Privacy Policy for Band Me Up

1. Who We Are

pixel61 ltd
Company No. 17190599
7 Newton Road
Swanage
BH19 2EA
United Kingdom
Email: hello@bandmeup.com
ICO registration: ZC136134

Band Me Up is operated by pixel61 ltd, a company registered in England and Wales. We are the data controller for personal data processed through the Service and comply with UK GDPR and the Data Protection Act 2018.

2. What Information We Collect

• Full name
• Email address
• Payment information (processed securely via Stripe)
• Account login credentials (managed via Supabase)
• Uploaded content, including music files, images, videos, event details, social media links, and YouTube URLs
• Band information (band name, location, genre, formation year, bio, member details)
• Integration credentials (optional: Patreon OAuth tokens, Bandsintown API keys, Mailchimp API keys)
• Custom domain settings (if configured)
• Venue and address search queries (and the IP address making the request) when you use the venue or address autocomplete on band gigs and profile fields. These are forwarded to Mapbox via our server proxy.
• Account details from users of free tools (including the free band availability tool) and from members invited to a band via an event invite link.
• Usage data and analytics (page views, track plays, visitor interactions)

3. How We Collect Information

Information is collected when you:

• Create an account
• Create or manage a band profile
• Subscribe to paid services
• Upload content (music, images, videos, events)
• Configure custom domains
• Connect third-party integrations (Patreon, Bandsintown, Mailchimp)
• Submit contact forms to bands
• Use the venue or address autocomplete when editing band gigs or profile information
• Use the free band availability tool, or join a band via an event invite link
• Use the website (analytics data may be collected via Google Analytics)

Some information may be collected automatically via third-party services, cookies, or through your device.

4. Contact Forms & Messaging

When you use contact forms to send messages to bands, we collect:

• Your name and email address
• Message subject and content
• IP address (temporarily stored for spam protection)
• Date and time of message submission

Access: Only the band you contact can view your message. Messages are private between you and the band.

Retention: Messages are stored to facilitate ongoing communication and remain in place until either party deletes them, or until the band itself is deleted. IP addresses attached to contact-form submissions are retained for 30 days for spam protection.

Deletion: You can request deletion of your messages by contacting us directly.

5. Why We Collect Your Information

• Provide and operate the Service
• Manage user accounts and subscriptions
• Facilitate payments and billing (via Stripe)
• Allow you to publish and manage content on your band website
• Enable communication between fans and bands (contact forms, messages)
• Send transactional emails (welcome emails, payment reminders, notifications)
• Facilitate third-party integrations you choose to enable
• Display your band's content publicly when you publish your site
• Maintain security and prevent fraud or abuse
• Comply with legal obligations
• Improve our service via analytics and usage data

We do not sell your data or share it with advertisers. We do not use your data for cross-site tracking or behavioural advertising.

6. Data Sharing & Third Parties

6.1 Essential Service Providers

We only share your data with trusted third parties necessary to deliver our services:

• Stripe – for payment processing and subscription management
• Supabase – for authentication, account management, and database storage
• AWS (Amazon Web Services) – for secure hosting and file storage (media uploads)
• Cloudflare Turnstile – protects sign-up and login from automated abuse (bots). It runs a silent, invisible check in your browser and may process limited technical data (such as your IP address and browser signals) to confirm you are human. Its use is governed by Cloudflare's Turnstile Privacy Addendum.
• Resend – for transactional emails (welcome emails, notifications, payment reminders)
• Mapbox – powers venue and address autocomplete when you edit band gigs or profile information. Your search text and IP address reach Mapbox via our server proxy.
• Google Analytics – for usage analytics and performance insight

6.2 Optional Third-Party Integrations

If you choose to enable optional integrations, your data may be shared with:

• Patreon – if you connect Patreon to display your membership tiers on your band page. We access your Patreon campaign data (tier information, pricing, patron counts) via OAuth with your explicit permission.
• Bandsintown – if you connect Bandsintown to automatically import tour dates. We access your event data using your Bandsintown API key.
• Mailchimp – if you connect Mailchimp to collect fan email subscriptions. We use your Mailchimp API key to add subscribers to your mailing list. We do not access other Mailchimp data.

These integrations are entirely optional. You control which services to connect and can disconnect them at any time. When you connect these services, you also agree to their respective privacy policies.

We do not sell or share your data for marketing or advertising purposes.

7. International Users

Our Service is available worldwide. By using the Service, you acknowledge that your information may be transferred to and processed in countries outside your own, including countries that may not provide the same level of data protection. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to jurisdictions covered by a UK adequacy decision.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete data
• Request deletion of your data (subject to legal retention obligations)
• Restrict or object to processing under certain conditions
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent for optional features at any time

You can manage your profile information directly within your account settings. To delete your band and all associated data, use the Delete Band option in your band admin Settings page. You will have a 30-day grace period to change your mind before data is permanently deleted. For data export or other privacy rights, please contact us at support@bandmeup.com.

We will respond to your request within 30 days. Please note that certain data may be retained for legal, security, or operational purposes even after deletion is requested.

Right to complain: If you believe we have not handled your personal data in line with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk or by calling 0303 123 1113. We would appreciate the chance to address your concerns first, so please consider contacting us at support@bandmeup.com before raising a complaint with the ICO.

9. User-Generated Content

By uploading content (including music, images, and event details) to Band Me Up, you confirm that:

• You own the rights to the content or have permission to publish it
• You grant us permission to display, stream, and make your content available via the platform
• You understand that unauthorised use of copyrighted material is prohibited
• We reserve the right to remove any content that is reported, flagged, or suspected to infringe copyright or breach our Terms of Use

We do not claim ownership of your content.

AI training: We do not use your content to train, fine-tune, or evaluate any machine learning model. If this ever changes, we will ask for your explicit opt-in consent.

10. Cookies

We do not use cookies for advertising or personalisation. We use a small number of cookies grouped into the categories below. Strictly necessary cookies are required for the site to function and are always on. Optional categories are off by default and only set after you give consent via our cookie banner.

You can change your choice at any time using the Cookie preferences link in the footer.

Note: revoking analytics consent stops future tracking on your next visit; cookies already set in the current session are not retroactively removed by your browser.

11. Data Security

• All connections are protected via SSL encryption
• All data is securely stored and managed via Supabase
• Access is restricted and monitored
• Authentication event logs (sign-ins, password resets, token refreshes) are retained by our authentication provider for up to 7 days for security monitoring and abuse prevention
• Backups may be retained for up to 30 days post-deletion for disaster recovery

12. Children's Privacy

Our Service is intended for users aged 18 and over due to the subscription nature of the platform. We do not knowingly collect data from anyone under 18. If you believe a child under 18 has provided us with personal data, please contact us so we can remove the information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new “Last Updated” date. We recommend reviewing it periodically.

14. Contact Us

If you have any questions about this Privacy Policy or your data, please contact:

Email: support@bandmeup.com