vport

Privacy Policy

Last Updated: April 10, 2026

Vport, LLC Privacy Policy

Version: 1.2.1
Effective Date: January 15, 2026
Last Updated: January 15, 2026

1. Introduction

Vport, LLC ("Vport," "we," "us," or "our") provides immersive concert experiences through the Apple Vision Pro application and related website (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you access or use the Services.

What Vport Is: Vport is a professional immersive concert Video-on-Demand (VOD) platform designed exclusively for Apple Vision Pro. Users experience professionally recorded concerts inside a native visionOS application. Vport is not a social network, not an advertising platform, and does not offer social features such as comments, direct messages, friend lists, or user-to-user interactions.

By continuing to interact with the Services, you acknowledge the practices described below.

2. Definitions

"Personal Data" (or "Personal Information") – any information that identifies, relates to, describes, or could reasonably be linked to an individual.

"Biometric Information" – measurable biological characteristics (e.g., face geometry, iris scans, voiceprints) used to uniquely identify a person.

"Spatial Data" – real-time data about your physical space, head pose, gaze, or hand gestures processed locally on-device for immersive rendering.

"Creator" – a professional artist, venue, promoter, or production company that has executed a Vport Content Creator Agreement.

"Viewer" – an individual who accesses the Services to view immersive concert content.

"Sensitive Personal Information" – under CPRA, includes account login credentials, government-issued identifiers, and other categories specified in Cal. Civ. Code § 1798.140(ae).

3. Scope & Applicability

This Policy applies to all users worldwide — including both Viewers and Creators — and governs:

  • Apple Vision Pro application (visionOS) – our primary and currently exclusive app platform
  • Website (thevport.com) – account management and credit purchases only; video streaming is not available on the website

Geographic Application: This Policy applies to all users regardless of location. Users in the European Economic Area (EEA), United Kingdom (UK), Switzerland, Canada, and U.S. states with comprehensive privacy laws have additional rights as described in Sections 12–13.

4. Personal Data We Collect

4.1 Information You Provide

Account Registration:

  • Email address
  • Username/handle
  • Date of birth (to verify 18+ eligibility)

Authentication:

  • Email and password only
  • Passwords are secured using industry-standard hashing with per-password salt
  • Passwords are transmitted over encrypted TLS 1.3 connections
  • Passwords are Sensitive Personal Information under CPRA, used solely for authentication

NOT SUPPORTED:

  • Social login (Apple Sign-In, Google Sign-In, or other OAuth providers)
  • Single Sign-On (SSO) or enterprise authentication
  • In-app biometric authentication (Apple's Optic ID/Face ID operates at device level only and is not accessible to Vport)
  • Profile photo uploads

Support & Legal Notices:

  • Information you voluntarily supply when contacting [email protected] or submitting a DMCA notice

4.1b Professional Creator Verification & Onboarding

Vport selectively authorizes professional Creators to upload Content to the platform. There is no public creator signup or application process. All creator onboarding occurs as follows:

  • Creators are identified and approached by Vport through professional networks and direct outreach
  • All contract execution, tax documentation (W-9, W-8BEN, EIN, SSN), and banking information is collected entirely outside the app through secure offline processes
  • Creator accounts are activated manually by Vport staff after offline contract completion
  • No creator tax, banking, or financial information is collected through the Vport app or website

4.2 Automatically Collected Information

Device & Log Data:

  • IP address (retained in identifiable form for 30 days, then hashed for aggregate analytics)
  • Apple IDFV (Identifier for Vendors) for session management
  • Installation UUID for crash attribution
  • Crash reports and system performance logs (retained 30 days, then deleted)
  • OS version and browser type

We do NOT collect: IDFA (Identifier for Advertisers), device fingerprints, or cross-app tracking identifiers.

