Privacy Policy

1. Introduction

BandSync ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services at BandSync.co.uk, App.BandSync.co.uk, and Library.BandSync.co.uk.

BandSync is a product of Harvey-Wallace. Robert Harvey-Wallace trading as Harvey-Wallace is the data controller for the purposes of applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account Information

When you create an account or use our services, we may collect:

• Name and contact information (email address)
• Band or organisation name
• Instrument and section information
• Event attendance and availability data
• Music library data (titles, composers, parts)

Automatically Collected Information

When you use our services, we may automatically collect:

• IP address and general location data
• Browser type and version
• Device information
• Usage patterns and feature interactions

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain our services
• Send event notifications and reminders
• Process availability responses
• Store and organise your music library data
• Improve our products and user experience
• Respond to support requests
• Process subscription payments
• Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

• Contract: Processing necessary to provide our services to you
• Consent: Where you have given clear consent for us to process your data
• Legitimate interests: Processing necessary for our legitimate business interests
• Legal obligation: Processing necessary to comply with UK law

5. Data Sharing

We do not sell your personal information. We may share your data with:

• Your band/organisation: Event responses and availability are shared with band administrators
• Service providers: Third-party services that help us operate (hosting, email, payments)
• Legal requirements: When required by law or to protect our rights

Third-Party Services

Our services use the following third-party providers:

• Vercel: Website and application hosting
• Maileroo: Email delivery
• Stripe: Payment processing (for subscriptions)

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account, we will delete your personal data within 30 days, except where we need to retain it for legal or legitimate business purposes.

7. Your Rights

Under UK data protection law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Restriction: Request restriction of processing
• Portability: Request transfer of your data
• Object: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time

To exercise any of these rights, please contact us at support@bandsync.co.uk

8. Security

We implement appropriate technical and organisational measures to protect your personal data. All data transmission uses HTTPS encryption, and we regularly review our security practices.

9. Cookies

Our services use cookies to:

• Essential cookies: Required for authentication and core functionality
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how you use our services

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through our services.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

12. Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint