LobbyCall

Privacy Policy

Last updated April 24, 2026

1. What we collect

When you use LobbyCall we store:

  • Account info: your name, email, hashed password (bcrypt — we never see your real password), and your role in any bands you belong to.
  • Health profile (optional): dietary restrictions, allergies, emergency contact name + phone + relationship. Visible only to the admins of your band(s) and you.
  • Tour data: shows, venues, hotels, flights, trains, guests, contacts, crew, expenses, settlements, mileage, receipts, tech docs, notes — whatever you type or upload.
  • Operational data: audit logs of mutations, rate- limit counters, idempotency records, session cookies. We need these for the Service to work and for abuse prevention.

2. How we use it

To run the product. That’s the whole story. We don’t sell your data, don’t train AI models on it, and don’t show you ads. We do use aggregated / anonymised usage signals (e.g. “X% of bands have added a flight”) to decide what to build next.

3. Who we share it with

We share only what’s necessary for third-party features you choose to use:

  • Neon (Postgres) — hosts our database. Sees everything we store on your behalf.
  • Vercel — serves the app. Sees request metadata (IP, user-agent) via ordinary web-server logs.
  • Resend — sends transactional email (sign-up verification, password reset, invites). Sees the recipient address and email body we send.
  • Cloudflare R2 — stores uploaded files (tech pack, stage plot, receipts). Sees the file bytes.
  • Anthropic — receipt OCR. Sees the one receipt image you upload; we don’t retain prompts with providers that train on them. Disabled until you use it.
  • Google Maps / Places / Directions — geocoding and driving directions. Sees venue names, addresses, and coordinates.
  • AeroDataBox / AviationStack / RTT.io — flight + UK train lookups. Sees the flight code or train headcode + date you’re asking about.

We don’t use analytics trackers or behavioural advertising cookies. The only cookies we set are the ones NextAuth uses to keep you signed in.

4. Your rights

Regardless of where you live, you can:

  • Access + export your account data as JSON from your profile page at any time.
  • Correct anything wrong by editing the relevant field in-app.
  • Delete your account from the profile page. We hard-delete the users row; band-level content you created persists if you were a member of shared bands, attributed to “(deleted user)”.
  • Ask questions by emailing hello@lobbycall.app.

EU / UK users: the above covers GDPR / UK-GDPR Articles 15–22 (access, rectification, erasure, portability, objection). We process data on the basis of contract (to provide the Service you signed up for) and legitimate interest (abuse prevention).

5. Retention

Account data lives for as long as your account does. When you delete your account, we remove the user row immediately; audit logs retain a record of the deletion itself for 90 days for abuse-prevention purposes, then are purged.

Backups: our database provider keeps point-in-time recovery snapshots for up to 30 days. A deletion propagates to those backups on natural rollover — we don’t manually scrub backups unless you specifically ask.

6. Security

Passwords are bcrypt-hashed at work-factor 13. Traffic is TLS end to end. Mutation routes require a fresh role check per request; sessions expire after 15 minutes of inactivity. We run idempotency + audit logs + rate limits across every write path. Security report? Email hello@lobbycall.app — we’ll acknowledge within 72 hours.

7. Children

LobbyCall isn’t directed at anyone under 16. If you’re a parent and believe your child created an account, email us and we’ll delete it.

8. Changes

Material changes get an email at least 14 days before they take effect. Minor clarifications get a “Last updated” bump at the top of this page.

9. Contact

For anything privacy-related: hello@lobbycall.app.