Bandtopia ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service. The Service is currently available to US-based users only.

We collect the following categories of information:

• Account information: Name, email address, and authentication data provided via Auth0.
• Band data: Band name, location, member roster, and profile information.
• Booking data: Venue details, event dates, contact history, hold dates, and offer rounds.
• Financial data: Gig fees, expenses, and invoice information you enter into the Service.
• Repertoire data: Song titles, setlists, and related notes.
• Usage data: Log files, IP addresses, and interaction data collected automatically.

We use your information to:

• Provide, operate, and maintain the Service.
• Improve and personalize your experience.
• Send transactional emails (booking alerts, invites, notifications).
• Respond to your support requests.
• Comply with legal obligations.

We do not use your data for advertising or sell it to third parties.

Your data is stored on AWS infrastructure in the United States. We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security reviews.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We use the following third-party services to operate the platform:

• Auth0: Authentication and identity management.
• AWS: Cloud infrastructure and storage.
• SMTP providers: Transactional email delivery (configurable per account).

Each third-party service has its own privacy policy governing their use of data.

As a user, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Export your data in a portable format (where technically feasible).

To exercise any of these rights, contact us at legal@bandtopia.io.

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where retention is required by law.

We use localStorage (not traditional cookies) to store your authentication session and active band selection. No tracking cookies or third-party analytics cookies are used.

The Service is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, contact us and we will promptly delete it.

We may update this Privacy Policy periodically. We will notify active users of material changes by email. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Questions about this Privacy Policy? Contact us at legal@bandtopia.io.