Privacy Policy

Effective Date: 1 November 2025

Introduction

TourNote ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our tour management platform.

By using TourNote, you agree to the collection and use of information in accordance with this policy.

Data Controller

Christopher Thomas Collis

Email: [email protected]


For formal data protection requests, we will provide our full contact details upon request.

Information We Collect

Account Information

  • First and last name
  • Email address
  • Password (encrypted using bcrypt)
  • Time zone preference

Tour and Show Data

  • Band name and member information
  • Tour dates, venues, and show details
  • Promoter contact information (name, email, phone, Instagram)
  • Venue contacts and technical specifications
  • Show logistics (load-in times, stage times, curfews, etc.)
  • Custom notes and documents

Technical Information

  • IP address and session data
  • Device tokens for iOS push notifications
  • Browser type and operating system
  • Login timestamps and activity logs

Contact Form Submissions

  • Name, email, phone number, and message content when you contact us for support

Legal Basis for Processing Your Data

Under the General Data Protection Regulation (GDPR) and UK data protection law, we process your personal data on the following legal bases:

• Performance of Contract: To provide tour management services, process your subscription, and enable collaboration features

• Legal Obligation: To comply with tax, accounting, and financial regulations

• Legitimate Interest: To improve our services, prevent fraud, ensure security, and provide customer support

• Consent: To send you marketing communications (where applicable - you can withdraw consent at any time)

How We Use Your Information

We use your personal information to:

  • Provide and maintain our tour management services
  • Process your subscription and manage payments
  • Send advance sheets to promoters and venues on your behalf
  • Enable collaboration between band members
  • Send you essential service updates and notifications
  • Respond to your enquiries and provide technical support
  • Improve our services and develop new features
  • Ensure the security and integrity of our platform
  • Comply with legal obligations

Cookies and Similar Technologies

TourNote uses essential cookies to provide our service:

• Session cookies to keep you logged in and manage your authentication

• Security cookies to prevent fraud and protect your account


These cookies are necessary for TourNote to function and cannot be disabled. You can control cookies through your browser settings, though disabling them will prevent you from using TourNote.

Third-Party Services

We use the following third-party services to operate TourNote. Each processes data in accordance with their own privacy policies:

Lemon Squeezy

Payment processing. Lemon Squeezy handles all payment card information. We never store payment card details on our servers.

Privacy Policy: https://www.lemonsqueezy.com/privacy

Resend

Email delivery for advance sheets, notifications, and password resets.

Privacy Policy: https://resend.com/legal/privacy-policy

Hetzner

Server hosting, database storage and backups (via Litestream), and object storage for files. Data is stored in Germany within the EU.

Privacy Policy: https://www.hetzner.com/legal/privacy-policy

Apple Push Notification Service

Push notifications for the iOS app. Device tokens are used to deliver notifications.

Privacy Policy: https://www.apple.com/legal/privacy/

Google Places API

Venue location autocomplete and mapping services.

Privacy Policy: https://policies.google.com/privacy

Data Security

We implement appropriate technical and organisational security measures to protect your personal information:

• Passwords are encrypted using industry-standard bcrypt hashing (cost factor 12)

• All data transmission uses SSL/TLS encryption

• Secure authentication and session management

• Payment information is processed securely by Lemon Squeezy and never stored on our servers

• Regular security updates and monitoring

• Database backups are encrypted and stored securely


However, no method of transmission over the internet or electronic storage is 100% secure. Whilst we strive to protect your data using industry best practices, we cannot guarantee absolute security.

Data Retention

We retain your personal information as follows:

  • Active accounts: Data is retained for as long as your account remains active
  • Deleted accounts: Personal information is permanently deleted when you delete your account
  • Financial records: Payment records are retained for 7 years to comply with UK tax and accounting requirements
  • Support enquiries: Contact form submissions are retained for 2 years

Some metadata may be retained longer for legal, security, or administrative purposes (e.g., fraud prevention logs).

International Data Transfers

Your data is primarily stored within the European Union (Germany, via Hetzner). Some third-party services (Lemon Squeezy, Resend, Apple) may process data in other jurisdictions including the United States.


When data is transferred outside the EU/UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission

• Adequacy decisions by the UK and EU authorities

• Third-party certifications and compliance frameworks

Your Rights

Under UK GDPR and data protection law, you have the following rights:

• Right to Access: Request a copy of your personal information

• Right to Rectification: Correct inaccurate or incomplete information

• Right to Erasure: Request deletion of your account and personal data

• Right to Restrict Processing: Limit how we use your information

• Right to Data Portability: Receive your data in a machine-readable format

• Right to Object: Object to processing based on legitimate interests

• Right to Withdraw Consent: Withdraw consent for marketing communications at any time

How to Exercise Your Rights

To exercise any of these rights:

• Email us at [email protected] or [email protected]

• Manage your settings within your TourNote account

• Use the unsubscribe link in marketing emails


We will respond to your request within 30 days.

Right to Lodge a Complaint

If you believe your data protection rights have been breached, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):


Information Commissioner's Office

Website: https://ico.org.uk

Telephone: 0303 123 1113

Marketing Communications

We may send you marketing communications about new features, updates, or special offers if you have consented to receive them. You can unsubscribe at any time by:

• Clicking the unsubscribe link in any marketing email

• Contacting us at [email protected]

• Updating your preferences in your account settings


We will never sell your data to third parties for their marketing purposes.

Automated Decision-Making

TourNote does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Business Transfers

If TourNote is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information, and any choices you may have regarding your personal information.

Children's Privacy

TourNote is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from a child under 13, please contact us immediately at [email protected] and we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Updating the effective date at the top of this policy

• Sending you an email notification (where appropriate)

• Displaying a prominent notice on our website or app


Your continued use of TourNote after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us at:


Email: [email protected]


We aim to respond to all enquiries within 7 business days.

Last updated: 1 November 2025