Usage Data:

  • Concert title and watch time (stored internally for service functionality; not shared with third-party analytics providers)
  • Features used (search, filters, playback controls)
  • Session duration and interaction timestamps
  • Individual user identifiers removed after 30 days; data aggregated thereafter

Location Data:

  • We do not request device location permissions (GPS)
  • We process IP addresses for security, fraud prevention, and network routing purposes
  • Our analytics provider (Firebase) may derive approximate location (country/region level) from IP addresses for aggregate reporting
  • We do not use precise geolocation or perform geo-fencing

4.3 Apple Vision Pro Spatial Data

All spatial processing occurs on-device. Vport never receives:

  • Raw camera images or passthrough video
  • Depth maps or spatial mesh data
  • Hand-tracking vectors or hand skeleton models
  • Eye-gaze data or eye-tracking vectors
  • Room geometry or environmental mapping

What Vport receives: Only discrete interaction events (tap, select, scroll) – the same types of inputs generated by a mouse or touchscreen.

Retention: Spatial data is held in volatile memory (RAM) only and purged automatically when the session ends. No persistent storage occurs.

No Derived Biometrics: We do not use spatial interaction data to identify individual users, build biometric profiles, or derive unique biometric identifiers.

4.4 Third-Party Sources

Payment Processing:

For Viewers (Customers):

  • All in-app purchases are processed exclusively through Apple's In-App Purchase system
  • Vport does not collect, process, or store Viewer financial information (credit card numbers, billing addresses, or payment credentials)
  • Apple processes and retains all Viewer payment data pursuant to Apple's privacy policy
  • Vport receives only: (1) transaction success/failure status, and (2) Apple's transaction receipt for entitlement verification

For Website Purchases:

  • Credit purchases on thevport.com are processed by Stripe
  • Vport receives only: (1) transaction success/failure status, and (2) masked card identifiers (e.g., "Visa ending in 4242")
  • We never receive full card numbers, CVV codes, or raw payment credentials

For Creators:

  • Creator financial data (tax IDs, banking information) is collected entirely offline during the contracting process, never through the app (see Section 4.1b)

5. Purposes & Legal Bases

| Purpose | Legal Basis | | ----- | ----- | | Service delivery (account, streaming, payments) | Contract performance (GDPR Art. 6(1)(b)) | | Security & fraud prevention | Legitimate interests (GDPR Art. 6(1)(f)) | | First-party analytics | Legitimate interests | | Third-party analytics SDK (Firebase) | Consent (EU/UK) / Notice + Opt-out (California) | | Legal compliance (tax reporting, DMCA) | Legal obligation (GDPR Art. 6(1)(c)) | | Marketing emails | Consent (opt-in) |

6. Disclosure of Personal Data

Vport does not sell Personal Data for monetary consideration. Vport does not engage in targeted advertising or cross-context behavioral advertising. However, certain analytics disclosures (described below) may be treated as "sharing" under California law, and California residents may opt out as described in Section 12.2.

6.1 Service Providers (Processors)

We engage third-party vendors under data processing agreements that prohibit secondary use:

| Category | Providers | | ----- | ----- | | Hosting & Infrastructure | Google Cloud Platform, Bunny CDN, Cloudflare | | Analytics | Google Firebase (crash reporting, performance monitoring, app analytics – excluding video watch history) | | Payment Processing | Apple (In-App Purchase for Viewers), Stripe (website only) | | Email Communications | SendGrid | | Customer Support | Chatwoot |

Subprocessor List: Available at thevport.com/subprocessors

Analytics and California Law: Under CPRA's broad definition, our use of Google Firebase for app analytics may constitute "sharing" of personal information, even though Vport does not use Firebase for advertising. Categories potentially shared with Firebase: Identifiers (user ID, device ID), Internet Activity (page views, session data, feature interactions). We do not share your video viewing history (specific concert titles watched) with Firebase or any analytics provider. California residents may opt out of this analytics sharing by emailing [email protected] with subject line "Opt-Out Analytics Sharing," or, when available, via in-app privacy controls.

Video Privacy Protection Act (VPPA) Notice: Vport is committed to protecting your video viewing privacy. We do not disclose your personally identifiable video viewing history to third parties except as strictly necessary for Service delivery (e.g., cloud hosting infrastructure for content delivery). Any such disclosure to service providers is governed by data processing agreements that contractually prohibit use of your viewing history for advertising, marketing, or any purpose unrelated to delivering the streaming service. We do not disclose individually identifiable viewing information to advertisers, data brokers, or any third party for marketing purposes.

