home

 

nGage.band is a comprehensive band management platform designed to help musicians and bands organize all aspects of their musical activities in one centralized system. The platform provides tools for managing songs with lyrics and chords, creating and organizing setlists, scheduling rehearsals and gigs, sharing files with band members, and coordinating calendars. With support for multiple bands per user, flexible user roles and permissions, and integration with external services like Google Calendar, Outlook, and Dropbox, nGage.band streamlines band administration so musicians can focus on what they do best: making music. The platform features a passwordless authentication system using email, SMS, or authenticator app codes, and is available both as a web application and native mobile app.

Privacy Policy

Last Updated: January 2025

1. Introduction

nGage.band (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our band management platform at app.ngage.band and related services (collectively, the “Service”).

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Account Information: Email address, name, phone number (optional, for SMS login)
  • Authentication Data: Login verification codes (temporary, expires after 15 minutes), TOTP secrets (encrypted), biometric tokens (encrypted, for native app users)
  • Profile Information: Address (optional), user preferences (e.g., dark mode), access level and role
  • Band-Related Data: Band names, descriptions, member information, song lyrics, chords, setlists, rehearsal schedules, gig information, calendar events, and shared files
  • Usage Data: Session information, access logs, and interaction data with the Service

2.2 Automatically Collected Information

  • Session Data: Session identifiers, user preferences stored in session storage
  • Technical Data: IP address, browser type, device information, operating system
  • Log Data: Error logs, cron job logs, email delivery logs (for debugging and system maintenance)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our band management services
  • Authentication: To verify your identity and manage secure access to your account
  • Communication: To send you login codes, service notifications, and important updates
  • Band Management: To enable collaboration between band members, manage shared content, and coordinate activities
  • Support: To respond to your inquiries, troubleshoot issues, and provide customer support
  • Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Storage and Security

4.1 Data Storage

  • Your data is stored on secure servers with database replication for reliability
  • We use industry-standard encryption for sensitive data (TOTP secrets, biometric tokens)
  • Login verification codes are automatically deleted after expiration (15 minutes)
  • Session data is stored securely and expires after 30 days (or 1 year for biometric-authenticated sessions)

4.2 Security Measures

  • Passwordless Authentication: We do not store passwords. Access is secured through time-limited verification codes and encrypted tokens
  • Encryption: Sensitive authentication data is encrypted at rest
  • Access Controls: User roles and permissions limit access to data based on your relationship with bands and entities
  • Secure Transmission: Data is transmitted over encrypted connections (HTTPS/TLS)
  • Regular Security Updates: We regularly update our systems to address security vulnerabilities

5. Third-Party Services and Integrations

We integrate with the following third-party services:

5.1 Calendar Services

  • Google Calendar: If you choose to sync with Google Calendar, we access your calendar data through Google’s OAuth API. This integration is optional and requires your explicit consent.
  • Outlook Calendar: If you choose to sync with Outlook Calendar, we access your calendar data through Microsoft’s OAuth API. This integration is optional and requires your explicit consent.

Data Sharing: Calendar data is synchronized only when you explicitly enable the integration. We do not share your calendar data with other third parties.

5.2 File Storage Services

  • Dropbox: If you choose to connect Dropbox for file storage, we access your Dropbox files through Dropbox’s OAuth API. This integration is optional and requires your explicit consent.

Data Sharing: File data is accessed only when you explicitly enable the integration. We do not share your file data with other third parties.

5.3 Payment Processing

  • Mollie: We use Mollie for payment processing. Payment information is handled directly by Mollie in accordance with their privacy policy and PCI DSS compliance standards. We do not store full credit card numbers or payment card details.

5.4 Communication Services

  • Email Service (SMTP): We use email services to send login codes and notifications. Email delivery logs may be stored for troubleshooting purposes.
  • SMS Service (Spryng): If you choose SMS login, we use Spryng SMS service to send verification codes. SMS delivery is handled by Spryng in accordance with their privacy policy.

5.5 Analytics and Monitoring

  • We may use error logging and system monitoring tools to maintain service quality and security. These tools may collect technical information about your device and usage patterns.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing (e.g., enabling calendar or file storage integrations)
  • Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., email providers, SMS providers, payment processors), subject to confidentiality agreements
  • Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users

7. Your Rights and Choices

Under applicable data protection laws (including GDPR), you have the following rights:

7.1 Access and Portability

  • Right to Access: You can request a copy of all personal data we hold about you
  • Right to Data Portability: You can request your data in a structured, machine-readable format

7.2 Correction and Deletion

  • Right to Rectification: You can update your account information at any time through your account settings
  • Right to Erasure: You can request deletion of your account and associated data. Note that some data may be retained for legal or legitimate business purposes (e.g., transaction records)

7.3 Restriction and Objection

  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Object: You can object to certain types of data processing

7.4 Withdrawal of Consent

  • You can withdraw consent for optional features (e.g., calendar sync, file storage integrations) at any time through your account settings

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at: mailer@ngage.band

We will respond to your request within 30 days, in accordance with applicable law.

8. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law
  • Login Verification Codes: Automatically deleted after 15 minutes
  • Session Data: Expires after 30 days (or 1 year for biometric-authenticated sessions)
  • Logs: Error logs and system logs are retained for up to 1 year for security and troubleshooting purposes

9. Children’s Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

11. Cookies and Tracking Technologies

We use session cookies and similar technologies to:

  • Maintain your login session
  • Store user preferences (e.g., dark mode)
  • Remember your selected band/entity context

We do not use third-party advertising cookies or tracking cookies for marketing purposes. You can control cookies through your browser settings, though disabling cookies may affect the functionality of our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last Updated” date
  • Sending an email notification to registered users (for significant changes)

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@ngage.band
Website: https://ngage.band

14. Data Protection Authority

If you are located in the European Economic Area (EEA) and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Note: This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We are committed to maintaining the highest standards of data protection and privacy.