Backstaged – The superfan platform for artists

Last updated: January 20, 2026

Privacy Policy

We're committed to ensuring your privacy by handling your information with transparency and care. This page outlines how we collect, store, and protect your data.

Introduction

This privacy policy explains how Backstaged and its affiliated entities ("we," "us," or "our") collect, use, store, and protect the personal information of our users.

We reserve the right to update this privacy policy at any time without prior notice. It is your responsibility to regularly review this privacy policy. Continued use of our services after any changes constitute a consent to the new version of the privacy policy.

Legal basis for processing

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, we process your personal information based on the following legal bases:

  • Legitimate interests: We primarily process your personal data based on our legitimate interests in operating and improving our platform, providing our services, ensuring security, and communicating with you about your account and transactions.

  • Contract performance: We process billing and payment information to fulfill our contractual obligations to you when you subscribe to a community or make a purchase.

  • Consent: We process marketing communications and certain optional features based on your explicit consent, which you may withdraw at any time.

  • Legal obligations: We may process and retain certain information to comply with legal obligations, such as tax and accounting requirements.

Information we collect

We collect the following types of personal information:

Account information

  • Your name: We collect your first and last name when you create an account.
  • Your email address: We collect your email address during account creation to facilitate login and important communications.
  • Username: We collect a username that you choose when creating your account, which may be displayed on the platform.
  • Newsletter preferences: If you opt in to receive marketing communications, we store your preference for receiving newsletters and promotional emails.

Payment and billing information

  • Billing information: We use Stripe to process payments securely. Stripe collects and stores your payment information, and we do not retain any payment information on our servers. We may retain billing addresses and transaction records for accounting and legal purposes.

User-generated content

  • Chat messages: When you participate in community chat features, we collect and store your messages to provide the chat functionality and maintain message history.
  • Uploaded content: We collect and store audio files, video files, images, and other content that you upload to the platform. This content is stored securely on our servers located in the EU.

Artist-specific information

If you create an artist account, we may collect additional information including:

  • Stage name: The name you use as an artist or performer.
  • Social media URLs: Links to your profiles on platforms such as Spotify, SoundCloud, and other music or social platforms.
  • Pricing information: Subscription pricing details for your community.
  • Audience size information: Information about your audience size that you provide during account creation.

Usage and technical data

  • Device and activity data: We may collect information about the device you use to access our platform, including IP address, browser type, operating system, and device identifiers, for security reasons and performance optimization.

Cookies and tracking technologies

We use cookies and similar tracking technologies to operate our platform and improve your experience:

Essential cookies

These cookies are necessary for the platform to function and cannot be disabled:

  • Session cookies: Used to maintain your login session and authentication state.
  • Security cookies: Used to protect against security threats and ensure platform integrity.

Analytics cookies

We use analytics cookies to better understand how users interact with our platform. These cookies collect anonymized usage statistics and performance metrics including pages visited, features used, session duration, and general navigation patterns. This helps us improve our services and user experience. This data is anonymized and aggregated, and we do not and cannot use it to identify individual users.

You can control cookies through your browser settings, though disabling essential cookies may impact the functionality of the platform or your user experience.

Who we share your information with

Your information will never be sold or rented to third parties for marketing purposes without your explicit consent. We may share your information with the following entities:

Artists and community managers

  • Artists you subscribe to: Your name and email address will be visible to the artist whose community you are a member of, so that they have a way of contacting you regarding your subscription, purchases, and any relevant updates or announcements you have opted in to receive.
  • Community managers: Artists may designate community managers to help manage their communities. These community managers may include members of the artist's own management team or other authorized personnel. Your name and email address will also be visible to these community managers so they can assist with community management, respond to inquiries, and facilitate communication regarding your subscription, purchases, and relevant updates or announcements you have opted in to receive.

Third-party service providers

We share your information with trusted third-party service providers who assist us in operating our platform:

  • Payment processors: We use secure, PCI-DSS compliant payment processing services to handle transactions. These services collect and store payment information in accordance with industry standards and their own privacy policies. We do not have access to your full payment card details.

  • Email service providers: We use third-party email services to send transactional emails such as account confirmations, password resets, receipts, and important account updates. These services process your email address and name for the purpose of delivering these communications.

  • Cloud storage providers: We use secure cloud storage services for storing media files (audio, video, documents) that you upload to the platform. Your uploaded content is stored securely using industry-standard security measures and redundancy.

  • Analytics providers: We use analytics services to analyze website usage, monitor performance, and improve our services. These services may collect anonymized usage data and statistics as described in their respective privacy policies.

These service providers are contractually obligated to keep your information confidential and only use it for the purposes specified by us. They are not permitted to use your personal information for their own purposes.

Legal and regulatory disclosures

  • Legal authorities: We may disclose your information when required by law, to comply with legal processes, or to respond to valid requests by public authorities, including law enforcement agencies and regulatory bodies.

Business transfers

  • Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that business transaction. We will notify you of any such change in ownership or control of your personal information.