6.2 Aggregated Data to Creators

Creators receive only aggregated, non-identifiable statistics (e.g., "500 total views, average watch time 45 minutes"). No Personal Data or individually identifiable viewing history is shared with content creators.

6.3 Legal Requirements & Government Requests

We may disclose data when required by valid subpoena, court order, warrant, or legal obligation. We notify users unless legally prohibited and challenge overbroad requests.

6.4 Business Reorganization

If Vport is acquired, merged, or undergoes change of control, users receive advance notice and Personal Data may transfer as a business asset. Users may request deletion before closing.

6.5 De-Identification Standards

Aggregated Data: Combined with data of other users such that individuals cannot be identified.

De-Identified Data: All identifiers permanently and irreversibly removed. De-identified data is not subject to privacy rights requests.

6.6 California "Shine the Light" (Cal. Civ. Code § 1798.83)

Vport does not disclose Personal Information to third parties for their own direct marketing purposes. Accordingly, California residents are not entitled to a "Shine the Light" disclosure. If our practices change, we will update this section.

7. Biometric Information Policy

Vport does not collect, process, or store biometric identifiers or biometric information as defined by Illinois BIPA, Texas CUBI, Washington biometric privacy law, and other applicable laws.

Hardware Isolation: Biometric authentication (Apple's Optic ID on Vision Pro, Face ID, Touch ID) occurs entirely at the hardware/operating system level. Vport never accesses biometric templates or raw biometric sensor data.

No Derived Biometrics: We do not use spatial interaction data, hand tracking, or eye tracking to identify individual users or derive unique biometric identifiers.

8. DMCA / Copyright Compliance

8.1 Creator Representations

By uploading content under a Content Creator Agreement, Creators represent and warrant they own or control all necessary copyrights and have secured all required licenses. Creators indemnify Vport for any third-party infringement claims.

8.2 DMCA Agent

Designated Agent:

  • Name: Vport Legal Department
  • Address: 369 Arc Court, Hayward, CA 94544, USA
  • Email: [email protected] (preferred contact method)

Takedown Process: Valid takedown notices are acted on promptly. Creators are notified and may file counter-notification. Content is restored if valid counter-notification is received and no court action is filed within the statutory period.

Repeat Infringer Policy: Accounts terminated per 17 USC § 512(i) after repeated valid DMCA notices. Appeals may be submitted to [email protected].

Copyright Office Registration: Our DMCA agent is registered at https://www.copyright.gov/dmca/onlinesp/

9. International Transfers

Vport is based in the United States. Data from users outside the United States is transferred to and processed in the U.S.

9.1 Transfers from EEA

Legal Mechanism: Where required, Vport relies on EU Standard Contractual Clauses (2021), Module 2 (Controller → Processor) and Module 3 (Processor → Processor), with supplementary technical measures including encryption at rest and in transit. Vport is in the process of ensuring that all service provider agreements include the appropriate data processing addenda and SCC annexes.

9.2 Transfers from United Kingdom

We rely on the UK Addendum to the EU Standard Contractual Clauses (International Data Transfer Addendum).

9.3 Transfers from Switzerland

We rely on the EU Standard Contractual Clauses recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

9.4 Article 27 Representative

Vport's processing of EU/UK data subjects' personal data is currently limited in scope and scale. If our EU/UK user base grows to a level requiring appointment of a representative under GDPR Article 27 or UK GDPR Article 27, we will appoint one and update this section accordingly. All GDPR/UK GDPR inquiries may be directed to [email protected].

10. Data Retention

| Data Category | Retention Period | | ----- | ----- | | Account profile data | Life of account + 90 days | | Transaction records (tax) | 7 years (IRS 26 USC § 6001) | | IP/device logs | 30 days, then deleted | | Analytics identifiers | 30 days, then aggregated | | Spatial interaction data | No persistent storage | | Creator tax/banking data | 7 years, then deleted or anonymized | | DMCA takedown records | As long as necessary to administer repeat infringer policy and comply with 17 USC § 512(g) | | Marketing preferences | Until unsubscribe or account deletion |

Backup Deletion: Data is purged from production systems and backups within a reasonable timeframe following verified deletion requests.

11. Security & Breach Notification

11.1 Security Measures

We implement technical and organizational security controls including:

  • Encryption: AES-256 encryption for data at rest; TLS 1.3 for in-transit data
  • Access Controls: Role-based access control (RBAC), multi-factor authentication for admins
  • Infrastructure Security: Firewalls, intrusion detection, regular security assessments

These measures are designed to protect against unauthorized access, alteration, and disclosure. However, no security system is impenetrable.

11.2 Data Protection Impact Assessments

Vport conducts Data Protection Impact Assessments (DPIAs) where required under GDPR Article 35 or when introducing new processing activities that are likely to result in high risk to individuals' rights and freedoms.

11.3 Breach Notification

For All Users: We will notify affected individuals without unreasonable delay, consistent with the legitimate needs of law enforcement and applicable legal requirements.

For California Residents: Notification in compliance with Cal. Civ. Code § 1798.82.

For EEA/UK Residents: Supervisory authority notification within 72 hours where required by GDPR Art. 33; user notification without undue delay if breach poses high risk (GDPR Art. 34).

Notification Methods: Email to account email address and/or in-app notification.

12. Your Privacy Rights

You have rights regarding your Personal Data. The specific rights available to you depend on your location.

12.1 Rights Available to All Users

| Right | Description | | ----- | ----- | | Access | Request a copy of Personal Data we hold | | Correction | Request correction of inaccurate data | | Deletion | Request deletion (subject to legal exceptions) |

How to Exercise: You may request account deletion by emailing [email protected]. If in-app account deletion is available, you may also delete your account through the app's privacy settings.

12.2 California Residents (CPRA/CCPA)

California residents have additional rights under the California Privacy Rights Act:

Right to Know: The categories and specific pieces of Personal Information we collect, sources, purposes, and third parties with whom we share.

Right to Delete: Request permanent deletion of Personal Information, subject to exceptions under CPRA § 1798.105(d).

Right to Correct: Request correction of inaccurate Personal Information.

Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of Personal Information by emailing [email protected] with subject line "Do Not Sell or Share," or via the "Do Not Sell or Share My Personal Information" link at thevport.com when available. We will also provide in-app opt-out controls as they become available.

Right to Limit Use of Sensitive Personal Information: Currently, all our uses of Sensitive Personal Information fall within permitted purposes under CPRA § 1798.121(b).

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf with written authorization.

Right to Appeal: If we deny your request, you may appeal by emailing [email protected] with subject line "PRIVACY APPEAL." If the appeal is denied, we will provide instructions for contacting the California Attorney General.

Response Timeline: We respond to verified requests within 45 calendar days, extendable by an additional 45 days as permitted by law, with notice to you.

Financial Incentives: Vport does not offer financial incentives conditioned on Personal Information collection.

Annual Metrics: If and when Vport meets the thresholds requiring publication of annual privacy request metrics under 11 CCR § 7102, such metrics will be published at thevport.com/privacy-metrics.

12.3 U.S. State Privacy Law Residents

Residents of U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Montana, Delaware, Oregon, Florida, Iowa, Indiana, Tennessee, New Jersey, New Hampshire, Maryland, Minnesota, Nebraska, Kentucky, and Rhode Island) have the following rights:

Rights:

  • Right to Access: Confirm whether we process your Personal Data and access such data
  • Right to Delete: Delete Personal Data (subject to legal exceptions)
  • Right to Correct: Correct inaccuracies in your Personal Data
  • Right to Data Portability: Obtain a copy of Personal Data in a portable format
  • Right to Opt-Out of: Targeted advertising, sale of Personal Data, and profiling producing legal or similarly significant effects

Note on Profiling: We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. We do not use your data for targeted advertising or cross-context behavioral advertising.

Right to Appeal: If we decline to act on your request, you may appeal via [email protected] with "PRIVACY APPEAL" in the subject line. Appeal responses will include information about how to contact your state's Attorney General.

Response Timeline: Within legally required timeframes (generally 45–60 days as permitted by applicable law).

