Privacy Policy

1. Introduction

StageSub is a platform for orchestras to manage musician substitutes and availability. We are committed to protecting your personal data in accordance with GDPR (General Data Protection Regulation).

2. Data Controller

Company: StageSub
Email: admin@stagesub.com

3. What Data We Collect

We collect and process the following personal data:

• Account Information: Name, email address, phone number
• Professional Information: Instrument, qualifications, availability
• Usage Data: Login history, activity logs, system interactions
• Communication Data: Messages, notifications, responses to projects

4. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide our services to you
• Legitimate Interest: To improve our platform and prevent fraud
• Consent: For marketing communications (optional)

5. How We Use Your Data

• To provide and maintain our service
• To notify you about changes to our service
• To provide customer support
• To monitor usage and improve the platform
• To detect and prevent technical issues and fraud

6. Data Sharing

We only share your data with:

• Your Orchestra: Orchestras you are associated with can see your profile and availability
• Service Providers: Hosting (Vercel, Supabase), email services (SendGrid, Resend), SMS providers (46elks, Twilio)
• Legal Requirements: If required by law or legal process

7. Data Retention

We retain your personal data for as long as:

• Your account is active
• As needed to provide you services
• As required by law (typically 7 years for accounting purposes)

Deleted musicians are soft-deleted and can be restored for 30 days, after which they are permanently deleted.

8. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a structured format
• Object: Object to certain types of processing
• Withdraw Consent: At any time, where we rely on consent

To exercise these rights, contact us at admin@stagesub.com

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encrypted data transmission (HTTPS/TLS)
• Row-level security (RLS) in our database
• Regular security updates and monitoring
• Access controls and authentication
• Activity logging and audit trails

10. International Transfers

Your data may be processed in the EU and USA. We ensure adequate safeguards through:

• EU-based hosting (Supabase EU region)
• Standard Contractual Clauses with US providers
• GDPR-compliant service providers

11. Cookies

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering your preferences (language, etc.)

We do not use tracking cookies or third-party analytics.

12. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or prominent notice on our platform.

14. Contact & Complaints

For privacy-related questions or to exercise your rights:

Email: admin@stagesub.com

You also have the right to lodge a complaint with your local data protection authority.