Privacy Policy

Last updated: September 22, 2025

We value your privacy. This page explains what personal data we collect, how we use it, and your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

What Information We Collect

Your name and email address
Your Google user ID and login provider details
Identity metadata (authentication time, token ID, Cognito group membership)
App flags (e.g. profile status, internal musician ID)
Technical data (e.g., IP address, browser type, timestamps) collected only for security, fraud prevention, and debugging

Some of this data is stored in a secure, encrypted session cookie while you're logged in. Other data (such as profiles, jobs, and messages) is stored in our database to support site functionality.

Why We Collect Your Data

Authenticate your identity
Provide access to and manage your musician profile
Enable posting and discovery of jobs
Facilitate messaging between users
Process payments for premium services (via Stripe)
Maintain secure sessions while you use the site
Protect the site against fraud, abuse, and technical errors

We do not sell your data or use it for advertising, tracking, or marketing beyond providing and improving the core functionality of the site. We may disclose personal information if required to do so by law or in response to valid legal processes.

Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

Contractual Necessity: This is our legal basis for processing the data essential to provide the core services of the website. This includes processing your profile information, job postings, and messages to facilitate the connection between musicians and employers, as this is a fundamental part of the service you have requested.

Legitimate Interest: We rely on this basis for processing data that is not strictly necessary for the contract but is in our legitimate interest to ensure the security and functionality of the site. This includes using your Google user ID for authentication and storing session data to maintain a secure connection while you are logged in. We have conducted a Legitimate Interests Assessment and concluded that this processing is necessary and does not override your fundamental rights and freedoms.

We do not intentionally collect sensitive categories of data or use your information for profiling or automated decision-making.

How Long We Keep Your Data

When you log in, we create a temporary, secure session cookie in your browser. This cookie allows us to recognize you as you move between pages — for example, so you don’t have to log in again on every click. The session cookie contains only a signed token and minimal metadata (such as login time and expiration). It does not store sensitive personal data. The token is cryptographically signed using our application’s secret key, which prevents tampering, but it is not human-readable or usable outside our system. Your session data is automatically deleted when you log out or when the session expires. We do not use cookies for tracking, marketing, or advertising purposes.

We retain your profile, job postings, and messages for as long as your account is active. If you delete your account, these records will be removed or anonymized within a reasonable period, except where retention is required by law (e.g., financial transactions).

How Your Data Is Stored and Shared

Stored in our database hosted on Amazon Web Services (AWS), encrypted at rest and in transit
Authentication handled by Amazon Cognito and Google
Payments processed securely by Stripe (we never store card numbers)
Traffic routed and protected by Cloudflare

These providers act as our data processors and handle information only on our behalf. You can view their privacy policies: Google, Stripe, AWS, Cloudflare.

As we operate from the United States and use U.S.-based service providers (Amazon Web Services, Stripe, etc.), your personal data is transferred to and processed in the United States. The United States is not considered to have a data protection framework equivalent to that of the European Economic Area (EEA). To ensure your data is adequately protected, we have implemented appropriate safeguards. We rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, which contractually obligate our service providers to protect your personal data in accordance with EU standards.

Communications Between Musicians and Hirers

When you use Vouch-Gigs.com to contact another musician or apply for a gig, you may send a short written message (for example, a cover note) or other communications through our platform.

How We Use These Communications

Moderation & Safety: We may review communications if they are reported for abuse, spam, or other policy violations.
Support: Our support team may access messages only when necessary to resolve technical issues or disputes.

Retention

Messages are stored for up to 6 months after the related gig or interaction ends. After this period, messages are automatically deleted from our systems unless required by law or explicitly saved by the musician or hirer.

Privacy & Access

Only the sender, the recipient, and authorized Vouch-Gigs.com staff (when moderating or providing technical support) can view these communications. We do not sell or share the content of communications with third parties for advertising purposes.

Communications Between Musicians and Hirers

When you use Vouch-Gigs.com to contact another musician or apply for a gig, you may send a short written message (for example, a cover note) or other communications through our platform.

How We Use These Communications

Moderation & Safety: We may review communications if they are reported for abuse, spam, or other policy violations.
Support: Our support team may access messages only when necessary to resolve technical issues or disputes.

Retention

Privacy & Access

Your Rights

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Ask us to correct any inaccurate or incomplete data
Right to Erasure: Request that we delete your personal data
Right to Restrict or Object: Limit or object to how we process your data in certain circumstances
Right to Lodge a Complaint: File a complaint with a data protection authority
For California residents, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information is collected about you, the right to delete your personal information, the right to correct inaccurate personal information, and the right to opt-out of the sale or sharing of your personal information. Please note that we do not sell or share your personal information.

To make any request, please contact us at: [email protected]

Children’s Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect data from children. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us.

Cookies

We use a session cookie to securely store your login information while you are actively using the site. This cookie is essential for the basic functionality of the site and does not require user consent. We do not use tracking or marketing cookies for advertising purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the site before the changes take effect.

Contact

If you have any questions about this policy or your data, please contact:

Vouch Solutions LLC
[email protected]
United States