Your privacy matters to us. This Privacy Policy explains what information BandGigz collects, how we use it, how we protect it, and your rights regarding it. By using BandGigz, you agree to the practices described in this policy.
BandGigz is operated by BandGigz LLC, an Arkansas limited liability company. References to "BandGigz," "we," "us," or "our" in this policy refer to BandGigz LLC.
Our platform is accessible at bandgigz.com and connects live music venues with performing artists.
We do not currently run any third-party analytics, advertising pixels, or behavior-tracking services on BandGigz. We do not track you across other websites.
We use the information we collect to:
We do not, and will not, sell or rent personal information to third parties. We do not use your information for behavioral advertising, and we do not allow third-party advertisers to track you through our platform.
Payment processing. A subset of your information (name, email, and — where you are an artist receiving payouts — identity and tax information required by Stripe) is used to facilitate in-platform payments and payouts through Stripe Connect. Stripe collects and processes payment and banking information directly; BandGigz does not see, store, or have access to that information. See Section 5 for details.
BandGigz processes booking payments through Stripe Connect, operated by Stripe, Inc. Payment information — card details from venues funding bookings, and bank account, routing, identity, and tax information from artists onboarding to receive payouts — is entered directly into Stripe's secure system. BandGigz does not store, see, or have access to bank account numbers, routing numbers, or card details. Stripe's handling of payment data is governed by Stripe's Privacy Policy.
BandGigz stores the following booking-related metadata, which is not the same as payment information: the booking amount, the platform fee associated with each booking, the Stripe processing fee retained on the venue's charge, the artist payout amount, the Stripe payment-intent identifier and transfer identifier for each booking, payout status, and timestamps for funding, release, and refund events. This metadata is necessary to operate the platform, present financial history to users, support dispute resolution, and meet tax and accounting obligations.
Your data is stored on Supabase's secure infrastructure, hosted in the United States. Supabase uses industry-standard encryption for data in transit (TLS) and at rest. Authentication is handled through Supabase Auth with secure password hashing and session management.
We take reasonable technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. However, no internet transmission or electronic storage system is completely secure, and we cannot guarantee the absolute security of your data.
Data breach notification. In the event of a data breach that affects your personal information, BandGigz will notify affected users by email as soon as reasonably possible after the incident is identified and assessed, and will comply with all applicable state and federal breach notification laws. Notifications will describe, to the extent known, the nature of the breach, the categories of information involved, steps BandGigz is taking in response, and recommended steps you can take to protect yourself.
If you believe your account has been compromised, please contact us immediately through the Help Center.
How to delete your account. You may request deletion of your account at any time from your profile settings using the "Delete my account" option. Submitting the request begins a 72-hour grace period during which you may cancel the request from the same place. After the grace period ends, your account is automatically de-identified by a scheduled process and your login is permanently disabled.
Holds on finalization. Deletion is held until each of the following, if applicable, is resolved: funds held in escrow tied to your account; an open dispute or chargeback; and, for venue accounts, an active gig in finalization. We will notify you if such a hold applies and process the deletion once the hold clears.
Accounts under review. If your account is flagged or suspended pending review, self-service deletion is not available. You may contact support to request closure, and the request will be processed once the review is complete (within thirty (30) days of receipt, or within the time required by applicable law). This is to prevent deletion from being used to avoid a pending for-cause removal.
What deletion does. Upon finalization, we de-identify your profile, contact information, photos, and external links. Your login email is replaced with an internal sentinel address, which frees your original email address for future re-use. Past bookings, payments, payouts, reviews, and negotiation messages tied to completed transactions are retained but de-identified, referencing a "Removed user" placeholder rather than your name or contact information.
Retention after deletion. We retain different categories of information for different purposes, as set out below:
| Category | Retention period | Purpose |
|---|---|---|
| De-identified profile shell ("Removed user" placeholder) | Indefinite | Maintains the integrity of historical bookings, payments, reviews, and dispute records that reference the account. |
| Recoverable identity snapshot (name, email, phone) | Up to 7 years | Held in a separate internal archive for tax and accounting obligations, dispute and chargeback resolution, and trust-and-safety purposes. Permanently deleted after 7 years by a scheduled purge. |
| Completed business records (bookings, payments, payouts, reviews, negotiation messages on completed bookings, dispute and enforcement records) | Retained per applicable legal, tax, accounting, and trust-and-safety obligations | Supports our legal and regulatory obligations. De-identified where reasonably possible. |
| Support messages submitted through the Help Center | 2 years | Retained to administer and improve support, independent of account deletion. |
| SMS opt-in and opt-out records | Retained as required by carrier and regulatory compliance (A2P 10DLC, CTIA) | Required independent of account deletion to demonstrate consent. |
| For-cause identifier hashes (see "Removal for cause" below) | Retained for as long as reasonably necessary to support trust-and-safety enforcement | Used to prevent re-registration following a for-cause removal. |
The 7-year retention of the recoverable identity snapshot aligns with our retention of completed-booking records and with applicable U.S. recordkeeping requirements for business records.
Removal for cause. If we remove your account for violation of our Terms of Service, for fraud, or for safety or trust reasons (a "for-cause" removal), additional consequences apply. Cryptographic hashes of your normalized email address and phone number may be retained to support enforcement against the creation of new accounts under the same identity. For artist accounts, the associated Stripe Connect payout account is permanently disqualified from receiving payouts through the platform. These additional consequences are further described in Section 13 of our Terms of Service.
Re-registration after voluntary deletion. Voluntary self-service deletion does not record any hashed identifier from your account. You are free to create a new account using the same email address or phone number. This does not apply to accounts removed for cause.
