Privacy Policy

Introduction

GigReady ("we", "us", or "our") operates the website gigready.band (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using GigReady, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. If you join a band on GigReady, other band members can see your name and email address.

Band and Music Data

We store the content you create within the Service, including band profiles, song catalogs, setlists, gig and practice details, booking inquiries, and any notes or metadata you add.

Payment Information

Payments are processed by Stripe. We do not store your credit card number or full payment details on our servers. Stripe may collect information necessary to process your payment, including your name, email, and billing address. Please refer to Stripe's Privacy Policy for more details.

Images

If you upload images (such as band logos or profile photos), they are stored using Supabase Storage. Band logos and profile photos uploaded to public band pages are publicly accessible. Images uploaded within private band workspaces are accessible only to band members via their URL.

Newsletter Subscription

If you subscribe to our newsletter, we collect your email address. Newsletter emails are sent via Resend.

How We Use Your Information

• To provide, maintain, and improve the Service
• To process payments and manage your subscription
• To send transactional emails (account verification, password resets, band invitations)
• To send newsletter communications (if you opted in)
• To generate song search embeddings using OpenAI (song title and artist name only)
• To detect and prevent spam or abuse using Google reCAPTCHA
• To respond to your inquiries and provide customer support

Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on the following legal grounds:

• Contractual necessity — Processing your account data, band data, and payment information is necessary to provide the Service to you under our Terms of Service.
• Legitimate interest — We process data for spam and abuse prevention (via Google reCAPTCHA) and to improve the Service, where our legitimate interests are not overridden by your rights and freedoms.
• Consent — We rely on your consent for optional processing, such as newsletter subscriptions and SMS notifications. You may withdraw your consent at any time by updating your preferences or contacting us at privacy@gigready.band.

Third-Party Services

We use the following third-party services to operate GigReady:

• Supabase — Database hosting and image storage (Privacy Policy)
• Stripe — Payment processing (Privacy Policy)
• Amazon Web Services (AWS) — Application hosting (Privacy Policy)
• Google reCAPTCHA — Spam and abuse protection (Privacy Policy)
• OpenAI — Song search embeddings (song title and artist only). Data sent to OpenAI via their API is not used to train their models and is subject to OpenAI's API data usage policies. (Privacy Policy)
• Resend — Transactional and newsletter emails (Privacy Policy)
• Twilio — SMS notifications (if enabled) (Privacy Policy)

Cookie Policy

GigReady uses cookies and similar technologies to operate the Service. Here is how we use them:

Essential Cookies

These cookies are required for the Service to function. They include session cookies that keep you logged in and CSRF tokens that protect against cross-site request forgery. You cannot opt out of essential cookies while using the Service.

Third-Party Cookies

Google reCAPTCHA may set cookies to distinguish humans from bots. These cookies are governed by Google's Privacy Policy.

Stripe may set cookies during the checkout process to prevent fraud and process payments. These cookies are governed by Stripe's Privacy Policy.

Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

Data Security

We take reasonable measures to protect your personal information, including encryption in transit (TLS/SSL) and at rest. However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request a portable copy of your data
• Withdraw consent for optional processing (e.g., newsletter)

To exercise any of these rights, please contact us at the email address below.

California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know — You have the right to request information about the categories and specific pieces of personal information we have collected about you.
• Right to delete — You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to opt-out — You have the right to opt out of the sale or sharing of your personal information.
• Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes.

To submit a request to exercise your CCPA rights, please contact us at privacy@gigready.band. We will verify your identity before processing your request.

Do Not Sell My Personal Information

GigReady does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. If you have any questions or concerns, please contact us at privacy@gigready.band.

Children's Privacy

GigReady is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.

For users in the European Economic Area, the minimum age is 16 unless the member state has set a lower age (but not below 13).

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email:privacy@gigready.band