Throne Room

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Throne Room LLC ("Company," "we," "us," or "our"), a limited liability company organized under the laws of the State of Idaho with its principal place of business in Twin Falls, Idaho, operates Throne Room at throneroom.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Information You Provide:

  • Account information: email address, display name, password (hashed)
  • Review content: text, star ratings, tags, and photographs
  • Business owner verification: phone number (for SMS verification only)
  • Communications: reports, support requests

Information Collected Automatically:

  • Device information: browser type, operating system, device identifiers
  • Usage data: pages visited, features used, timestamps
  • IP address and approximate location (via Cloudflare)
  • Cookies and similar tracking technologies (see our Cookie Policy)

Information from Third Parties:

  • Google Places API: business names, addresses, phone numbers, photos
  • OAuth providers (Google, Apple): email address and display name when you choose social sign-in

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To display your reviews, ratings, and photos to other users
  • To verify business ownership via SMS
  • To detect and prevent fraud, abuse, and Terms violations
  • To communicate with you about your account and Service updates
  • To comply with legal obligations

4. Data Processing & Sub-Processors

We use the following third-party services to process your data:

  • Supabase (Supabase Inc.): Database hosting, authentication, and file storage. Data is stored in Supabase-managed PostgreSQL databases with row-level security (RLS) policies enforced. Data may be processed in the United States. Supabase Privacy Policy
  • Cloudflare (Cloudflare, Inc.): DNS, CDN, DDoS protection, and web analytics. Cloudflare processes IP addresses and request metadata to deliver and secure the Service. Cloudflare Privacy Policy
  • Vercel (Vercel Inc.): Application hosting and deployment. Vercel Privacy Policy
  • Twilio (Twilio Inc.): SMS delivery for business verification. Phone numbers are transmitted to Twilio solely for sending verification codes. Twilio Privacy Policy
  • Google (Alphabet Inc.): Google Places API for business data, Google OAuth for authentication. Google Privacy Policy

5. Data Sharing & Disclosure

Your reviews, ratings, display name, and photos are publicly visible to all Service users. We do not sell your personal information. We may disclose personal information:

  • To our sub-processors listed above, solely to operate the Service
  • To comply with applicable law, regulation, legal process, or governmental request
  • To enforce our Terms of Service and protect our rights
  • In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, all associated personal data, reviews, photos, and comments are permanently deleted within 30 days. We may retain anonymized or aggregated data for analytics purposes. Certain data may be retained longer if required by law.

7. Your Rights Under GDPR (EEA/UK Residents)

If you reside in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we restrict processing of your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Our legal basis for processing personal data includes: contract performance (providing the Service), legitimate interests (security, fraud prevention, improvement), consent (cookies, marketing), and legal obligations. To exercise your rights, contact us at privacy@throneroom.app. We will respond within 30 days.

8. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) provides you the following rights:

  • Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information. We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights
  • Right to Correct: Request correction of inaccurate personal information

Categories of personal information collected in the past 12 months: identifiers (email, display name, IP address), internet/electronic activity (usage data, device info), and user-generated content (reviews, photos). To submit a verifiable consumer request, email privacy@throneroom.app.

9. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us personal information, we will delete it promptly. If you believe a child under 13 has provided us personal information, please contact us immediately.

10. Security

We implement industry-standard security measures to protect your data, including: HTTPS/TLS encryption for all connections, bcrypt password hashing, row-level security (RLS) policies in our database, encrypted file storage, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are accessing the Service from outside the United States, you consent to the transfer of your data to the U.S. We rely on Standard Contractual Clauses and other lawful transfer mechanisms where required.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notice at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Information

Throne Room LLC
Twin Falls, Idaho
Email: privacy@throneroom.app

For GDPR inquiries, our Data Protection Contact can be reached at the email above.

Back to home