The Music Calendar
Legal

Data Collection Policy

Last updated: January 1, 2025 • 22 min read

1. Overview

This Data Collection Policy provides detailed information about the types of data The Music Calendar collects, how we collect it, why we collect it, and how long we retain it. This policy complements our Privacy Policy and Terms of Use.

We are committed to transparency in our data practices and believe you have the right to understand exactly what information we collect and how it's used.

2. Account and Profile Data

2.1 Account Creation Data

Collected Information:

  • • Email address (required for account creation and communication)
  • • Username (public identifier on the platform)
  • • Password (encrypted using industry-standard bcrypt hashing)
  • • Account creation timestamp
  • • Email verification status

Purpose:

Account authentication, user identification, platform access, security verification

Retention:

Retained while account is active; deleted 30 days after account closure

2.2 Profile Information

Collected Information:

  • • First and last name (optional)
  • • Profile photo/avatar
  • • Bio and description
  • • Location (city, state)
  • • Phone number (optional)
  • • Music preferences and genres
  • • Social media links (optional)

Purpose:

Profile personalization, user discovery, facilitating connections between bands and venues

Retention:

Retained while account is active; deleted 30 days after account closure

2.3 Band/Venue Business Information

Collected Information:

  • • Business name and description
  • • Business address and contact information
  • • Business type (band, venue, musician)
  • • Media files (photos, videos, audio samples)
  • • Performance history and availability
  • • Pricing and booking information
  • • Equipment and technical requirements

Purpose:

Business profile creation, discovery, facilitating bookings and connections

Retention:

Retained while account is active; archived for 90 days after account closure for dispute resolution

3. Usage and Behavioral Data

3.1 Platform Interaction Data

Automatically Collected:

  • • Pages and features accessed
  • • Search queries and filters used
  • • Time spent on different pages
  • • Click patterns and navigation paths
  • • Feature usage frequency
  • • Content interactions (views, likes, bookmarks)

Purpose:

Platform optimization, feature development, personalized recommendations, user experience improvement

Retention:

Aggregated data retained indefinitely; individual data retained for 24 months

3.2 Communication Data

Collected Information:

  • • In-platform messages between users
  • • Email correspondence with support
  • • Feedback and survey responses
  • • Support tickets and issue reports

Purpose:

Facilitating communication, customer support, dispute resolution, service improvement

Retention:

Messages retained while both parties have active accounts; support communications retained for 3 years

4. Technical and Device Data

Automatically Collected:

  • IP Address: For security, fraud prevention, and approximate location
  • Browser Type and Version: For compatibility and optimization
  • Operating System: For platform support and troubleshooting
  • Device Type: Mobile, tablet, or desktop for responsive design
  • Screen Resolution: For UI optimization
  • Cookies and Session IDs: For authentication and preferences
  • Referrer URL: To understand traffic sources
  • User Agent String: For device and browser identification

Purpose:

Security monitoring, platform optimization, fraud prevention, technical support

Retention:

Session data retained for 90 days; aggregated analytics retained indefinitely

5. Financial and Payment Data

Collected Information:

  • • Last 4 digits of payment cards (for identification)
  • • Card brand and expiration date
  • • Billing address
  • • Payment transaction history
  • • Booking and payment amounts
  • • Payment method preferences
  • • Payout account information (for bands receiving payments)

Purpose:

Payment processing, financial record-keeping, fraud prevention, tax compliance, dispute resolution

Retention:

Transaction records retained for 7 years per legal requirements; payment methods retained while active

6. Booking and Event Data

Collected Information:

  • • Event dates, times, and locations
  • • Booking requests and confirmations
  • • Contract terms and agreements
  • • Performance details and requirements
  • • Attendance and check-in data
  • • Cancellations and modifications
  • • Reviews and ratings (post-event)

Purpose:

Event management, booking coordination, performance tracking, quality assurance, dispute resolution

Retention:

Active events retained while relevant; completed events archived for 5 years for legal compliance

7. Third-Party Service Providers

We share data with trusted service providers who help us operate the platform. All providers are contractually obligated to protect your data:

Category Provider Data Shared Purpose
Cloud Hosting AWS, DigitalOcean All platform data Application hosting, data storage
Payment Processing Stripe Payment and billing info Secure payment transactions
Email Delivery SendGrid Email, name, preferences Transactional emails, notifications
Analytics Google Analytics Usage data, device info Platform analytics, insights
Error Tracking Sentry Error logs, user context Bug tracking, performance monitoring
Customer Support Intercom Account data, messages Support tickets, live chat

8. Data Retention Schedule

Comprehensive overview of how long different data types are retained:

Account Data

Active: Indefinite | After Closure: 30 days | Legal Hold: 7 years (if required)

Profile Information

Active: Indefinite | After Closure: 30 days | Anonymized: Indefinite

Business Data

Active: Indefinite | After Closure: 90 days | Legal Disputes: Until resolved

Usage Analytics

Individual: 24 months | Aggregated: Indefinite | Raw Logs: 90 days

Messages

Active Users: Indefinite | One User Deleted: 6 months | Both Deleted: 30 days

Financial Records

Transaction History: 7 years | Tax Documents: 7 years | Payment Methods: Until removed

Booking Records

Active Events: Until completion + 30 days | Completed: 5 years | Cancelled: 2 years

Support Communications

Open Tickets: Until resolution | Closed: 3 years | Critical Issues: 5 years

9. Security Measures

We implement comprehensive security measures to protect your data:

Encryption

  • • TLS 1.3 for data in transit
  • • AES-256 for data at rest
  • • Bcrypt password hashing

Access Control

  • • Role-based access (RBAC)
  • • Multi-factor authentication
  • • Principle of least privilege

Monitoring

  • • 24/7 security monitoring
  • • Intrusion detection systems
  • • Automated threat response

Compliance

  • • Regular security audits
  • • Vulnerability assessments
  • • Incident response plans

10. Your Data Control Rights

Access Your Data

Request a complete copy of all data we have about you

Correct Inaccuracies

Update or correct any inaccurate information

Delete Your Data

Request deletion of your personal information (subject to legal retention)

Export Your Data

Receive your data in a portable, machine-readable format

Restrict Processing

Limit how we use your data in certain circumstances

Object to Processing

Object to data processing based on legitimate interests

11. Changes to This Policy

We may update this Data Collection Policy periodically. Material changes will be communicated via email and in-platform notification. The "Last updated" date at the top of this policy reflects the most recent revision.

12. Contact Information

For questions about this Data Collection Policy or to exercise your data rights:

Data Protection Officer
Tafoya Ventures
Privacy Inquiries
privacy@tafoyaventures.com
General Support
support@themusiccalendar.com
Legal Department
legal@tafoyaventures.com
Effective Date: January 1, 2025
This Data Collection Policy is part of our commitment to transparency. For related information, please review our Privacy Policy and Terms of Use.