Wristband ("we," "our," or "us") is a private mobile application for musicians and their touring teams. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.
We built Wristband to solve a real problem — keeping a touring team organized. We are not an advertising platform. We do not sell your data. We do not use your data to train AI models. This policy is written to be read by an actual person, not to obscure what we do.
The short version: we collect what's necessary to run the app. We store it securely. We don't sell it or share it with advertisers. You can delete your account and all associated data at any time.
Wristband is operated as an independent application. For privacy inquiries, contact us at hello@wrstbnd.app. We are the data controller for the personal information described in this policy.
| Purpose | Data used | Legal basis |
|---|---|---|
| Authenticate and maintain your account | Email, hashed password, session token | Contract performance |
| Sync app content across your team's devices | Shows, schedules, contacts, messages, bulletins | Contract performance |
| Deliver push notifications | Device push token | Contract performance / consent |
| Process and enforce subscriptions | Subscription tier, RevenueCat transaction ID | Contract performance |
| Respond to support requests | Email, account details you share with us | Legitimate interest |
| Maintain security and prevent abuse | Authentication logs, error logs | Legitimate interest |
We do not use your content (show details, messages, bulletin posts) for any purpose other than delivering it to your team and storing it on your behalf.
Wristband uses a small number of carefully chosen third-party services. Each receives only the minimum data necessary for its function.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, and real-time sync | All app content, account credentials (hashed), push tokens. Hosted on AWS. SOC 2 Type II compliant. |
| RevenueCat | In-app subscription management | Anonymous app user ID, subscription purchase records from Apple. RevenueCat does not receive your email or name. |
| Apple (APNs) | Push notifications | Device push token and notification payload (show name, bulletin title). Subject to Apple's privacy policy. |
| Bandsintown API | Auto-filling show details from ticket links | The ticket URL you paste. No account data is sent. |
We do not use Google Analytics, Meta Pixel, Mixpanel, Amplitude, Segment, or any other behavioral analytics service. We do not embed third-party advertising SDKs.
Your data is stored in Supabase's hosted PostgreSQL database, running on AWS infrastructure in the United States. All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
Access to your team's data is enforced by Row Level Security (RLS) policies at the database level — not just at the application layer. This means that even if there were a bug in the app, database-level policies prevent one team's data from being accessible to another team's users.
We limit access to production data to the minimum number of people necessary to operate the service.
We retain your data for as long as your account is active. If you delete your account:
Wristband is a team app. Content you create — shows, bulletins, schedule events, messages, contacts — is shared with other members of your team by design. Before adding members to your team, ensure they understand that their participation involves sharing of operational information.
Team admins and artists can remove members from a team. Removed members lose access to all team content immediately. Content they created (shows, bulletins, messages) remains visible to remaining team members unless individually deleted.
We send push notifications for the following events:
You can disable push notifications at any time in iOS Settings → Wristband → Notifications. Disabling notifications does not affect your account or team access.
Wristband is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at hello@wrstbnd.app and we will delete it promptly.
Depending on where you are located, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@wrstbnd.app. We will respond within 30 days. We do not charge a fee for reasonable requests.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. The categories of personal information we collect are described in Section 2 above. To submit a CCPA request, contact hello@wrstbnd.app.
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent law. The legal bases for our processing are described in Section 3. Our data is hosted in the United States. By using Wristband, you consent to the transfer of your data to the United States. We rely on Standard Contractual Clauses where required for such transfers.
If you have an unresolved concern, you have the right to lodge a complaint with your local data protection authority.
We may update this policy from time to time. If we make material changes — changes that meaningfully affect how we collect, use, or share your data — we will notify you via the email address associated with your account and update the "Last updated" date at the top of this page. Continued use of the app after notification constitutes acceptance of the updated policy.
Minor changes (such as clarifications, typo corrections, or updated third-party links) may be made without separate notification.
For any privacy-related questions, data requests, or concerns: