1. Introduction
BandSync Library ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music library management service.
This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
2.1 Information You Provide
When you register and use our Service, we collect:
- Account Information: First name, last name, email address, password (encrypted)
- Organization Information: Organization name, location, website
- Payment Information: Processed securely by Stripe (we do not store full card details)
- Content: Musical piece metadata, PDF files, notes, and other library content you upload
- Communications: Feedback, support requests, and emails you send us
2.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Usage Data: Pages visited, features used, time spent, actions performed
- Device Information: Browser type, operating system, device type
- Log Data: IP address, access times, error logs
- Cookies: See our Cookie Policy for details
2.3 Information from Third Parties
- Stripe: Payment processing and subscription management data
- Brevo (Sendinblue): Email delivery statistics (opens, clicks)
3. How We Use Your Information
We use your information to:
- Provide the Service: Account management, content storage, feature access
- Process Payments: Handle subscriptions, billing, and invoices
- Communicate: Send transactional emails, trial reminders, service updates
- Improve Service: Analyze usage patterns, fix bugs, develop features
- Security: Detect fraud, prevent abuse, protect user accounts
- Legal Compliance: Comply with laws, regulations, and legal processes
- Support: Respond to inquiries and provide customer assistance
4. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contract: To provide the Service you've signed up for
- Legitimate Interests: To improve our Service, prevent fraud, and ensure security
- Consent: For marketing emails (you can opt-out anytime)
- Legal Obligation: To comply with tax and financial regulations
5. Data Sharing and Disclosure
We do not sell your personal information. We share data only in these circumstances:
5.1 Service Providers
5.2 Within Your Organization
Users in your organization can view shared library content. Organization administrators have access to user management and organization settings.
5.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.
5.4 Business Transfers
If we undergo a merger, acquisition, or sale, your information may be transferred to the new entity.
6. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for data in transit, encrypted passwords
- Access Controls: Role-based permissions, authentication requirements
- Monitoring: Security logs, intrusion detection
- Regular Updates: Security patches and software updates
- Backups: Regular automated backups for data recovery
However, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.
7. Data Retention
- Active Accounts: Data retained while your account is active
- Expired Trials: Read-only mode for 30 days, then subject to deletion
- Cancelled Subscriptions: Read-only mode, data preserved until you delete your account
- Deleted Accounts: Permanently deleted within 30 days
- Legal Requirements: Some data (financial records) may be retained longer for legal compliance
8. Your Rights (GDPR)
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: For marketing emails or optional features
To exercise these rights, contact us at privacy@bandsync.co.uk
9. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your login session
- Remember your preferences
- Analyze usage patterns
- Improve service performance
See our Cookie Policy for full details and opt-out instructions.
10. Children's Privacy
BandSync Library is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
11. International Data Transfers
Your data may be processed in countries outside the UK/EEA, including:
- United States: Stripe, Brevo (with appropriate safeguards)
We ensure adequate protection through standard contractual clauses and service provider commitments to data protection.
12. Marketing Communications
We may send you:
- Transactional Emails: Account activity, payment receipts, service updates (cannot opt-out)
- Marketing Emails: Features, tips, promotions (you can opt-out anytime)
Unsubscribe links are included in all marketing emails.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service. The "Last updated" date at the top indicates when changes were made.
14. Contact Us
For privacy-related questions or to exercise your rights:
15. Supervisory Authority
If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
By using BandSync Library, you acknowledge that you have read and understood this Privacy Policy.