Setlist
← Back
Table of Contents

Privacy Policy

Introduction

Setlist is a hobby project built to help bands organise their setlists and songs. I take your privacy seriously, even though this is a one-person operation. This policy explains what data I collect, how I use it, and what control you have over it.

Last updated: May 2026

What I Collect

Account Information

When you sign up, I collect:
- Email address - used for login, password resets, and notifications
- Username - your unique identifier on the site
- Display name - an optional name shown to your bandmates
- Password - stored securely as an encrypted hash (I never store or see your actual password)

Profile Information

You can optionally provide:
- Profile picture - an avatar image visible to your bandmates
- And various site preference options like preferred accent colour and whether to receive notifications etc.

Band Activity

As you use Setlist, I store data about the content you create such as:
- Songs you add or suggest
- Votes you cast on songs
- Comments you leave on songs, setlists, and polls
- Setlists you create and organise
- Polls you create and vote on
- etc.

This is all core to how the service works, it's what makes Setlist useful for your band. It's also worth pointing out here that all this data is usually only visible to your own band-mates. You can optionally share setlists publically through a randomised URL (e.g. for sharing with guest/session musicians or venues) but nothing else is shared with other users of the site unless they are members of your band.

Google Sign-In

If you choose to sign in with Google, Google provides me with your email address and basic profile information. This is a one-way transfer: I do not send any of your Setlist data to Google. Google's own privacy policy governs how they handle your data on their end.

Using Google Sign-In is entirely optional, you can always use a traditional email and password instead.

How I Use Your Data

Your data is used to:
- Run the service (display songs to your band, send notifications, etc.)
- Send email verifications
- Send daily digest emails & calendar invites if you've enabled them
- Improve the service over time

That's it. Nothing sneaky. Again, it's a hobbyist project.

Third-Party Services

I use a small number of third-party services to keep Setlist running:

Plausible Analytics

I use Plausible for website analytics. Plausible is privacy-friendly and does not use cookies. It collects no personal data and cannot identify individual users. I use it simply to understand general usage patterns (e.g. how many people visited the site today).

Mailgun

I use Mailgun to deliver transactional emails (password resets, notifications, daily digests). Your email address is shared with Mailgun solely for the purpose of delivering these emails. Mailgun processes this data under their own privacy policy.

Sentry (Security Monitoring)

I use Sentry to monitor the site's security policy. When your browser detects that something on a page was blocked by the site's content security rules, it automatically sends a short report to Sentry containing the page URL and what was blocked. No personal data, account information, or page content is included in these reports.

Google OAuth

If you choose to sign in with Google, the authentication flow involves Google's servers. This is standard OAuth and only occurs when you actively choose to use Google Sign-In. No data is shared with Google beyond what's required for the authentication handshake.

Cookies

I keep it simple. Setlist uses a single session cookie to keep you logged in, and 2 other cookies to store appearance preferences and state (light vs dark theme etc.)

There are no tracking cookies, no advertising cookies, no third-party cookies.

Where Your Data Lives

Your data is stored on servers hosted by Hetzner in the European Union. Hetzner is a well-established European hosting provider with strong data protection practices.

Data Sharing and Monetisation

  • I do not sell your data. Full stop.
  • I do not share your data with third parties for marketing or advertising purposes.
  • I have no plans to monetise this service. Setlist is a hobby project, not a business.

If any of this ever changes in the future, I will notify all registered users before making any changes to how their data is used.

Deleting Your Account

You can delete your account at any time from your account preferences. Here's what happens when you do:

What Gets Deleted

  • Your personal information (email, username, display name)
  • Your profile picture
  • Your messages
  • Your band memberships
  • Your song votes
  • Your poll votes
  • Authentication tokens and password data

What Gets Kept (Anonymised)

  • Comments you left on songs, setlists, and polls - these are retained for band continuity but will show as "Deleted User" instead of your name
  • Polls you created - also retained but anonymised
  • Band Songs and Setlists you created - ditto. Personal setlists get deleted, though.

Other Details

  • Your email address and username become available for new registrations
  • You will not be able to log back in or recover your account after deletion
  • If you're the sole admin of a band with other members, you'll need to assign another admin before you can delete your account

Your Rights

Since your data is stored in the EU, you have rights under the General Data Protection Regulation (GDPR), including the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and personal data
  • Export your data

For any queries regarding your data, please contact me at [email protected]. Account deletion can be done directly from your preferences, though.

Changes to This Policy

If I make significant changes to this privacy policy, I'll notify registered users via the in-app messaging system. I'll also update the "Last updated" date at the top of this page.

Contact

If you have any questions about this privacy policy or how your data is handled, please get in touch at [email protected].