favorite theaters, notification settings
2.2 Automatically Collected Information
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, features used, search queries, click patterns, session duration
- Location Data: Approximate geographic location based on IP address
- Cookies and Tracking: See Section 4 (Cookie Policy)
2.3 Third-Party Sources
- Public Data: Show information, reviews, schedules from publicly available sources
- Analytics Providers: Aggregated usage statistics from third-party analytics services
- Affiliate Partners: Transaction data if you purchase tickets through our affiliate links
3. How We Use Your Information
We use collected information for the following purposes:
3.1 AI-Powered Services
AI Training and Processing:
- Your chat interactions are processed by AI models to generate responses
- Conversations may be analyzed to improve AI accuracy and performance
- Anonymized chat data may be used for model training and research
- We use caching systems to improve response time and reduce costs
- Your data may be processed by third-party AI providers (see Section 6)
3.2 Service Operations
- Provide, maintain, and improve the Service
- Personalize your experience and show recommendations
- Process and respond to your inquiries
- Send service-related notifications
- Detect and prevent fraud, abuse, and security threats
3.3 Analytics and Marketing
- Analyze usage patterns and trends
- Send promotional emails (with your consent)
- Display targeted advertisements (with your consent)
- Measure effectiveness of marketing campaigns
3.4 Legal and Compliance
- Comply with legal obligations and regulations
- Enforce our Terms of Service
- Protect our rights and property
- Respond to legal requests and prevent harm
4. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience and collect usage data.
4.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Required |
|---|
| Essential | Authentication, security, basic functionality | Session / 1 year | Yes |
| Analytics | Usage statistics, performance monitoring | 2 years | No |
| Preferences | Remember your settings and choices | 1 year | No |
| Advertising | Targeted ads, conversion tracking | 1 year | No |
4.2 Third-Party Cookies
We use cookies from third-party services, including:
- Google Analytics: Website traffic and user behavior analysis
- Vercel Analytics: Performance monitoring and error tracking
- Affiliate Networks: Tracking affiliate link clicks and conversions
4.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may impair Service functionality. EU/UK users are presented with a cookie consent banner upon first visit.
5. Data Retention
We retain your information as follows:
- Chat History: 90 days (or until account deletion)
- Account Data: Duration of account + 30 days after deletion
- Analytics Data: Aggregated data retained indefinitely; individual data 26 months
- Logs and Security Data: 12 months
- Legal Holds: Data retained as required by law or litigation
California Users: Under CPRA (effective 2026), we will disclose specific retention periods for each category of personal information upon request.
6. Information Sharing and Disclosure
We share your information in the following circumstances:
6.1 Third-Party Service Providers
- AI/ML Providers: OpenAI, Anthropic, Perplexity (for AI processing)
- Hosting and Infrastructure: Vercel, AWS, Cloudflare
- Analytics: Google Analytics, Vercel Analytics
- Payment Processors: Stripe (if paid features are offered)
- Email Services: SendGrid, Mailchimp
6.2 Affiliate Partners
When you click affiliate links to ticket vendors, we share limited information (anonymized click ID) to track conversions and earn commissions. We do not share your personal information with ticket vendors unless you create an account or purchase from them directly.
6.3 Legal Disclosures
We may disclose information if required to:
- Comply with legal obligations (subpoenas, court orders)
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Respond to government requests
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
7. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: HTTPS/TLS encryption for data in transit
- Access Controls: Role-based access, multi-factor authentication
- Monitoring: 24/7 security monitoring and intrusion detection
- Data Minimization: We collect only necessary information
- Regular Audits: Security assessments and penetration testing
Data Breach Notification: In the event of a breach affecting your personal information, we will notify affected users and relevant authorities within 72 hours (GDPR) or as required by applicable state laws.
8. Your Privacy Rights
8.1 All Users
- Access: Request a copy of your personal information
- Correction: Update or correct inaccurate data
- Deletion: Request deletion of your account and data
- Opt-Out: Unsubscribe from marketing emails
8.2 California Residents (CCPA/CPRA)
Additional Rights:
- Right to Know: What personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion with certain exceptions
- Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information
- Right to Correct: Correct inaccurate personal information
- Right to Limit: Limit use of sensitive personal information (effective 2026)
- Right to Non-Discrimination: Equal service regardless of privacy choices
- Automated Decision-Making: Information about AI-driven decisions affecting you
Do Not Sell My Personal Information: We do not "sell" personal information in the traditional sense, but we share data with affiliate partners for commission tracking, which may qualify as a "sale" under CCPA. You can opt-out by emailing privacy@broadwaygpt.com or using our "Do Not Sell" link.
8.3 EU/UK Residents (GDPR)
Additional Rights:
- Right to Access: Obtain confirmation of processing and copy of data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: "Right to be forgotten" in certain circumstances
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive data in machine-readable format
- Right to Object: Object to processing for direct marketing or legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Complain: Lodge complaint with supervisory authority
8.4 Exercising Your Rights
To exercise your privacy rights, contact us at:
- Email: privacy@broadwaygpt.com
- Subject Line: "Privacy Rights Request - [Your Right]"
- Response Time: 30 days (CCPA), 30 days (GDPR)
We may require identity verification before processing your request to protect against fraudulent requests.
9. Children's Privacy (COPPA)
BroadwayGPT is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.
California Minors: Under California's Age-Appropriate Design Code (CAADCA), if you are a California resident under 18, you may request removal of content you posted. Contact privacy@broadwaygpt.com.
10. International Data Transfers
Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
EU/UK Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States and other third countries.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting a prominent notice on our website
- Updating the "Last Updated" date
- Sending email notification (for significant changes)
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
12. Contact Us
For privacy-related questions, requests, or concerns:
- Privacy Officer: privacy@broadwaygpt.com
- Data Protection Officer (EU): dpo@broadwaygpt.com
- General Inquiries: Contact Page
Supervisory Authority (EU): If you are in the EU/UK and believe we have violated GDPR, you may lodge a complaint with your national data protection authority.
Summary of Key Points:
- We collect chat interactions, usage data, and device information
- Your data is processed by AI to generate responses and improve our service
- We use cookies for analytics, preferences, and advertising (with consent)
- We share data with AI providers, analytics services, and affiliate partners
- California residents can opt-out of data "sales" under CCPA/CPRA
- EU/UK residents have comprehensive GDPR rights
- We retain chat history for 90 days, account data until deletion
- We implement encryption, access controls, and security monitoring
- Contact privacy@broadwaygpt.com to exercise your rights