Privacy Policy

Effective date: March 3, 2026

This Privacy Policy explains how Bandslide (“we,” “us,” or “our”) collects, uses, and shares information when you use Bandslide (the “Service”).

1. Information we collect

Information you provide

  • Account information (e.g., email, name/handle, password or authentication tokens).
  • Profile and content you add (e.g., bio, links, photos, songs/sets, gigs, venues, messages).
  • Support communications (e.g., messages you send to support).

Information we collect automatically

  • Usage data (e.g., pages viewed, actions taken, approximate timestamps, referring URLs).
  • Device and log data (e.g., IP address, browser type, operating system, error logs).
  • Cookies and similar technologies used for authentication, preferences, and analytics (where enabled).

Information from third parties

If you connect third-party accounts or embed third-party content (e.g., social platforms, music/video providers), those services may provide information to us based on your settings with them.

2. How we use information

We use information to:

  • Provide, maintain, and secure the Service (including authentication and preventing abuse).
  • Personalize your experience (e.g., preferences, saved settings).
  • Operate public features you enable (e.g., public profile pages or public gig calendars).
  • Provide customer support and respond to requests.
  • Monitor performance, fix bugs, and improve the Service.
  • Send service-related communications (e.g., security alerts, policy updates).

3. How we share information

We may share information in the following ways:

  • Service providers who process data on our behalf to operate the Service. Examples may include:
    • Vercel (hosting, edge/network delivery, logs)
    • Supabase (authentication, database, file storage)
  • Public content you choose to make public (e.g., profile information, links, calendars).
  • Legal and safety if required by law or to protect rights, safety, and security (e.g., responding to valid legal process).
  • Business transfers in connection with a merger, acquisition, or sale of assets (with appropriate protections).

We do not sell your personal information in the traditional sense. (If you need a strict CCPA/CPRA “Do Not Sell/Share” clause, add it based on your exact analytics/ads setup.)

4. Infrastructure and data processing (Vercel & Supabase)

The Service is built with Next.js and may be hosted on Vercel. Backend services may be provided by Supabase, which can include authentication, database storage, and file storage.

This means certain data (such as account identifiers, session tokens, and content you store) may be processed and stored by these providers to deliver the Service.

5. Cookies and similar technologies

We use cookies/local storage and similar technologies for:

  • Strictly necessary purposes (e.g., login sessions, security).
  • Preferences (e.g., remembering settings).
  • Analytics (optional; if enabled, helps us understand usage to improve the Service).

Optional: Add a cookie banner/consent mechanism if you operate in regions where consent is required for analytics cookies.

6. Data retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion as described below.

7. Security

We use reasonable administrative, technical, and organizational measures to protect information. However, no method of transmission or storage is 100% secure.

8. Your rights and choices

  • Access and update: You may access and update certain account information via your account settings.
  • Delete: You may request deletion of your account and associated personal information, subject to legal and operational limits.
  • Opt out: You may opt out of non-essential communications. If you use optional analytics, you may have cookie controls available.

EEA/UK (GDPR) notice (if applicable)

If you are in the EEA/UK, our legal bases for processing may include: providing the Service (contract), our legitimate interests (e.g., security, improving the Service), and your consent (e.g., optional analytics where required). You may have rights to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with a supervisory authority.

California (CCPA/CPRA) notice (if applicable)

California residents may have rights to know, delete, and correct personal information, and to opt out of certain “sharing” for cross-context behavioral advertising. If you do not use targeted advertising, state that explicitly.

9. Children’s privacy

The Service is not intended for children under 13 (or the age of digital consent where you live). We do not knowingly collect personal information from children.

10. International transfers

We may process and store information in countries other than your own, including where our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice. The “Last updated” date reflects the latest version.

12. Contact us

For questions or privacy requests, contact: info@bandslide.com

Last updated: March 3, 2026