12.4 EEA/UK Residents (GDPR/UK GDPR)

EEA and UK residents have the following rights under GDPR:

  • Right of Access (Art. 15)
  • Right to Rectification (Art. 16)
  • Right to Erasure (Art. 17)
  • Right to Restriction of Processing (Art. 18)
  • Right to Data Portability (Art. 20): Receive Personal Data in a structured, machine-readable format
  • Right to Object (Art. 21)
  • Right to Withdraw Consent (Art. 7(3))
  • Right Not to Be Subject to Automated Decision-Making (Art. 22): We do not make solely automated decisions that produce legal effects without human oversight

Response Timeline: Within one (1) month, extendable by two additional months as permitted by GDPR Art. 12(3), with notice to you.

Right to Lodge a Complaint: You may lodge a complaint with your local supervisory authority:

  • EU residents: https://edpb.europa.eu/about-edpb/board/members_en
  • UK residents: https://ico.org.uk

12.5 Canada (PIPEDA) Residents

Canadian residents have rights to access, correction, and consent withdrawal under PIPEDA.

Response Timeline: Within 30 days.

Privacy Commissioner: https://www.priv.gc.ca

12.6 Data Deletion – Implementation

Upon receiving a verified deletion request:

  • Account access is revoked promptly upon verification
  • Personal Data is deleted from production databases
  • Data is purged from backup systems within a reasonable timeframe

What We Retain (Legal Exceptions):

  • Transaction records (anonymized): 7 years (IRS 26 USC § 6001)
  • Fraud/security logs (hashed): As required for security purposes
  • DMCA takedown records: As required for repeat infringer policy

Deletion Confirmation: You will receive an email confirmation of your deletion request.

12.7 Nevada Residents

Under Nevada law (SB 220), residents may opt out of the sale of certain covered personal information. Although Vport does not sell your data, you may register for this opt-out by emailing [email protected] with the subject line "Nevada Opt-Out Request."

13. Creator-Specific Privacy Rights

13.1 Creator Tax Data Privacy

Tax identification numbers and banking information are:

  • Collected entirely offline during the contracting process, never through the Vport app or website
  • Treated as Sensitive Personal Information
  • Encrypted at rest and in transit
  • Accessible only to authorized financial and accounting personnel
  • Used solely for: IRS Form 1099 reporting, payout processing, fraud prevention, and legal compliance

13.2 Creator Privacy Rights

Right to Know: Creators may request what tax and banking data Vport holds.

Right to Delete: Creators may request deletion. Limitation: Vport must retain tax data for 7 years per IRS requirements (26 USC § 6001).

Right to Correct: Creators may request correction by submitting documentation to [email protected].

Right to Data Portability: Creators may request export of their aggregated analytics data and payout history in a machine-readable format (e.g., CSV) by contacting [email protected].

13.3 Creator Content Ownership

Creators retain full ownership of their content. Vport's license is limited to distribution and public display on the platform. Creators may request content removal at any time.

13.4 Payout Disputes

Creators may request payout history by contacting [email protected]. If a Creator Dashboard is available, Creators may also access payout history through the dashboard. Disputes may be submitted to [email protected] with "PAYOUT DISPUTE" in subject line.

14. Cookies & Tracking Technologies

14.1 What We Use

Essential (Always Active):

  • Session authentication cookies
  • Local storage for user preferences (volume, theme)

14.2 Analytics SDK (Firebase)

  • Uses IDFV (Identifier for Vendors), not IDFA
  • Firebase is configured without cross-app tracking or advertising coordination
  • Video viewing history (specific concert titles) is NOT shared with Firebase
  • EU/UK: Firebase analytics will be disabled until affirmative consent is obtained
  • California: Opt-out available by emailing [email protected] or, when available, via in-app privacy settings

14.3 Preference Signals

| Signal | Response | | ----- | ----- | | Global Privacy Control (GPC) | Honored as a valid opt-out of the "sale" or "sharing" of Personal Information under applicable law, including CPRA. When we detect a GPC signal from your browser, we treat it as a request to opt out of analytics sharing described in Section 6.1 | | Universal Opt-Out Mechanism (UOOM) | Honored as a valid opt-out request under applicable state privacy laws | | Do Not Track (DNT) | Not responded to (no industry standard) |

14.4 App Tracking Transparency (ATT)

Vport does not request ATT permission because we do not track users across apps or websites owned by other companies for advertising purposes.

