Privacy Policy
Last Updated: January 1, 2025
Island Gigs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile and web applications that connect musicians/artists with venues.
By using Island Gigs, you agree to the collection and use of information in accordance with this policy.
1. Data Controller & Platform Overview
The data controller responsible for your personal data is:
Island Gigs
Email: support@island-gigs.live
Website: https://island-gigs.live
Address: [Your Company Address in Cyprus]
About Our Platform:
Island Gigs is a two-sided marketplace within a single application that connects:
- Musicians/Artists: Search for gig opportunities, apply for bookings, and connect with venues
- Venues: Post gig opportunities, review artist applications, and book talent
This Privacy Policy applies to both user types and all associated services.
2. Information We Collect
2.1 Information You Provide
Account Information:
- Name and email address
- Profile photo (optional)
- Authentication data (Google Sign-In, Apple Sign-In)
- Username and password (if applicable)
For Musicians/Artists:
- Stage name or band name
- Genre and musical style
- Performance experience and bio
- Equipment and technical requirements
- Media files (photos, audio samples, videos)
- Availability and location preferences
- Performance fee expectations
For Venues:
- Venue name and type
- Business address and contact information
- Venue capacity and facilities
- Photos of the venue
- Gig posting details (dates, genres, compensation)
- Payment information for subscriptions
2.2 Automatically Collected Information
- Device Information: Device type, operating system, browser type
- Usage Data: Pages viewed, features used, session duration, search queries
- Location Data: Approximate location (city/region) for gig matching
- Log Data: IP address, access times, error logs
2.3 Information from Third Parties
- Google Sign-In: Name, email, profile picture
- Apple Sign-In: Name, email (or private relay email)
- Payment Processors: Transaction status and payment confirmations
3. How We Use Your Information
We use your information for the following purposes:
Essential Service Functions:
- Create and manage your account
- Connect musicians with venues and vice versa
- Process gig applications and bookings
- Facilitate messaging between users
- Process subscription payments (for venue accounts)
Service Improvement:
- Personalize gig recommendations
- Improve search and matching algorithms
- Analyze usage patterns and trends
- Develop new features
Communication:
- Send account notifications and updates
- Respond to support requests
- Send important service announcements
- Marketing communications (with your consent)
Safety and Security:
- Detect and prevent fraud
- Enforce our Terms of Service
- Protect against abuse and spam
- Maintain audit logs for security
4. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases as required by GDPR:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and management | Contract performance | Article 6(1)(b) |
| Gig matching and applications | Contract performance | Article 6(1)(b) |
| Payment processing | Contract performance | Article 6(1)(b) |
| Marketing communications | Consent | Article 6(1)(a) |
| Service improvement and analytics | Legitimate interest | Article 6(1)(f) |
| Fraud prevention and security | Legitimate interest | Article 6(1)(f) |
| Legal compliance and audit logs | Legal obligation | Article 6(1)(c) |
6. Data Retention
We retain your personal data for specific periods based on the purpose:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion + 30 days | Service provision and recovery period |
| Gig Postings | 12 months after gig date | Historical records and analytics |
| Applications and Messages | 12 months after last activity | Communication history |
| Payment Records | 7 years | Tax and legal compliance |
| Audit Logs | 3 years | Security and GDPR compliance |
| Marketing Consents | Until withdrawn + 30 days | Consent management |
Account Deletion: When you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).
7. Your Privacy Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restrict Processing
Limit how we use your data in certain situations
Right to Data Portability
Receive your data in machine-readable format
Right to Object
Object to processing based on legitimate interests
Automated Decision-Making
Right not to be subject to solely automated decisions
Right to Withdraw Consent
Withdraw consent at any time where we rely on it
How to Exercise Your Rights
In-App: Settings → Account → Privacy & Data
By Email: support@island-gigs.live with subject "Privacy Rights Request"
Response Time: We will respond within 30 days of your request
Right to Lodge a Complaint
If you believe we have not handled your data properly, you have the right to lodge a complaint with:
Cyprus Commissioner for Personal Data Protection
Website: www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure authentication (JWT tokens, OAuth)
- Regular security updates and patches
- Automated backup systems
Organizational Measures:
- Access controls and authentication
- Employee training on data protection
- Regular security audits
- Incident response procedures
- Audit logging of data access
Data Breach Notification: If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
9. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA):
Data Storage Locations:
- Primary: European Union (EU-based servers)
- Third Parties: United States (Google, Apple, Stripe)
When we transfer data outside the EEA, we ensure appropriate safeguards:
- EU-US Data Privacy Framework (for US companies)
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- Adequacy decisions by the European Commission
10. Children's Privacy
Age Restriction: Island Gigs is not intended for individuals under 16 years of age (or the applicable age of digital consent in your jurisdiction).
We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our service or provide any personal information.
If we learn that we have collected personal data from a child under 16 without parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us at support@island-gigs.live.
12. Third-Party Links and Services
Our service may contain links to third-party websites, social media profiles, or streaming platforms (e.g., musician portfolio sites, YouTube, Spotify).
Important: We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.
13. Marketing Communications
We may send you marketing communications about:
- New features and updates
- Gig recommendations based on your preferences
- Special promotions and events
- Platform news and announcements
Opt-Out Options:
You can opt out of marketing communications at any time:
- Email: Click "Unsubscribe" in any marketing email
- In-App: Settings → Notifications → Marketing
- Contact Us: Email support@island-gigs.live
Note: You will still receive essential service communications (account notifications, booking confirmations) even if you opt out of marketing.
14. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
To exercise these rights, contact us at support@island-gigs.live
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
How We Notify You:
- In-app notification of material changes
- Email notification to your registered address
- Updated "Last Updated" date at the top of this policy
Your Continued Use: By continuing to use Island Gigs after changes become effective, you accept the updated Privacy Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Island Gigs
Email: support@island-gigs.live
Subject Line: "Privacy Policy Inquiry"
Address: [Your Company Address in Cyprus]
For Privacy Rights Requests:
Email: support@island-gigs.live
Subject: "Privacy Rights Request - [Your Request Type]"
We aim to respond within 30 days.
By using Island Gigs, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.