Privacy Policy
Last updated: April 13, 2026
1. Data controller
ArtistHQ ("we", "us", "our") is a band and artist management platform operated at artisthq.app. The data controller responsible for your personal information is:
ArtistHQ
Email: privacy@artisthq.app
This policy explains how we collect, use, and protect your personal information when you use our website and services.
2. Information we collect
We collect the following types of information:
- Account information — your name, email address, and authentication details when you sign up or log in via our authentication provider (Supabase).
- Waitlist information — your email address when you join our waitlist.
- Usage data — the data you enter into the platform, including shows, financial records, merch inventory, contacts, releases, documents, and related content.
- Technical data — browser type, device information, and IP address collected automatically when you visit our site.
3. How and why we use your information
We process your data for the purposes described below. Where required by law (such as the GDPR), we rely on a specific legal basis for each activity:
| Activity | Data used | Legal basis |
|---|---|---|
| Providing the platform | Account & usage data | Performance of contract |
| Sending waitlist updates | Waitlist information | Consent |
| Fraud prevention & security | Technical data | Legitimate interest |
| Support inquiries | Account & technical data | Legitimate interest / contract |
We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.
4. Data storage and security
Your data is stored securely using Supabase, which provides encryption at rest and in transit. We implement reasonable technical and organizational measures to protect your information. However, no method of transmission over the internet is 100% secure.
5. Third-party services
We use the following third-party services to operate the platform:
- Supabase — authentication, database, and file storage (privacy policy).
- Vercel — hosting and deployment (privacy policy).
We do not use any third-party analytics, advertising, or tracking services.
6. Cookies
We only use cookies that are strictly necessary for the platform to function, specifically authentication session cookies set by Supabase. We do not use advertising, analytics, or tracking cookies. Because these cookies are essential for the service to work, no consent banner is required under GDPR.
7. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Export your data in a portable format (we provide CSV export for all modules).
- Request restriction of processing of your data.
- Object to processing of your data.
- Object to automated decision-making or profiling (we do not currently use either).
- Withdraw consent for optional communications at any time.
- Lodge a complaint with a supervisory authority (see table below).
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
Regulatory authorities
If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant authority in your jurisdiction:
| Jurisdiction | Regulatory Authority |
|---|---|
| European Union | Your local Data Protection Authority (DPA) |
| United Kingdom | Information Commissioner's Office (ICO) |
| Australia | Office of the Australian Information Commissioner (OAIC) |
| California (USA) | California Privacy Protection Agency (CPPA) |
8. Jurisdiction-specific rights
European Union (GDPR)
If you are located in the EU, your data is processed in accordance with the General Data Protection Regulation (GDPR). You have the right to lodge a complaint with your local Data Protection Authority. If ArtistHQ does not have an establishment in the EU, we will appoint an EU Representative under Article 27 of the GDPR and publish their contact details here.
United Kingdom (UK GDPR)
Your data is processed in accordance with the UK GDPR and the Data Protection Act 2018. You may lodge a complaint with the Information Commissioner's Office (ICO). If ArtistHQ does not have an establishment in the UK, we will appoint a UK Representative under Article 27 of the UK GDPR and publish their contact details here.
Australia (Privacy Act 1988)
Your data is handled in accordance with the Australian Privacy Principles (APPs). Your data may be disclosed to service providers located in the United States and any other country where our infrastructure providers (Supabase and Vercel) maintain servers.
If you believe we have breached the APPs, you may contact us to make a complaint. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days. If you are unsatisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).
United States
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, or another state with consumer privacy legislation, the following additional rights apply:
- Do Not Sell or Share — We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Non-Discrimination — We will not deny you services, charge different prices, or provide a different level of quality for exercising your privacy rights.
- Right to Appeal — If we deny a data request, you may appeal our decision by contacting us. We will respond to your appeal within 60 days.
- Sensitive Information — We do not collect sensitive personal information as defined under the CCPA/CPRA (such as precise geolocation, racial or ethnic origin, or financial account credentials).
9. Data retention
We retain your data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.
10. International transfers
Your data may be processed in countries outside your own, including the United States and any other country where our infrastructure providers (Supabase and Vercel) maintain servers. We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection laws, including Standard Contractual Clauses where required.
11. Children's privacy
ArtistHQ is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Changes to this policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.
13. Contact us
If you have any questions about this privacy policy or how we handle your data, you can reach us at:
ArtistHQ
Email: privacy@artisthq.app