Last updated: May 2026
Banded is a social gig diary app that lets you log, rate, and share the live music events you attend. Banded is operated from the United Kingdom.
If you have any questions about this policy or your data, contact us at hello@banded.uk.
When you create an account we collect:
When you log a gig we collect:
If you import gigs from screenshots or screen recordings of ticket apps (e.g. DICE, Resident Advisor), Banded creates private "drafts" containing the extracted gig details, the import source (screenshot or screen recording), the originating platform, and a confidence score for the extraction. Drafts are private to you until you publish them as gig logs. The original screenshots and screen recordings stay on your device — only the on-device-extracted text is sent for processing.
We use Mixpanel to understand how people use Banded so we can improve the app. Mixpanel collects:
Analytics data is processed on Mixpanel's EU servers. We do not use analytics data for advertising or share it with third parties.
Banded does not collect:
We process your personal data under the following legal bases:
| Data | Legal Basis |
|---|---|
| Account data, gig diary data, social data, wishlist data | Contract performance — necessary to provide the Banded service you signed up for |
| Profile images (avatar and banner) | Contract performance — to display your profile to other users; custom banners require a paid Banded Pro or Backstage subscription |
| Push notifications and device token | Consent — you choose to enable notifications via the iOS permission prompt; you can revoke this at any time in device settings |
| Location data | Consent — you choose to grant location access via the iOS permission prompt; you can revoke this at any time in device settings |
| Calendar access | Consent — you choose to grant calendar access; you can revoke this at any time |
| Analytics data | Legitimate interest — to understand how the app is used and improve the experience; processed on EU servers |
| Crash and performance data | Legitimate interest — to detect and fix bugs that affect app stability |
| Subscription data | Contract performance — necessary to provide the paid Banded Pro and Backstage tiers you subscribe to |
| Imported gig text (from on-device OCR) | Consent — you choose to import gigs; we process the text Apple Vision extracts on your iPhone, never the original screenshots or recordings |
Banded uses the following third-party services. For each service, we describe what data (if any) is shared and why.
Ticket click-throughs: When you tap "Get Tickets" on a Discover event, you are redirected to the third-party ticketing platform. We log the click internally — the source platform, event metadata, and your country if known — for our own analytics on which platforms drive engagement. This click log is not shared with the third-party platform. Once you arrive on the third-party site, that platform can see standard browser information (IP address, device user agent, referrer) per the normal web behaviour of any link click.
Purpose: Database, user authentication, and file storage (profile avatars and Pro/Backstage banners).
Data shared: All user data described in this policy is stored in Supabase. Authentication tokens (JWT) are managed by Supabase.
Location: Supabase infrastructure may be hosted in the EU or US. See Section 9 (International Data Transfers) below.
Purpose: To search for upcoming events, retrieve event details, and fetch artist images.
Data shared: Search parameters only — artist name, city or approximate location coordinates, date range, and genre filters. No account data or personal information is sent to Ticketmaster.
Purpose: To look up artist metadata such as biography, origin, genres, and active years.
Data shared: Artist name or MusicBrainz ID only. No user data is sent.
Purpose: To retrieve recent setlists for an artist, displayed on the artist page in Banded so you can see what they've been playing live. Setlist data is not stored against your gig logs.
Data shared: Artist name only. No user data is sent.
Purpose: Fallback source for artist images when Ticketmaster images are unavailable.
Data shared: MusicBrainz artist ID only. No user data is sent.
Purpose: Fallback source for artist images.
Data shared: Wikidata entity ID only. No user data is sent.
Purpose: Product analytics — to understand how users interact with Banded so we can improve the app experience.
Data shared: Your user ID (UUID), username, display name, and city. Mixpanel also collects automatic interaction events (app opens, screen views). No gig diary content or social data is sent to Mixpanel.
Location: Data is sent to Mixpanel's EU servers (api-eu.mixpanel.com).
Purpose: Manages in-app subscription state for Banded Pro and Banded Backstage, including entitlement checks and receipt validation.
Data shared: Your user ID (UUID), subscription tier, and the App Store receipt necessary to validate your entitlement. Payment information itself is handled exclusively by Apple via StoreKit and is not shared with RevenueCat or Banded.
Purpose: Crash reporting and performance monitoring — to detect and diagnose app crashes and serious errors so we can fix them.
Data shared: When a crash or serious error occurs, Sentry receives the stack trace, app version, device model, iOS version, and breadcrumbs (a short trail of recent in-app actions). No gig content, message content, or precise location data is included.
Purpose: When you use the gig import feature with screenshots or screen recordings of ticket apps (such as DICE or Resident Advisor), text is read from those images by Apple's Vision framework on your iPhone, and that text is then sent to Anthropic's Claude API to be parsed into structured gig details (artist, venue, date, etc.).
Data shared: Only the text that Apple's on-device Vision framework extracts from your imported screenshots or screen recordings. The screenshots and recordings themselves never leave your device. Anthropic does not use Banded's API requests to train its models, in line with the Anthropic Commercial Terms of Service.
Purpose: A privacy-respecting CAPTCHA used to protect Banded's email/password sign-up, sign-in, and password-reset endpoints from automated abuse. Sign-in with Apple bypasses this check.
Data shared: A challenge token issued by Cloudflare. Cloudflare may collect basic device and network signals as part of the challenge; it does not use behavioural biometrics or third-party cookies.
The Banded iOS app does not use web cookies. The Banded marketing site (banded.uk) does not set first-party cookies for marketing or analytics. Cloudflare's edge platform may set short-lived security cookies (such as __cf_bm) on the website to detect bots, and Cloudflare Turnstile may set a challenge cookie when verifying email/password sign-up, sign-in, or password-reset attempts. These are essential security cookies and are not used to track you across sites or build an advertising profile.
We retain your data for as long as your account is active and you continue to use Banded.
As a user in the United Kingdom, you have the following rights regarding your personal data:
To exercise any of these rights, email us at hello@banded.uk. We will respond within one month as required by law. If your request is complex, we may extend this by a further two months and will let you know.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
Banded uses Supabase as its backend infrastructure provider. Supabase may process and store data on servers located outside the United Kingdom, including in the United States and the European Union.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
Third-party music data services (Ticketmaster, MusicBrainz, Setlist.fm, Fanart.tv, Wikimedia, Apple Music) may process API requests on servers located worldwide. However, no personal user data is sent to these services — only search parameters such as artist names, locations, and dates. RevenueCat, Sentry, and Anthropic process data on infrastructure that may be located in the United States; their privacy policies (linked above) describe the safeguards in place.
Banded is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at hello@banded.uk and we will promptly delete the account and associated data.
In accordance with Apple's App Store requirements, here is a summary of the data Banded collects and its purpose:
| Category | Collected | Purpose |
|---|---|---|
| Contact Info (email) | Yes | Authentication, account recovery |
| Identifiers (user ID) | Yes | App functionality |
| Identifiers (device ID) | Yes | Push notifications (APNs token) |
| User Content (reviews, ratings, profile images) | Yes | App functionality |
| Location (coarse) | Yes | Nearby event discovery |
| Health & Fitness | No | — |
| Financial Info | No | — |
| Sensitive Info | No | — |
| Contacts | No | — |
| Browsing History | No | — |
| Search History | No | — |
| Usage Data (app interactions) | Yes | Analytics (Mixpanel) |
| Diagnostics (crashes, performance) | Yes | App stability (Sentry) |
| Purchases | Yes | Subscription entitlement (RevenueCat / Apple StoreKit) |
Banded does not use any data for tracking purposes as defined by Apple. We do not share your data with data brokers or use it for advertising.
We take reasonable measures to protect your personal data:
We may update this privacy policy from time to time. If we make material changes, we will notify you by:
We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us:
Email: hello@banded.uk