Privacy Policy

When you register or update your artist profile, the portal asks for a working email address and phone or WhatsApp number. These are collected only where they are needed to run the service, not for resale or unrelated marketing.

Why we need them: to create and secure your account, to prevent duplicate registrations (using a one-way hash of your normalised email for lookup), so the portal operator and systems can reach you about your listing (for example approvals or abuse reports), and so other users can contact you according to the visibility you choose in your profile (for example only you and admins, collaborators you work with, or visitors when you set a field to public).

How they are stored:email and phone values are stored using application-level encryption for the sensitive fields; a non-identifying placeholder may remain in legacy columns for database compatibility. Your choices for "email visibility" and "phone visibility" control how widely each value is shown outside admin tools.

This section describes the behaviour implemented in the application. The portal operator remains responsible for the legal basis, retention periods, and any data processing agreements that apply in their jurisdiction.

When you are signed in, you may see a short status line above the site footer with your public display name (from your artist profile) and when your session cookie expires. Operator accounts with the admin role may see (admin) after the name. This is rendered by the application for your session and is separate from PostHog cookies or third-party advertising.

This portal uses PostHog to understand how the site is used and to improve it for musicians and visitors. The integration records named events and page views you trigger while browsing or using logged-in areas (for example: which pages you open, when you save your profile, or when you update availability). Automatic “click everything” capture (autocapture) is turned off; only code paths that explicitly call the analytics SDK send data.

Examples of what may be recorded include route changes as page views, artist profile views, registration submissions, and key actions in the artist or admin dashboards. Event payloads are kept minimal and are described at a high level in this policy; the portal operator configures the exact PostHog project.

After you sign in, your browser is usually redirected once to /dashboard?ph_identify=1 or /admin/dashboard?ph_identify=1 (including from local /api/dev/login in development). That flag tells the PostHog client to associate this browser with your internal artist ID - the same opaque id used for server-side events and optional feature flags - using posthog.identify. The query parameter is removed right away and does not remain in the address bar.

When enabled for a deployment, PostHog Session Replay can record a replay of how pages render and how you move, scroll, and click - similar to a screen recording of the browser tab. This helps operators reproduce bugs and improve layouts. Replay is not the same as only “event counts”: it can show structure, timing, and masked UI content for sessions that are captured.

The app initialises the PostHog client with text masking (mask_all_text: true) so that visible text in the page is masked in replays where that protection applies. Operators should still configure PostHog (for example sampling, URL filters, and retention) to match their legal and risk posture. Official product documentation: PostHog - Session replay privacy.

Local development builds typically do not record replay unless explicitly enabled. Production builds may disable replay entirely using environment variables documented for operators (NEXT_PUBLIC_POSTHOG_ENABLE_RECORDING and related flags).

Email addresses, full names, phone numbers, and similar identifiers are not attached to analytics events as custom properties. Authenticated artists are linked in PostHog to an opaque internal artist ID (a UUID). Non-identifying attributes such as province and role may be stored on that profile to support aggregate reporting.

Session replay is a separate surface from “event properties”: it may reflect what appears on screen subject to masking and PostHog settings. If you need to avoid replay entirely, use the opt-out mechanisms in section 6 or ask the operator to disable recording for the deployment.

You can stop PostHog events and session replay for this browser using any of the options below. When opt-out applies, the integration does not send analytics requests - not even manual page views.

Browser-side PostHog traffic is sent to this website's own domain first (for example the /api/ph reverse proxy path in production), then forwarded to the PostHog backend configured by the operator. That backend may be PostHog Cloud (regional ingest such as the EU or US data centre, depending on POSTHOG_HOST) or a self-hosted PostHog instance. Server-side analytics calls from this app connect to the same configured host.

The operator is responsible for listing subprocessors, data processing agreements, and any cookie banner or consent text required in their jurisdiction. This page describes what the application is built to do; it is not a substitute for legal advice.