Privacy Policy - BookerPal

1. Introduction

Welcome to BookerPal ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform that connects artists with venues for tour planning and booking management.

By using BookerPal, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the site.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

Account Information: Name, email address, password, and profile details
Profile Data: Artist information, project details, social media links, and music platform profiles
Organization Data: Venue information, event details, and organizational profiles
Application Data: Event applications, withdrawal messages, and communication history
Contact Information: Email addresses for notifications and communications

2.2 Automatically Collected Information

We automatically collect certain information when you use our platform:

Usage Data: Pages visited, features used, and time spent on the platform
Device Information: IP address, browser type, operating system, and device identifiers
Log Data: Server logs, request IDs, and error tracking for debugging and monitoring
Location Data: General location information for venue and event discovery

2.3 Content and Media

We store content you upload, including:

Images: Event photos, organization pictures, and project images
Documents: Event descriptions, project details, and application materials
Social Media Content: Links to your social media profiles and music platforms

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

Provide and maintain the BookerPal platform
Process event applications and manage bookings
Facilitate connections between artists and venues
Enable project and tour management features

3.2 Communication

Send account verification and password reset emails
Provide application status updates and notifications
Send withdrawal notifications and event updates
Respond to your inquiries and support requests

3.3 Platform Improvement

Analyze usage patterns to improve our services
Debug technical issues and monitor platform performance
Develop new features and functionality
Ensure platform security and prevent fraud

3.4 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and court orders
Protect our rights and prevent misuse

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

4.1 Public Information

Event Listings: Event information is publicly visible for discovery
Organization Profiles: Venue information is publicly accessible
Project Profiles: Artist project information is publicly viewable
Application Status: Approved applications may be visible to event organizers

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform:

Email Services: SMTP providers for sending notifications
Database Services: MySQL hosting for data storage
Cloud Storage: File storage for images and documents
Analytics Services: Usage analytics and performance monitoring

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal requests from government authorities
Court orders or subpoenas
Legal proceedings or investigations
Protection of our rights and property

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption: Data encrypted in transit and at rest
Authentication: JWT-based secure authentication system
Access Control: Role-based permissions and granular access control
Secure Storage: Protected database with proper indexing and constraints

5.2 Operational Safeguards

Regular Updates: System updates and security patches
Monitoring: Comprehensive logging and error tracking
Access Logs: Detailed audit trails for all access attempts
Staff Training: Security awareness and data protection training

5.3 Data Breach Response

In the event of a data breach, we will:

Immediately investigate and contain the breach
Notify affected users within 72 hours
Report to relevant authorities as required by law
Implement additional security measures to prevent recurrence

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

Request a copy of your personal data
Export your data in a portable format
View your account information and activity logs

6.2 Correction and Updates

Update your profile information at any time
Correct inaccurate or incomplete data
Modify your privacy preferences

6.3 Deletion and Withdrawal

Delete your account and associated data
Withdraw from events and applications
Remove uploaded content and media

6.4 Communication Preferences

Opt out of marketing communications
Control notification settings
Manage email preferences

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

7.1 Account Data

Active Accounts: Retained while your account is active
Inactive Accounts: Deleted after 3 years of inactivity
Deleted Accounts: Permanently removed within 30 days

7.2 Application Data

Active Applications: Retained for the duration of the event
Withdrawn Applications: Retained for 1 year for record-keeping
Completed Events: Application data archived for 2 years

7.3 Log Data

Access Logs: Retained for 1 year for security monitoring
Error Logs: Retained for 6 months for debugging
Analytics Data: Aggregated data retained indefinitely

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. This section explains how we use these technologies and your choices regarding them.

8.1 Types of Cookies We Use

We use the following types of cookies:

Strictly Necessary Cookies: These cookies are essential for the platform to function properly. They enable core functionality such as user authentication and session management.

8.2 Authentication Cookies

We use HTTP-only authentication cookies to maintain your login session:

Cookie Name: auth_token
Purpose: To authenticate your identity and maintain your logged-in session
Duration: Session-based or up to 30 days for "Remember Me" functionality
Security: HTTP-only and Secure flags enabled (HTTPS only in production)
Type: Strictly necessary - required for the platform to function

8.3 No Tracking Cookies

We do not use:

Analytics cookies (e.g., Google Analytics)
Advertising cookies (e.g., Facebook Pixel)
Third-party tracking cookies
Social media tracking pixels

We respect your privacy and do not track your browsing behavior across other websites or use cookies for advertising purposes.

8.4 Cookie Consent

Under EU cookie law (ePrivacy Directive), strictly necessary cookies do not require consent as they are essential for the website to function. The authentication cookies we use fall into this category.

We inform you about our use of cookies through a cookie notice banner when you first visit our site. By continuing to use our platform, you acknowledge our use of these essential cookies.

8.5 Managing Cookies

You can control cookies through your browser settings:

Browser Settings: Most browsers allow you to refuse or accept cookies, delete existing cookies, or set preferences for cookie handling
Impact: Disabling authentication cookies will prevent you from logging in or maintaining a session on our platform
Opt-Out: You can clear cookies at any time through your browser settings, which will log you out of your session

Please note that disabling strictly necessary cookies may impact your ability to use certain features of our platform.

8.6 Session Storage

In addition to cookies, we use browser session storage for temporary data such as:

Pending application data (cleared when application is submitted)
Session timing information for feedback submission
Page navigation state

Session storage is automatically cleared when you close your browser and does not persist across sessions.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers:

Standard contractual clauses for data protection
Adequacy decisions by relevant authorities
Certification schemes and codes of conduct
Consent for specific transfers when required

10. Children's Privacy

BookerPal is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date at the top of this policy
Sending email notifications for material changes
Displaying prominent notices on our platform

Your continued use of the platform after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@bookerpal.com

General Inquiries: hello@bookerpal.com

Data Protection Officer: dpo@bookerpal.com

We will respond to your inquiry within 30 days of receipt.