Privacy Policy

Last updated: May 18, 2026 · Effective: April 15, 2026

Your privacy matters to us. This Privacy Policy explains what information BandGigz collects, how we use it, how we protect it, and your rights regarding it. By using BandGigz, you agree to the practices described in this policy.

Who We Are
Information We Collect
How We Use Your Information
How We Share Your Information
Payment Information
Data Storage, Security, and Breach Notification
Data Retention and Deletion
Your Rights and Communication Preferences
California Residents (CCPA)
European Economic Area and United Kingdom Residents (GDPR)
International Users
Cookies, Tracking, and Do Not Track
Children's Privacy
Governing Law
Changes to This Policy
Legal Notices
General Contact

1. Who We Are

BandGigz is operated by BandGigz LLC, an Arkansas limited liability company. References to "BandGigz," "we," "us," or "our" in this policy refer to BandGigz LLC.

Our platform is accessible at bandgigz.com and connects live music venues with performing artists.

2. Information We Collect

Information you provide directly

Account information: Your name or act name, email address, and a password when you register. Passwords are never stored in plain text; they are hashed and managed by our authentication provider. If you later choose to enable SMS notifications (see Section 8), we collect and verify a US mobile phone number at that point; phone is not collected at signup.
Profile information: Bio, genre, act size, location, set length, rates, social media links, profile photos, venue photos, and performance videos.
Gig information: Gig titles, dates, descriptions, pay rates, and event flyers posted by venues.
Address information: Venue addresses and the city/region information you enter on your profile, which we use with the Google Maps Platform (Places API) to provide autocomplete suggestions. When you type in an address field, your input is sent to Google in order to return matching suggestions.
Communications: Messages exchanged with other users through our booking messaging system, and negotiation messages during the application and counter-offer process.
Reviews: Star ratings and written reviews you submit after completed bookings.
Support messages: Any messages you send through our Help Center contact form.

Information collected automatically

Authentication and session data: Login timestamps, session tokens, and the IP address associated with your sign-in activity, as logged by our authentication provider (Supabase Auth). IP addresses are used for account security, suspicious-activity detection, and fraud prevention. We do not use IP addresses for advertising, behavioral tracking, or third-party analytics.
Server logs: Basic request logs retained by our hosting and database providers for operational, debugging, and security purposes.

We do not currently run any third-party analytics, advertising pixels, or behavior-tracking services on BandGigz. We do not track you across other websites.

3. How We Use Your Information

We use the information we collect to:

Create and maintain your account.
Facilitate bookings between venues and artists, including the application, negotiation, and review process.
Send transactional notifications related to your account activity — booking confirmations, counter offers, new applicant alerts, performance reminders, review prompts, and dispute updates — via email (through our email delivery provider) and, where applicable, via SMS (through our SMS provider).
Display your public profile, ratings, and reviews to other users on the platform.
Enforce our Terms of Service, including the cancellation policy, the strike system, and dispute resolution. Some enforcement is currently performed manually by our staff; automated enforcement is being rolled out.
Respond to support requests submitted through the Help Center.
Detect, prevent, and address fraud, abuse, and security issues.
Comply with legal obligations, respond to lawful requests, and enforce our legal rights.

We do not, and will not, sell or rent personal information to third parties. We do not use your information for behavioral advertising, and we do not allow third-party advertisers to track you through our platform.

Coming soon — payment processing. BandGigz is integrating with Stripe Connect (operated by Stripe, Inc.). Once live, we will use a subset of your information (name, email, and where you are the payee, information required by Stripe for identity verification and payout) to facilitate in-platform payments and payouts. Stripe will collect and process payment and banking information directly; BandGigz will not see or store that information. We will update this Privacy Policy with a new effective date before the integration goes live.

4. How We Share Your Information

We share your information only in the circumstances described below. We do not sell or rent personal information under any circumstance.

