Band Artist Booking
← Back to Home

Privacy Policy

Last updated: April 2026 · Version 1.0

Summary

We collect only the data necessary to provide our service. We never sell your personal data. You can export, correct, or delete your data at any time through your account settings.

1. Data Controller

Band Artist Booking ("we", "us", "our") is the data controller responsible for your personal data. If you have questions about how we handle your data, contact us at our contact page.

2. Information We Collect

We collect the following categories of personal data:

2.1 Information you provide directly

  • Account data: Name, email address, password (stored hashed)
  • Profile data: Display name, bio, profile photo, genres, instruments, gig types
  • Location data: Country, state/region, city, postal code (voluntarily provided)
  • Contact data: Phone number (optional, visibility controlled by you)
  • Social links: Instagram, YouTube, Facebook, Spotify URLs
  • Content: Gig photos, videos, audio recordings, messages, booking details
  • Consent records: Timestamps of your terms acceptance and marketing consent

2.2 Information collected automatically

  • Device data: Browser type, operating system, device type
  • Usage data: Pages visited, features used, profile views (anonymized)
  • Analytics data: Only collected if you consent to analytics cookies
  • Push notification tokens: If you enable push notifications on mobile

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide you the Platform services — account management, bookings, messaging, profile display
  • Consent (Art. 6(1)(a)): Marketing use of your profile and content, analytics cookies, marketing cookies
  • Legitimate interest (Art. 6(1)(f)): Platform security, fraud prevention, service improvement
  • Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, responding to lawful requests

4. How We Use Your Information

  • Provide, operate, and maintain the Platform
  • Display your public artist/band profile in the feed, search results, and on affiliated websites operated by Band Artist Booking (e.g. bendzavencanja.com, bendzaveselja.com, bendzarodjendan.com, and other niche booking domains) to increase your visibility to potential clients
  • Process bookings and facilitate communication between users
  • Send transactional emails (verification, booking confirmations, password resets)
  • Send push notifications (if enabled) for bookings, messages, and platform activity
  • Improve the Platform based on anonymized usage patterns
  • Prevent fraud, abuse, and Terms of Service violations
  • With your explicit marketing consent: use your profile and content for promotional purposes

5. Marketing Use of Profiles and Content

If you have given explicit marketing consent (opt-in during registration or through your account settings), we may use your public profile information, uploaded images, gig photos, and other content for promotional purposes. This includes social media posts, advertisements, newsletters, app store listings, and press materials.

Marketing consent is:

  • Optional: Not required to use the Platform
  • Separate: Independent from your acceptance of Terms of Service
  • Revocable: You can withdraw consent at any time in your account settings
  • Recorded: We store the timestamp of when consent was given or withdrawn

6. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following categories of processors, all of whom are contractually bound to protect your data:

ServicePurposeData shared
SendGridTransactional emailsEmail address, name
LemonSqueezyPayment processingEmail, subscription data
ExpoPush notifications (mobile)Push token, notification content
AWS S3File storageUploaded images, audio, video
Google AnalyticsWebsite analytics (if consented)Anonymized usage data

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you. Use the "Download my data" feature in Settings.
  • Right to rectification (Art. 16): Correct inaccurate data through your profile settings, including your name and email.
  • Right to erasure (Art. 17): Delete your account and all associated data through Settings → Delete Account.
  • Right to restrict processing (Art. 18): Request that we limit how we use your data. Contact us to exercise this right.
  • Right to data portability (Art. 20): Export your data in machine-readable JSON format via Settings → Download my data.
  • Right to object (Art. 21): Object to processing based on legitimate interest. Contact us to exercise this right.
  • Right to withdraw consent (Art. 7): Withdraw marketing consent at any time via Settings without affecting the lawfulness of prior processing.

To exercise any of these rights, use the self-service options in your account settings or contact us at our contact page. We will respond within 30 days.

8. Cookies and Tracking Technologies

Necessary Cookies (Always Active)

Essential for authentication, security, and core Platform functionality. Cannot be disabled.

Analytics Cookies (Opt-in)

Help us understand how visitors interact with the Platform. Only activated if you consent via the cookie banner.

Marketing Cookies (Opt-in)

Used for targeted advertising. Only activated if you consent via the cookie banner.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the Platform.

9. Data Retention

  • Active accounts: Data is retained for as long as your account is active
  • Deleted accounts: Personal data is permanently deleted upon account deletion. Anonymized analytics data may be retained.
  • Legal obligations: Payment records may be retained for up to 5 years as required by tax and financial regulations
  • Consent records: Records of consent (timestamps) are retained for compliance purposes even after withdrawal

10. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Bcrypt hashing for passwords (never stored in plain text)
  • Token-based authentication with automatic rotation
  • Encrypted file storage on AWS S3
  • Rate limiting and abuse prevention on all API endpoints

11. International Data Transfers

Your data may be processed by third-party services located outside the EEA (e.g., AWS, SendGrid). Where applicable, these transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.

12. Children's Privacy

The Platform is not intended for users under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email at least 30 days before taking effect. The version number and date at the top of this page indicate the current version.

14. Supervisory Authority

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority. For users in Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection.

15. Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact us at our contact page.