Privacy Policy
Last updated: June 12, 2026
1. Data controller
ArtistHQ is a band and artist management platform operated at artisthq.app. The data controller responsible for your personal information is:
Jacob Mild (trading as ArtistHQ)
Jönköping, Sweden
Email: hello@artisthq.app
This policy explains how we collect, use, and protect your personal information when you use our website and services.
2. Information we collect
We collect the following types of information:
- Account information — your name, email address, and authentication details when you sign up or log in via our authentication provider (Supabase).
- Waitlist information — your email address when you join our waitlist.
- Billing information — when you subscribe to a paid plan, our payment provider Paddle collects the payment and billing details needed to complete your purchase. We receive only limited billing metadata — such as your plan, subscription status, billing country, and the last four digits of your card — and never see or store full card numbers.
- Content you enter — the data you enter into the platform, including shows, financial records, merch inventory, contacts, releases, documents, and related content.
- Information about other people — when you use the platform, you may enter personal information about third parties (for example contacts, crew, or band members). You are responsible for having a lawful basis to enter that information. We process it only to provide the service to you.
- Technical data — browser type, device information, and IP address collected automatically when you visit our site, and diagnostic data generated if an error occurs.
3. How and why we use your information
We process your data for the purposes described below. Where required by law (such as the GDPR), we rely on a specific legal basis for each activity:
| Activity | Data used | Legal basis |
|---|---|---|
| Providing the platform | Account & content data | Performance of contract |
| Sending waitlist updates | Waitlist information | Consent |
| Fraud prevention & security | Technical data | Legitimate interest |
| Diagnosing errors | Technical data | Legitimate interest |
| Support inquiries | Account & technical data | Legitimate interest / contract |
We do not sell your personal information. We do not use advertising networks or share your personal information for cross-context behavioral advertising.
4. Data storage and security
Your account and content data is stored using Supabase, in the EU region by default, with encryption at rest and in transit. We implement reasonable technical and organizational measures to protect your information, including access controls that isolate each workspace's data. However, no method of transmission over the internet is 100% secure.
5. Third-party services
We use the following third-party service providers to operate the platform. Each processes personal data only as needed to provide its function:
- Supabase — authentication, database, and file storage; hosted in the EU (Ireland). (privacy policy)
- Vercel — website and application hosting, plus privacy-friendly, cookieless web analytics (no cookies, no cross-site tracking). (privacy policy)
- Sentry — error and performance monitoring, which may capture technical data when an error occurs. (privacy policy)
- PostHog — privacy-friendly product analytics (EU-hosted), loaded only after you opt in via our cookie banner, to understand which features are used. Autocapture and session recording are disabled. (privacy policy)
- Paddle — payment processing and subscription billing as our merchant of record; processes your name, email, billing address, country, and payment details to complete and manage your subscription. Operated by Paddle.com Market Ltd (United Kingdom). (privacy policy)
We do not use advertising networks, marketing trackers, or cross-site behavioral tracking. Our only analytics are Vercel's cookieless web analytics and, with your consent, PostHog product analytics — both described above.
6. Payments
Paid subscriptions are billed through Paddle (Paddle.com Market Ltd), which acts as the merchant of record for your purchase. Paddle collects and processes the payment and billing information — such as your name, billing address, country, and card or other payment details — needed to complete and manage your subscription, and as merchant of record is responsible for charging and remitting any applicable sales tax or VAT. We receive only limited billing metadata (for example your plan, subscription status, billing country, and card last four) and do not store full card numbers. See Paddle's privacy policy for details of its processing.
7. Cookies
We use cookies and similar storage that are strictly necessary for the platform to function — authentication and security cookies, plus a small amount of local storage to remember your cookie choice. These are always on and need no consent.
With your consent, we also set one optional analytics cookie via PostHog (EU-hosted) to understand product usage. It is set only after you accept it in our cookie banner; you can decline, and if your browser sends a Do Not Track or Global Privacy Control signal we treat that as a decline and set no analytics cookie. We do not use advertising, marketing, or cross-site tracking cookies.
8. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Export your data in a portable format (we provide CSV export for all modules).
- Request restriction of processing of your data.
- Object to processing of your data.
- Object to automated decision-making or profiling (we do not use either).
- Withdraw consent for optional communications at any time.
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
Regulatory authorities.If you are unsatisfied with our response, you may lodge a complaint with the relevant authority in your jurisdiction. As we are established in Sweden, our lead supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). EU residents may also contact their local Data Protection Authority; UK residents may contact the Information Commissioner's Office (ICO).
9. International transfers
Your data is stored primarily in the EU. Some of our service providers (Vercel, Sentry, and our payment provider Paddle) are based in or operate from the United States and may process certain data there. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to protect it.
10. Data retention
We retain your data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.
11. Children's privacy
ArtistHQ is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Changes to this policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.
13. Contact us
If you have any questions about this privacy policy or how we handle your data, you can reach us at:
Jacob Mild (trading as ArtistHQ)
Jönköping, Sweden
Email: hello@artisthq.app