With other users of the platform

Your public profile information — name or act name, photo, bio, genre, act size, location, ratings, and written reviews — is visible to all registered users. Reviews are displayed anonymously on public profiles (attributed as "Verified Artist" or "Verified Venue"), though we retain internal records of which user submitted each review for moderation and fraud prevention. Your email address and phone number are never displayed publicly on the platform, though limited contact information may become visible to a confirmed booking partner for coordination purposes.

With service providers (sub-processors)

We share your information with the following service providers strictly to the extent necessary for them to provide services to BandGigz:

Supabase — our database and authentication provider. Stores account data, gig and booking records, messages, and reviews. Hosted in the United States.
Vercel — our website hosting provider. Serves the BandGigz website and handles basic request routing.
Resend — our transactional email delivery provider. Receives your email address and notification content in order to send booking-related emails.
Twilio — our SMS messaging provider. Receives your phone number and notification content in order to send booking-related SMS notifications.
Google (Maps Platform / Places API) — used to provide address autocomplete when you type venue addresses, profile locations, or gig locations. Your input is sent to Google to return matching suggestions. Google's use of this data is governed by Google's Privacy Policy.

Coming soon. Stripe, Inc. will be added as a sub-processor upon launch of the Stripe Connect payment integration. Stripe will collect and process payment and banking information directly from users for booking payments and artist payouts. Stripe's practices are governed by Stripe's Privacy Policy. This Privacy Policy will be updated to reflect the integration before it goes live.

For legal reasons

We may disclose your information if required by law, court order, subpoena, or government authority, or if we believe in good faith that disclosure is reasonably necessary to (a) comply with legal process, (b) protect the rights, property, or safety of BandGigz, our users, or others, (c) detect, prevent, or address fraud, security, or technical issues, or (d) enforce our Terms of Service.

Business transfers

If BandGigz is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you and provide choices regarding your information to the extent required by applicable law.

5. Payment Information

Current state. BandGigz does not currently process payments on the platform. Payment for performances is arranged directly between the venue and the artist outside of BandGigz. As a result, BandGigz does not currently collect or store bank account numbers, routing numbers, or payment card details, and does not issue payouts.

We store only booking-related metadata: booking amounts, the platform fee associated with each booking, and booking status. This information is necessary to operate the platform and maintain booking records.

Coming soon — Stripe Connect integration. Once the in-platform payment system launches, payment information will be entered directly into Stripe's secure system and governed by Stripe's Privacy Policy. BandGigz will not store, see, or have access to bank account numbers, routing numbers, or card details. At that point BandGigz will also store payout amounts and payout status for each completed booking for tax, accounting, and dispute-resolution purposes. You can review how Stripe handles your data at stripe.com/privacy. We will notify users before this change takes effect and will update this Privacy Policy accordingly.

6. Data Storage, Security, and Breach Notification

Your data is stored on Supabase's secure infrastructure, hosted in the United States. Supabase uses industry-standard encryption for data in transit (TLS) and at rest. Authentication is handled through Supabase Auth with secure password hashing and session management.

We take reasonable technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. However, no internet transmission or electronic storage system is completely secure, and we cannot guarantee the absolute security of your data.

Data breach notification. In the event of a data breach that affects your personal information, BandGigz will notify affected users by email as soon as reasonably possible after the incident is identified and assessed, and will comply with all applicable state and federal breach notification laws. Notifications will describe, to the extent known, the nature of the breach, the categories of information involved, steps BandGigz is taking in response, and recommended steps you can take to protect yourself.

If you believe your account has been compromised, please contact us immediately through the Help Center.

7. Data Retention and Deletion

We retain your account information for as long as your account is active.

Upon account deletion, we remove or de-identify your profile, your active gig listings, and your pending applications. We retain the following even after account deletion: completed booking records, payment and payout history (once the in-platform payment system is active), reviews you have left or received, negotiation messages associated with completed bookings, and records of any disputes or enforcement actions. These records are retained indefinitely for legal, tax, accounting, trust-and-safety, and fraud-prevention purposes, and are anonymized where reasonably possible.

Support messages submitted through the Help Center are retained for two (2) years.

How to request deletion. To request deletion of your account, contact us through the Help Center or at the legal notice address in Section 16. We will complete deletion requests within thirty (30) days of receipt, or within the time required by applicable law (whichever is shorter). A self-service deletion option in account settings is planned and will be added in a future release; until then, deletion is performed manually at our end.

8. Your Rights and Communication Preferences

Regardless of where you live, you have the following rights with respect to the personal information we hold about you:

Access: Request a copy of the personal information we hold about you.
Correction: Update or correct inaccurate information. Most profile information can be updated directly through your account settings; other corrections can be made by contacting us.
Deletion: Request deletion of your account and associated personal data, subject to our retention obligations in Section 7.
Portability: Request your data in a portable, machine-readable format.
Object or restrict processing: Ask us to stop or limit our use of your information for specific purposes, where applicable law provides this right.

To exercise any of these rights, contact us through the Help Center or at the legal notice address in Section 16. We will respond within thirty (30) days, or within the time required by applicable law.

SMS notifications and consent

How consent is obtained. No phone number is collected at signup, and signup does not opt you in to SMS notifications. After signup, if you want to receive SMS notifications, you can enroll from your account settings (Profile → Notifications). The enrollment flow asks for a US mobile number, sends a one-time verification code via Twilio Verify to confirm you control the number, and presents a separate consent checkbox containing the verbatim disclosure of what BandGigz SMS messages cover, message frequency, costs, opt-out instructions, and our mobile-information non-disclosure commitment. You must explicitly check this consent box before SMS notifications are enabled. The verbatim consent text is published at /sms-consent.html for reference. You may turn SMS notifications off at any time from the same Notifications section. You will not receive marketing or promotional SMS messages from BandGigz unless you opt in to them separately.

Message frequency and costs. Message frequency varies based on your activity on the platform. Message and data rates may apply depending on your mobile carrier and plan. BandGigz does not charge for SMS notifications themselves.

How to opt out. You can opt out of SMS notifications at any time by:

Replying STOP to any SMS message from BandGigz, which will immediately unsubscribe your phone number;
Replying HELP to receive information about the messaging program;
Toggling SMS off in your account settings (Profile → Notifications); or
Contacting us through the Help Center.

Opting out of SMS will not affect access to your account, but you may miss time-sensitive notifications that can only be delivered by text. Email notifications will continue.

How we handle your mobile information. BandGigz does not sell, rent, share, or otherwise disclose mobile phone numbers, SMS opt-in status, SMS consent records, or any other information collected as part of the SMS notification program to any third party or affiliate for marketing, promotional, or advertising purposes. Mobile information is shared only with the service providers strictly necessary to deliver the SMS notifications a user has opted into — currently Twilio, as identified in Section 4 — and only to the extent required to send those notifications. No third party receives your mobile information for their own marketing or promotional purposes. This commitment applies whether or not you have opted in to SMS notifications.

Email notifications

You may not opt out of transactional emails required to operate your account (such as booking confirmations, dispute notices, or security alerts), but you may unsubscribe from any non-transactional communications via the link in those emails.

9. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. The rights described in Section 8 apply to you in the manner required by CCPA, including:

Right to know: You have the right to know what categories of personal information we collect, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it. This Privacy Policy (particularly Sections 2, 3, and 4) serves as the required disclosure.
Right to delete: You have the right to request deletion of the personal information we hold about you, subject to the exceptions in Section 7 (including legal, tax, fraud prevention, and trust-and-safety obligations).
Right to correct: You have the right to request correction of inaccurate personal information.
Right to opt out of sale or sharing: BandGigz does not sell or share personal information for cross-context behavioral advertising, and has not done so in the preceding twelve (12) months. There is nothing to opt out of in this respect.
Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. Your account standing, access to the platform, and pricing will not be affected by your exercise of these rights.

To exercise any CCPA right, contact us through the Help Center or at the legal notice address in Section 16. We may need to verify your identity before processing certain requests.

