Band ScrumBack to Home

Privacy Policy

Last Updated: March 5, 2026 · Version 1.0.0

1. Information We Collect

Account Information

  • Name, email address, and profile photo (via Google Sign-In)
  • Band name, member roles, and band configuration

Band Data

  • Songs, setlists, events, and related content you create
  • Files and media you upload (album artwork, documents)
  • Chat messages and collaboration data within your band

Usage Data

  • Pages visited, features used, and actions taken within the Service
  • Device type, browser type, operating system, and IP address
  • Timestamps of access and session duration

Payment Data

  • Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers.
  • We receive from Stripe: subscription status, billing dates, and transaction IDs for record-keeping.

2. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information (receipts, confirmations)
  • Send administrative messages (service updates, security alerts)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends to improve the user experience
  • Detect, investigate, and prevent fraudulent or unauthorized activity

We do not sell your personal data to third parties.

3. Data Sharing

We share your information only in the following circumstances:

  • Stripe — for payment processing. Stripe's privacy policy governs their use of your data.
  • Firebase / Google Cloud Platform — our infrastructure provider. Data is stored in Firebase Firestore and Cloud Storage. Google's data processing terms apply.
  • Legal requirements — we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

4. Data Retention

  • Active accounts: Your data is retained for as long as your account is active and your subscription is current.
  • Post-cancellation: After you cancel your subscription, your data is retained for 30 days. During this period, you may request a data export. After 30 days, all data is permanently deleted.
  • Legal obligations: We may retain certain data longer if required by law.

5. Your Rights (CCPA and State Privacy Laws)

Depending on your state of residence, you may have the following rights:

  • Right to Know: You can request information about what personal data we collect, use, and disclose.
  • Right to Delete: You can request deletion of your personal data, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal data, so this right does not apply.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@bandscrum.com. We will respond within 45 days.

6. Security Measures

We implement industry-standard security measures, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Firebase Security Rules to enforce access control at the database level
  • Regular security audits and monitoring
  • Access controls limiting employee access to personal data

While we strive to protect your information, no method of transmission or storage is 100% secure.

7. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us personal information, please contact us at privacy@bandscrum.com.

8. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

9. WARRANTY DISCLAIMER

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. WE SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

10. LIMITATION OF LIABILITY

OUR TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR THE SERVICE SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID BY YOU TO BAND SCRUM DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11. BINDING ARBITRATION

ANY DISPUTE ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY SHALL BE DETERMINED BY BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION ("AAA") IN ACCORDANCE WITH ITS COMMERCIAL ARBITRATION RULES. THE ARBITRATION SHALL TAKE PLACE IN THE STATE OF MARYLAND. THE ARBITRATOR'S DECISION SHALL BE FINAL AND BINDING.

YOU UNDERSTAND AND AGREE THAT BY ACCEPTING THIS PRIVACY POLICY, YOU AND BAND SCRUM ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY AND THE RIGHT TO PARTICIPATE IN A CLASS ACTION.

12. CLASS ACTION WAIVER

YOU AND BAND SCRUM AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.

BY ACCEPTING THIS PRIVACY POLICY, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS CLASS ACTION WAIVER, UNDERSTAND IT, AND AGREE TO BE BOUND BY IT.

13. JURY TRIAL WAIVER

YOU AND BAND SCRUM HEREBY WAIVE ANY CONSTITUTIONAL AND STATUTORY RIGHTS TO SUE IN COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and revising the "Last Updated" date. Your continued use of the Service constitutes acceptance.

15. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@bandscrum.com.