GDPR, CCPA, and other privacy rights. Where applicable law affords you a right to erasure, deletion, or correction of your personal information, you may exercise that right as described above and in the Rights sections of this Policy. Our retention of de-identified data, hashed identifiers, SMS consent records, and completed business records following a deletion request is performed under the exceptions afforded by those laws, including for compliance with legal obligations, establishment or defense of legal claims, and detection and prevention of fraud, security incidents, and abuse of the platform.
Regardless of where you live, you have the following rights with respect to the personal information we hold about you:
To exercise any of these rights, contact us through the Help Center or at the legal notice address in Section 16. We will respond within thirty (30) days, or within the time required by applicable law.
How consent is obtained. No phone number is collected at signup, and signup does not opt you in to SMS notifications. After signup, if you want to receive SMS notifications, you can enroll from your account settings (Profile → Notifications). The enrollment flow asks for a US mobile number, sends a one-time verification code via Twilio Verify to confirm you control the number, and presents a separate consent checkbox containing the verbatim disclosure of what BandGigz SMS messages cover, message frequency, costs, opt-out instructions, and our mobile-information non-disclosure commitment. You must explicitly check this consent box before SMS notifications are enabled. The verbatim consent text is published at /sms-consent.html for reference. You may turn SMS notifications off at any time from the same Notifications section. You will not receive marketing or promotional SMS messages from BandGigz unless you opt in to them separately.
Message frequency and costs. Message frequency varies based on your activity on the platform. Message and data rates may apply depending on your mobile carrier and plan. BandGigz does not charge for SMS notifications themselves.
How to opt out. You can opt out of SMS notifications at any time by:
Opting out of SMS will not affect access to your account, but you may miss time-sensitive notifications that can only be delivered by text. Email notifications will continue.
How we handle your mobile information. BandGigz does not sell, rent, share, or otherwise disclose mobile phone numbers, SMS opt-in status, SMS consent records, or any other information collected as part of the SMS notification program to any third party or affiliate for marketing, promotional, or advertising purposes. Mobile information is shared only with the service providers strictly necessary to deliver the SMS notifications a user has opted into — currently Twilio, as identified in Section 4 — and only to the extent required to send those notifications. No third party receives your mobile information for their own marketing or promotional purposes. This commitment applies whether or not you have opted in to SMS notifications.
You may not opt out of transactional emails required to operate your account (such as booking confirmations, dispute notices, or security alerts), but you may unsubscribe from any non-transactional communications via the link in those emails.
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. The rights described in Section 8 apply to you in the manner required by CCPA, including:
To exercise any CCPA right, contact us through the Help Center or at the legal notice address in Section 16. We may need to verify your identity before processing certain requests.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the EU General Data Protection Regulation (GDPR) or the UK GDPR applies to our processing of your personal data. This section describes how your rights under those regimes are handled.
BandGigz LLC, an Arkansas limited liability company, acts as the data controller for personal information collected through the BandGigz platform. Contact information is provided in Section 16.
We process your personal data on the following legal bases:
Under GDPR and UK GDPR you have the right to:
BandGigz and our service providers are based in the United States. If you are located in the EEA or UK, your personal data will be transferred to and processed in the United States. The United States does not currently have an adequacy decision from the European Commission, and we rely on your consent to the transfer (provided when you create an account) as the basis for the transfer. In the future, we may implement additional transfer safeguards (such as Standard Contractual Clauses) as the platform grows.
To exercise any GDPR or UK GDPR right, contact us through the Help Center or at the legal notice address in Section 16. We will respond within one (1) month of receipt, or notify you if an extension is required.
BandGigz is operated from the United States and our service providers' infrastructure is also based in the United States. If you access or use BandGigz from outside the United States, you acknowledge and agree that your information will be transferred to, stored in, and processed in the United States, which may have data protection laws that differ from those of your country.
By using BandGigz, users located outside the United States consent to this transfer and processing of their information in the United States. If you do not consent to this transfer, please do not use the platform. Residents of the European Economic Area and the United Kingdom should also review Section 10, which describes additional rights under GDPR and UK GDPR.
BandGigz uses only the session cookies necessary for authentication and keeping you logged in. We do not use advertising cookies, third-party tracking pixels, behavioral analytics, or services that track you across other websites.
You can disable cookies in your browser settings, but doing so will prevent you from staying logged in to BandGigz.
Do Not Track. Some browsers send a "Do Not Track" (DNT) signal to websites. Because BandGigz does not engage in cross-site tracking or behavioral advertising, we do not alter our practices in response to DNT signals — there is no tracking for us to disable. Our baseline practice already matches what a DNT signal is intended to request.
BandGigz is not intended for users under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that a minor has created an account, we will delete it promptly. If you are a parent or guardian and believe a minor is using our platform, please contact us through the Help Center immediately.
This Privacy Policy is governed by the laws of the State of Arkansas, without regard to its conflict of law provisions. Disputes arising from this Privacy Policy are subject to the dispute resolution and venue provisions set forth in the BandGigz Terms of Service.
Nothing in this Privacy Policy limits or waives any non-waivable statutory rights you may have under the data protection laws of your jurisdiction, including those described in Sections 9 and 10.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and note material changes in the changelog at the bottom of this page. For material changes, we will also notify users by email. Continued use of BandGigz after changes take effect constitutes acceptance of the updated policy.
If you do not agree to any change, you must discontinue use of the platform before the change takes effect.
Formal privacy-related requests, including requests to exercise the rights described in Sections 8, 9, and 10, and formal legal notices, may be sent to:
BandGigz LLC
Attn: Kelvin Oshea Sims Jr., Registered Agent
4379 Beacon Ct
Springdale, AR 72764
Email: bandgigzpro@gmail.com
If you have general questions or concerns about this Privacy Policy or how we handle your data, please contact us through the Help Center.
BandGigz LLC · Arkansas, United States