Privacy Policy
This Privacy Policy explains, in plain language, what Bandmate collects about you, what we do with it, who we share it with, and what choices you have. We've organized it by what you were doing on the site when the data was collected — because that's usually what people actually want to know.
What we collect when you sign up
Creating an account requires an email address and a password. We use the email to verify the account, send important service notices, and (with your separate consent) occasional product updates. We use a one-way hash of the password — we cannot see your password and cannot recover it for you. If you forget it, reset it through the "forgot password" flow on the sign-in page.
If you sign in through a third-party provider (Google, Apple, GitHub, etc.), we receive from that provider your email address, your name (if you have made it public with them), and an opaque identifier that lets us recognize your account in the future. We do not receive your password from the third-party provider.
What we collect when you post a listing
A listing contains the text you write (description, role you're filling, instrument, genre, commitment level, location), any audio or video you upload, any photo you upload, and a contact email address. The contact email is shown to other members so they can write to you. Audio, video, and photos are stored on our CDN and are served from a sub-domain so that the underlying storage location can change without breaking links.
If you upload an audio clip, we generate a server-side waveform thumbnail (a static image of the audio) so members can preview your sound without downloading the file. The thumbnail does not contain biometric data.
What we collect when you browse
When you load a page on Bandmate, our servers log the request — the URL, your IP address, the browser and operating system advertised in the request headers, and the referring page if there is one. We use this log to detect abuse, debug errors, and produce aggregate statistics ("about 12,000 listings were viewed last Tuesday"). We do not sell or rent these logs to third parties.
We also set a small set of cookies and local-storage keys to remember your session, your filter preferences (city, genre), and your light/dark mode choice. The full list is on our Cookie Policy. We do not use third-party advertising cookies on Bandmate.
What we collect when you contact another member
When you send a message through Bandmate, we deliver it to the recipient's contact email and record the fact that a contact occurred (timestamp, sender account, recipient account). We do not read the body of the message. We retain the contact record for 24 months so we can investigate complaints, then delete it.
If a contact results in a confirmed abuse report, the relevant contact records may be retained longer, in line with the general disclaimer and our internal incident-response policy.
Who we share data with
Bandmate is a small service and we share data with a small number of vendors, all under written agreements that limit what they can do with the data:
- Hosting and storage. A cloud provider that hosts our database and serves uploaded media. They process data on our behalf and are not permitted to use it for their own purposes.
- Email delivery. A transactional email provider that delivers account-verification emails, password-reset emails, and the occasional product update. They see your email address and the body of the email we send you.
- Error monitoring. An error-tracking service that receives anonymized stack traces and request metadata when something goes wrong on the site. We strip IP addresses before sending.
We also share data when legally required — for example, in response to a valid subpoena, court order, or to investigate suspected violations of our Terms. If we receive a request that we believe is overbroad, we will challenge it where the law allows.
Your choices and rights
You can update most of your account information from your dashboard. You can delete individual listings or close your entire account at any time. If you close your account, listing content is removed from public view within 24 hours and account data is permanently deleted within 30 days, except where retention is required by law.
If you are in a jurisdiction with additional rights — for example, the European Economic Area, the United Kingdom, California, or Virginia — you may also have the right to request a copy of the personal data we hold about you, correct inaccuracies, or object to certain processing. Email privacy@bandmate.co to exercise these rights. We respond within 30 days; usually much faster.
How long we keep data
Account data is kept for the lifetime of the account plus 30 days after closure, after which it is permanently deleted. Listing content is kept as long as the listing is live; if you delete a listing, the content leaves public view within 24 hours and is permanently removed from our backups within 90 days. Server logs are retained for 30 days, then aggregated into anonymous statistics and deleted.
How to reach us
Questions about this Privacy Policy, or a request to exercise your rights? Email privacy@bandmate.co. We read every message and aim to reply within two business days. Our mailing address is published on the Terms of Service.
Subscribe to our newsletter
Get the latest news and updates.
No spam. Unsubscribe anytime.
Bandmate® is the complete platform for musicians, bands, and venues to connect, collaborate, and grow. Find bandmates, discover venues, and build your music career with tools designed by musicians, for musicians.