15. Children's Privacy

Vport is strictly intended for users 18 years of age or older. We do not knowingly collect Personal Data from anyone under 18.

15.1 Age Verification Process

At signup, we collect date of birth as the first standalone step via a neutral date picker. If you indicate you are under 18, we immediately terminate the signup process without collecting or storing any additional information, such as email or username. Accounts are not created for users under 18.

15.2 Discovery of Underage Users

If we discover that a user is under 18, we will promptly delete the account and all associated Personal Data. If the user is under 13, deletion is performed immediately upon discovery in compliance with COPPA. Parents or guardians may contact [email protected].

16. Automated Decision-Making

Human Oversight: Vport uses automated systems to flag potentially violating content and detect suspicious account activity. However, all enforcement actions (content removal, account suspension) include human review before implementation.

Recommendations: We may use aggregated usage patterns to recommend concerts/events. These recommendations do not produce legal effects and do not involve profiling that produces legal or similarly significant effects on users.

No AI Training: We do not use user data to train Generative AI models.

17. Data Broker Disclosure

Vport is not a "data broker" as defined under the California Delete Act (SB 362, Cal. Civ. Code § 1798.99.80 et seq.) or any other applicable state data broker registration law. We do not knowingly collect and sell the personal information of consumers with whom we do not have a direct relationship.

18. Contact

Vport, LLC

Data Protection Inquiries: All privacy and data protection inquiries should be directed to [email protected].

19. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Services at least thirty (30) days prior to the change becoming effective. We encourage you to review this Policy periodically.

Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated Policy.

20. Governing Law & Dispute Resolution

Governing Law: State of California, USA.

Dispute Resolution: Subject to the dispute resolution provisions in Vport's Terms of Service.

21. Apple Vision Pro Privacy Notices

21.1 visionOS Permissions

| Feature | Vport Receives | Vport Does NOT Receive | | ----- | ----- | ----- | | ARKit (Spatial Awareness) | Abstract positioning data to place 3D objects | Raw spatial mesh, room layouts, environmental photos | | Hand Tracking | Tap/select events only | Continuous hand position, hand skeleton models | | Eye Tracking | Standard input events (via visionOS) | Raw eye gaze data, eye tracking vectors | | Passthrough Camera | Nothing | Camera feeds, images, video |

21.2 Other Apple Platforms

Vport does not currently offer applications for iPhone, iPad, or Mac.

22. Apple Privacy Manifest (PrivacyInfo.xcprivacy)

Vport's Apple Vision Pro app includes a Privacy Manifest as required by Apple, declaring Required Reason APIs used by the app and any included SDKs.

Tracking Declaration:

  • NSPrivacyTracking: false – we do not track users across apps for advertising

Data Collection Categories Declared:

  • Usage Data (Product Interaction): Linked to User ID – feature interactions, session duration
  • Diagnostics (Crash Data): Linked to User ID initially, then aggregated

Data NOT Collected by Vport App:

  • Financial Info: Viewer payments are processed entirely by Apple via In-App Purchase; Vport receives only transaction receipts
  • Precise Location: Not collected

These declarations are designed to match our App Store Privacy Nutrition Label.

23. Accessibility

Available Formats:

  • Web: thevport.com/privacy
  • In-app: Settings → Privacy Policy

Accessibility Features:

  • We endeavor to make this Privacy Policy accessible and compatible with common assistive technologies, including screen readers
  • High contrast mode supported where available

Language: English. Assistance available at [email protected].

— END OF PRIVACY POLICY —

Vport, LLC
369 Arc Court, Hayward, CA 94544, USA
[email protected]

vport

Virtual live concert is now reality!

FAQs
Privacy policy
Terms & condition
Contact us
Support
Guides

Get in touch

[email protected]
Copyright © 2026Vport LLC. All rights reserved.