10. European Economic Area and United Kingdom Residents (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the EU General Data Protection Regulation (GDPR) or the UK GDPR applies to our processing of your personal data. This section describes how your rights under those regimes are handled.

Data controller

BandGigz LLC, an Arkansas limited liability company, acts as the data controller for personal information collected through the BandGigz platform. Contact information is provided in Section 16.

Legal bases for processing

We process your personal data on the following legal bases:

Performance of a contract (GDPR Art. 6(1)(b)): For processing necessary to provide the BandGigz service to you, including account creation, booking facilitation, and transactional communications.
Legitimate interests (GDPR Art. 6(1)(f)): For fraud prevention, security monitoring, enforcement of our Terms of Service, and platform improvement. These interests are balanced against your rights and freedoms.
Consent (GDPR Art. 6(1)(a)): For any communication or processing that goes beyond what is necessary to operate the service, including optional SMS notifications. You may withdraw consent at any time.
Compliance with legal obligations (GDPR Art. 6(1)(c)): For retention of records required by tax, accounting, or other applicable law.

Your GDPR rights

Under GDPR and UK GDPR you have the right to:

Access the personal data we hold about you
Rectification of inaccurate or incomplete personal data
Erasure ("right to be forgotten"), subject to the retention obligations in Section 7
Restriction of processing in specified circumstances
Data portability — to receive your data in a structured, commonly used, machine-readable format
Object to processing based on legitimate interests
Withdraw consent at any time where processing is based on consent
Lodge a complaint with your local Data Protection Authority if you believe your rights have been violated. For EEA residents, contact information for your country's DPA is listed at edpb.europa.eu. For UK residents, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

International data transfers

BandGigz and our service providers are based in the United States. If you are located in the EEA or UK, your personal data will be transferred to and processed in the United States. The United States does not currently have an adequacy decision from the European Commission, and we rely on your consent to the transfer (provided when you create an account) as the basis for the transfer. In the future, we may implement additional transfer safeguards (such as Standard Contractual Clauses) as the platform grows.

How to exercise your rights

To exercise any GDPR or UK GDPR right, contact us through the Help Center or at the legal notice address in Section 16. We will respond within one (1) month of receipt, or notify you if an extension is required.

11. International Users

BandGigz is operated from the United States and our service providers' infrastructure is also based in the United States. If you access or use BandGigz from outside the United States, you acknowledge and agree that your information will be transferred to, stored in, and processed in the United States, which may have data protection laws that differ from those of your country.

By using BandGigz, users located outside the United States consent to this transfer and processing of their information in the United States. If you do not consent to this transfer, please do not use the platform. Residents of the European Economic Area and the United Kingdom should also review Section 10, which describes additional rights under GDPR and UK GDPR.

12. Cookies, Tracking, and Do Not Track

BandGigz uses only the session cookies necessary for authentication and keeping you logged in. We do not use advertising cookies, third-party tracking pixels, behavioral analytics, or services that track you across other websites.

You can disable cookies in your browser settings, but doing so will prevent you from staying logged in to BandGigz.

Do Not Track. Some browsers send a "Do Not Track" (DNT) signal to websites. Because BandGigz does not engage in cross-site tracking or behavioral advertising, we do not alter our practices in response to DNT signals — there is no tracking for us to disable. Our baseline practice already matches what a DNT signal is intended to request.

13. Children's Privacy

BandGigz is not intended for users under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that a minor has created an account, we will delete it promptly. If you are a parent or guardian and believe a minor is using our platform, please contact us through the Help Center immediately.

14. Governing Law

This Privacy Policy is governed by the laws of the State of Arkansas, without regard to its conflict of law provisions. Disputes arising from this Privacy Policy are subject to the dispute resolution and venue provisions set forth in the BandGigz Terms of Service.

Nothing in this Privacy Policy limits or waives any non-waivable statutory rights you may have under the data protection laws of your jurisdiction, including those described in Sections 9 and 10.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and note material changes in the changelog at the bottom of this page. For material changes, we will also notify users by email. Continued use of BandGigz after changes take effect constitutes acceptance of the updated policy.