Marketing communications

We send two types of communications:

Transactional communications

We send transactional emails that are necessary for the operation of our platform and your account, including:

  • Account verification and confirmation emails
  • Password reset requests
  • Payment receipts and invoices
  • Important account updates and security notifications
  • Service-related announcements

You cannot opt out of transactional communications as they are essential for using our platform.

Marketing communications

We may send marketing emails, push notifications, or other promotional communications to users who have explicitly opted in to receive them. Marketing communications may include:

  • Newsletters and updates about new features
  • Promotional offers and special events
  • Content recommendations and community highlights

Additionally, artists may send promotional communications (emails and push notifications) to members of their community who have opted in to receive promotional communications from them. These artist-initiated communications may include updates about the artist's work, exclusive content, events, and other promotions or marketing announcements.

Opt in: You can opt in to receive marketing communications through your account settings or during account creation. This feature may not be fully available in all areas yet, but will be implemented across the platform soon.

Opt out: You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in your account settings
  • Contacting us at support@backstaged.io

Even if you opt out of marketing communications, you will continue to receive transactional emails related to your account.

Your rights

Under applicable data protection laws, including the GDPR, you have the following rights regarding your personal information:

  • Right to access: You have the right to request access to the personal information we hold about you, including details about how we use it and who we share it with.

  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal information. You can update much of your information directly through your account settings.

  • Right to erasure (Right to be forgotten): You have the right to request deletion of your personal information. You can request account deletion at any time by contacting us at support@backstaged.io. We will delete your data promptly, except where we are legally required to retain it (such as financial records for tax purposes).

  • Right to restrict processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

  • Right to data portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another service provider where technically feasible.

  • Right to object: You have the right to object to processing of your personal information based on legitimate interests, including direct marketing. You can object to marketing communications by opting out as described in the Marketing communications section.

  • Right to withdraw consent: Where we process your personal information based on consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

Exercising your rights

To exercise any of these rights, please contact us at support@backstaged.io with details of your request. We will respond to your request within one month, though this period may be extended by up to two additional months for complex requests. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Data retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active accounts: We retain your information while your account is active and for a reasonable period afterward to allow you to reactivate your account if desired.

  • User-requested deletion: If you request deletion of your account and personal information, we will promptly delete all data we are not legally required to retain. Some data may be retained for legal compliance purposes (such as financial transaction records for tax and accounting requirements) for as long as we are legally allowed to retain it.

  • Anonymized data: We may retain anonymized and aggregated data indefinitely for analytics and service improvement purposes, as this data cannot be used to identify you.

  • Legal requirements: We may retain certain information for longer periods when required by law, such as:

    • Financial and transaction records for accounting and tax purposes
    • Records required for legal proceedings or regulatory compliance
    • Information necessary to resolve disputes or enforce agreements

After the retention period expires, we will securely delete or anonymize your personal information in accordance with our data deletion procedures.

Data security

We are committed to securing your information and have implemented both technical and organizational measures to protect the data we store:

  • Encryption: We use encryption protocols (TLS/SSL) to protect data both in transit and at rest, ensuring that unauthorized parties cannot access your information during transmission or while stored.

  • Secure storage: Your uploaded content (audio, video, files) is stored securely on our servers in the EU using industry-standard security measures.

  • Secure access controls: Access to personal data is restricted to authorized staff members only, based on their role and necessity. We implement the principle of least privilege, ensuring staff only have access to data necessary for their job functions.

  • Regular security audits: We conduct regular security audits and vulnerability assessments to identify and address potential threats and weaknesses in our systems.

  • System monitoring: We actively monitor our systems for security incidents and unauthorized access attempts.

  • Regular updates: We keep our systems and software up to date with security patches and updates.

  • Incident response: We have procedures in place to respond to security incidents and data breaches in accordance with applicable law.

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability and notifying you immediately in the event of any security incident that may affect your personal information.

Data breach notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

Our breach notification will include:

  • A description of the nature of the breach
  • The categories and approximate number of individuals affected
  • The likely consequences of the breach
  • The measures we are taking or propose to take to address the breach
  • Recommendations for steps you can take to protect yourself

We maintain incident response procedures to detect, investigate, and respond to security incidents promptly and in accordance with applicable data protection laws.

Children's privacy

Our platform is not intended for children under the age of 16 (in the European Economic Area) or 13 (in the United States). We do not knowingly collect personal information from children without parental consent.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at support@backstaged.io, and we will take steps to delete such information.

We do not verify the age of users during account creation. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as soon as possible.

Contact information

If you have any questions about this privacy policy, how we handle your personal data, or if you wish to exercise your rights under data protection laws, please contact us:

Email: support@backstaged.io

When contacting us about privacy matters, please include:

  • Your name and email address associated with your account
  • A clear description of your request or question
  • Any relevant account information to help us process your request

We aim to respond to privacy-related inquiries within one month. For complex requests, we may extend this period by up to two additional months, and we will inform you of any such extension.

While we do not have a designated Data Protection Officer (DPO), our support team handles all privacy-related requests and inquiries.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first at support@backstaged.io. We will address your concerns promptly and aim to resolve the issue in accordance with applicable data protection laws.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We are committed to working with data protection authorities to resolve any complaints and ensure compliance with applicable privacy laws.