Privacy Policy

Last updated: 13 June 2026

1. Who We Are

Setlist Live is operated by Joe Basketts, based in the United Kingdom. We are the data controller for information collected through this service. You can contact us at hello@setlistlive.co.uk.

2. Information We Collect

Band / Musician Accounts

When you create an account we collect:

  • Email address and password (hashed)
  • Band name and any setlist content you add
  • Billing information — processed and stored by Paddle, not by us
  • Usage data (pages visited, features used) to improve the service

Audience Members

Audience members who vote do not need an account. We collect only:

  • An anonymous session identifier stored in your browser to prevent duplicate votes
  • Your vote (which song you selected) — not linked to any personal identifier

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve Setlist Live
  • Process your subscription and send billing-related emails
  • Send service updates and security notifications
  • Respond to your support requests
  • Comply with legal obligations

We do not sell your personal data to third parties or use it for advertising.

4. Legal Basis for Processing (UK GDPR)

  • Contract — processing your account data and subscription to deliver the service
  • Legitimate interests — usage analytics and service security
  • Legal obligation — tax and financial record-keeping

5. Third-Party Services

We share data with the following third parties only to the extent necessary:

  • Paddle.com Market Ltd — payment processing and subscription management. Paddle acts as the Merchant of Record and handles all billing data under their own Privacy Policy.
  • Vercel — hosting and infrastructure. Data may be processed on servers in the United States under appropriate safeguards.
  • Upstash — data storage. Subject to their data processing agreements and privacy policy.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes (typically 6 years in the UK).

Anonymous voting data has no personal data attached and may be retained indefinitely for analytics.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at hello@setlistlive.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

We use only essential cookies and session storage required for the service to function (e.g. keeping you logged in, preventing duplicate votes). We do not use advertising or tracking cookies.

9. Children's Privacy

Setlist Live accounts are for users aged 18 and over. We do not knowingly collect personal data from children. Audience voting is anonymous and does not require any registration.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify account holders of material changes by email. The date at the top of this page reflects when it was last updated.

11. Contact

For any privacy questions, email us at hello@setlistlive.co.uk.

Terms of ServiceRefund Policy