Privacy Policy

Introduction

BandTogether (“we,” “us,” or “our”) is a band management platform that helps bands organize songs, setlists, calendar events, and members. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application and related services (collectively, the “Service”).

By using BandTogether, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.

Information We Collect

Information You Provide

Account Information. When you create an account, we collect your email address and display name. Your password is stored securely by our authentication provider (Supabase); we never have access to your plaintext password.

Third-Party Sign-In. If you sign in with Google or Apple, we receive a limited profile from those services (typically your name and email address). We do not receive or store your Google or Apple password.

Band and Music Data. When you use BandTogether, you and your bandmates may create and store band names and settings, song metadata (titles, artists, keys, notes, tags, and external links), setlists and song ordering, calendar events (gigs, practices, and recurring schedules), and member roles and instrument assignments. This data is created by you and your bandmates and is shared with other members of the same band.

Communications. If you contact us for support or feedback, we may collect the content of your message along with your email address so we can respond.

Information from Third-Party Services

Spotify Data. If you choose to use our Spotify integration, we access Spotify playlist data on your behalf to preview and import song information (playlist names, track titles, and artist names) into your band's repertoire. We do not store your Spotify credentials, access your Spotify listening history, or access your Spotify account beyond this import functionality.

Information Collected Automatically

When you use the Service, we may automatically collect device information (device type, operating system and version, and a unique device identifier), usage data (app session information, feature usage patterns, and interaction data), and crash and performance data (crash reports, error logs, and performance diagnostics).

We do not currently use third-party analytics services. If we introduce analytics tools in the future, we will update this policy before doing so.

How We Use Your Information

We use the information we collect to provide, maintain, and deliver the Service; authenticate your identity and manage your account; enable collaboration between band members; send transactional emails such as band invitations and account notifications; analyze general usage patterns and improve the Service; respond to support requests; and detect, prevent, and address fraud, abuse, and security risks.

We do not sell your personal information. We do not use your data for advertising or ad targeting. We do not engage in cross-app tracking.

How We Share Your Information

With Your Bandmates. Band-related data (songs, setlists, events, member names, roles, and instruments) is visible to all members of the bands you belong to.

With Service Providers. We use the following third-party services to operate BandTogether: Supabase (database hosting, authentication, and user account management), Vercel (API hosting and serverless infrastructure), Amazon Web Services SES (transactional email delivery), and Spotify (song and playlist metadata retrieval, only when you initiate an import).

Legal Requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request.

We do not share your data with third parties for marketing or advertising purposes.

Data Storage, Security, and Retention

Your data is stored on secure servers provided by Supabase and Vercel, both located in the United States. We use industry-standard security measures including encrypted connections (TLS/HTTPS) for all data in transit, secure authentication tokens (JWT), row-level security policies, and role-based access controls.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law. Band content you contributed may remain visible to other band members after your account is deleted, but will no longer be associated with your personal information.

Your Rights and Choices

You can access your data by viewing your profile, bands, songs, setlists, and events within the app. You can update your information by editing your profile or band content. You can delete your account directly within the app through Settings. You can leave a band at any time, which removes your access to that band's data.

If you are located in the EEA or UK, you have additional rights under the GDPR, including the right to access, rectification, erasure, restriction, data portability, and the right to withdraw consent. Our legal bases for processing are performance of a contract, legitimate interests, and consent.

If you are a California resident, you have rights under the CCPA/CPRA. Categories of personal information collected in the past 12 months include identifiers (email address, display name, device identifiers) and internet or electronic network activity (app usage data, crash reports). We do not sell or share your personal information as defined under the CCPA/CPRA.

To exercise any of these rights, contact us at support@bandtogether.life.

Children's Privacy

BandTogether is not directed at children under the age of 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected data from a child under the applicable age, we will take steps to delete it promptly.

International Data Transfers

If you are using the Service from outside the United States, please be aware that your data is transferred to and processed in the United States, where our servers and service providers are located. We take steps to ensure your data is treated securely and in accordance with this policy regardless of where it is processed.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where practicable, provide notice through the app. Your continued use of BandTogether after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise any of your privacy rights, contact us at: support@bandtogether.life

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.