Privacy Policy

Last updated: 14 February 2026

1. Who We Are

Gig Manager is a workforce management platform for live event venues, used to schedule gigs, manage technical crew assignments, and coordinate venue operations. The platform is operated by Lachlan Brown Group in the United Kingdom ("we", "us", "our").

2. What Data We Collect

We collect the minimum data necessary to operate the platform:

Account information: Name, email address, phone number (techs only), hashed password
Role & assignment data: Technical roles (Audio, Lighting, Video), venue associations, gig assignments, shift types
Availability: Dates you mark as available for work
Feedback: Ratings and comments submitted after gigs
Communication data: Emails sent through the platform (subject, audience, timestamps)
Subscription data: Stripe customer/subscription IDs for venue administrators (payment details are stored by Stripe, not by us)
Push notification tokens: Browser push subscription data if you enable notifications

3. How We Use Your Data

To authenticate your login and maintain your session
To assign you to gigs and display your schedule
To send you operational notifications (assignments, swaps, cancellations)
To provide feedback and reporting to venue administrators
To manage subscriptions and billing (venue admins only)
To maintain audit logs for operational integrity and dispute resolution

4. Legal Basis for Processing

We process your data under the following GDPR legal bases:

Contract: Processing necessary to provide you with access to the platform and fulfil gig assignments
Legitimate interest: Audit logging, fraud prevention, platform security
Consent: Push notifications (you can withdraw consent at any time)

5. Cookies & Local Storage

PHPSESSID — Essential session cookie for login. Expires when you close your browser.
gm_remember — Optional "remember me" cookie for persistent login. Encrypted token, 30-day expiry.
localStorage — Cookie consent preference and push notification settings. Stored locally, never sent to the server.

We do not use any third-party tracking, analytics, or advertising cookies.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

Stripe: For payment processing (venue admin subscription data only)
Email delivery: Transactional emails are sent via our own mail server

7. Data Retention

Active accounts: Data is retained for the duration of your account
Deleted accounts: Personal data is anonymised. Audit log entries and assignment history are retained with anonymised identifiers for operational integrity
Email logs: Retained for 12 months
Audit logs: Retained for 24 months

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right of access (Art. 15): You can download all your data from your Profile page using "Download My Data"
Right to rectification (Art. 16): You can update your profile information at any time
Right to erasure (Art. 17): You can delete your account from your Profile page using "Delete My Account". Your data will be anonymised while retaining non-identifiable audit records
Right to data portability (Art. 20): Data export is available in CSV format
Right to withdraw consent: You can disable push notifications at any time from your Profile or Dashboard

9. Data Security

Passwords are hashed using bcrypt (never stored in plain text)
All data is transmitted over HTTPS/SSL
Session tokens are rotated on each login
Remember-me tokens use cryptographically secure random generation
Database access is restricted to authenticated application connections

10. Children

This platform is not intended for use by individuals under the age of 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the platform. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact

For any privacy-related queries, data access requests, or complaints, please email support@gig-manager.app.