If you do not agree to any change, you must discontinue use of the platform before the change takes effect.

16. Legal Notices

Formal privacy-related requests, including requests to exercise the rights described in Sections 8, 9, and 10, and formal legal notices, may be sent to:

BandGigz LLC
Attn: Kelvin Oshea Sims Jr., Registered Agent
4379 Beacon Ct
Springdale, AR 72764
Email: bandgigzpro@gmail.com

17. General Contact

If you have general questions or concerns about this Privacy Policy or how we handle your data, please contact us through the Help Center.

BandGigz LLC · Arkansas, United States

Changelog

May 11, 2026

Added new “How we handle your mobile information” sub-block to Section 8 (Your Rights and Communication Preferences) inside the SMS notifications and consent subsection. The new paragraph explicitly states that BandGigz does not sell, rent, share, or otherwise disclose mobile phone numbers, SMS opt-in status, or SMS consent records to any third party or affiliate for marketing, promotional, or advertising purposes, and identifies Twilio as the sole sub-processor that receives mobile information for the purpose of delivering opted-in notifications. This carrier-required disclosure was added in response to A2P 10DLC campaign vetting requirements from The Campaign Registry (TCR), which enforces the mobile-specific non-sharing clause separately from the broader no-sale-of-personal-information commitment that already appears in Section 3.

May 6, 2026

Revised the “SMS notifications and consent” subsection of Section 8 (Your Rights and Communication Preferences) to reflect that SMS notification consent is optional and is not obtained simply by providing a phone number at signup. Phone verification and SMS notification consent are now described as two separate steps at signup, with the SMS consent checkbox unchecked by default and not required to create or use a BandGigz account. Added language describing the in-app SMS notifications toggle (Profile → Notifications) for turning SMS on or off at any time after signup, and updated the opt-out methods to reference the toggle in place of removing the phone number from account settings. This change aligns the Privacy Policy with the optional-consent model documented in Terms of Service Section 6.5 and on the public reviewer page at bandgigz.com/sms-consent.html.

April 20, 2026

Added new Section 10 (European Economic Area and United Kingdom Residents / GDPR) covering data controller identity, legal bases for processing under GDPR Art. 6, the full set of GDPR rights including lodging complaints with a Data Protection Authority, and international data transfer disclosure. Expanded Section 8 (Your Rights and Communication Preferences) with a dedicated SMS Notifications and Consent subsection describing how express consent is obtained at signup, message frequency, costs, and the full set of opt-out methods (STOP/HELP keywords, account settings, Help Center). Added Section 2 clarification that IP addresses are used for security and fraud prevention only, not advertising. Added Section 6 data breach notification commitment. Renamed Section 7 to include "Deletion" in the heading and clarified the 30-day manual deletion timeline. Added Do Not Track disclosure to Section 12. Minor cleanup of Section 5 to remove "payout amounts" from current state (currently off-platform) while retaining it in the Stripe rollout note. Updated Section 14 to clarify that statutory data protection rights are never waived. Renumbered all affected sections accordingly.

April 18, 2026

Revised for accuracy in advance of Stripe Connect integration and for completeness. Rewrote Section 2 (Information We Collect) to accurately describe authentication logs, server logs, and the absence of third-party analytics; added Google Maps Platform address autocomplete disclosure. Rewrote Section 3 (How We Use) to separate currently-active uses from the forthcoming payment processing use. Rewrote Section 4 (How We Share) to correctly list current sub-processors (Supabase, Vercel, Resend, Twilio, Google) and mark Stripe as a forthcoming sub-processor. Rewrote Section 5 (Payment Information) to reflect that payments are currently arranged off-platform. Added Section 9 (California Residents / CCPA), Section 10 (International Users), Section 13 (Governing Law), and Section 15 (Legal Notices with registered agent address). Strengthened the no-sale / no-behavioral-advertising commitment in Section 3. Clarified review display as "publicly anonymized, internally attributed" in Section 4.

April 15, 2026

Initial Privacy Policy published.