Privacy Policy

Our Terms & Conditions are Changing
We want to inform you that our Terms & Conditions (including our Privacy Policy) will be updated starting July 1, 2024. Please take a moment to review the changes. If you agree with them, no action is needed. If you disagree, please discontinue using Band Pencil by July 1, 2024. Until then, the current Terms & Conditions remain in effect.

View our new Terms & Conditions and Privacy Policy

Privacy Policy

Please read our privacy policy carefully. By signing up for, or using a service offered by Band Pencil you are agreeing to this privacy policy. Security of your data is our first priority and this page outlines some of our operating procedures and security practices.


We, our, us, Band Pencil – Band Pencil (any service offered by owned by Simon Hirst of 205 Middle Drive, Newcastle upon Tyne NE20 9LU.
You, your, user – a person logging in, signing up, or using Band Pencil.
Administrator – a person who has registered for a service offered by Band Pencil. This is not a person who is accessing Band Pencil through the member or client portal.
Support team – our employees or contractors who have access to provide support to you.
Content – anything you input into our system e.g. events, members, clients, equipment, files, invoices and contracts.


We place strict access controls over your data and are committed to ensuring that nobody has access to your data that shouldn't. If you contact our support team, you will grant them temporary access to your account so that they can provide support to you. Members of our support have strict rules and controls about what they can do with their access. The operation of our systems requires that some of our employees and contractors have access to the systems that store and process your data. Our employees and contractors are prohibited from using this access to view your data unless absolutely required.

Security Features


All passwords are stored using a non-reversible method using an industry standard hashing and salting algorithm. Users are automatically logged out of the system after a period of inactivity. Users who attempt to login with invalid credentials too many times may be temporarily blocked from Band Pencil.


We do not disclose your personal information to any third parties, except for the trusted third-party providers who assist us in delivering Band Pencil. These providers may include text messaging, email providers, and payment providers. Their involvement is limited to specific instances where users engage in activities such as sending text messages, emails, or making payments through the designated payment providers.

Cookies are small pieces of data stored in your browser when you visit our website. We may allow other business partners to use cookies and other tracking technology on our website. For example, Google Analytics may store a cookie in your browser when you visit our website, which will allow us to gather anonymised statistics about which of our pages are visited most frequently. Band Pencil only creates and reads functional cookies which are relate to your account and help us with issues like security.

We may also collect information how the site is accessed and used. This data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Your data is stored in the UK and US. Our hosting servers are based in London, UK. Wherever possible your data is processed within the UK. We may process your personal data outside of the European Union and of the country you reside in. By using Band Pencil, you consent to the transfer of your personal data to countries outside of the country you reside in and transfer data outside of the European Union.


Our data is encrypted in transit (https). Where possible, all sensitive information (e.g. names, email addresses, phone numbers, addresses, billing information etc.) are stored as encrypted values in our database. Database backups are encrypted individually, and off-site backups have full-disk encryption.


Database and file system backups are taken daily, and are stored for six months.

Third Party Processors

We reserve the right to add a third party processor without prior change to this privacy policy. Where possible we aim to update this policy within two months of adding an additional third party processor. We will never sell your data to any third party.

Stripe is used for the collection of monthly or yearly subscription payments to us. Stripe are regulated by the Financial Conduct Authority. We do not receive or store card details or billing information. When users are using Stripe you must separately agree to their terms and conditions and privacy policy.

Users can export their invoices created in Band Pencil into QuickBooks.

Mailgun is used as our email provider.

Digital Ocean & Krystal Hosting
Digital Ocean and Krystal Hosting are our hosting providers.

Cloudflare secures and ensures the reliability of our software.

JetBackup & Snap Shooter
JetBackup & Snap Shooter are our off site backup and restore providers.

Sentry handles our error tracking and performance monitoring of our software.

Google Analytics, SplitBee, Hotjar, Facebook & Twitter
The services named above are used for analytics purposes.

Data Types

We are the data controller for users using Band Pencil as an administrator. As the data controller, we will send you transactional emails such as invoices, legal document changes, and account warnings. Additionally, if you have opted-in to receive marketing emails, you may occasionally receive marketing communications from us.

Furthermore, we act as the data processor for all information added by users, including, but not limited to, your clients and members. This may involve various types of data, such as names, contact details, personal/organizational information, and any other details that you choose to collect.

It is important to note that we process data based on a contractual lawful basis, as governed by the Terms & Conditions between us and the administrator user. The administrator user will be responsible for collecting data about its own members, adhering to their own lawful processing basis.

It is essential to ensure that you have appropriate policies in place to collect and manage consent for the data being uploaded and used in Band Pencil. Obtaining proper consent is crucial to comply with data protection and privacy laws and to respect the rights of individuals whose data is involved. By using Band Pencil you agree that you have reviewed and implemented the necessary measures to obtain valid consent from data subjects before uploading and utilizing their data in Band Pencil.

Band Pencil has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to you (the data controller). Band Pencil supplies functionality to enable you to remove the data.

Legal Obligation

We may disclose your personal data in the good faith belief that such action is necessary to: To comply with a legal obligation. To protect and defend the rights or property of Band Pencil. To prevent or investigate possible wrongdoing in connection with the Service. To protect the personal safety of users of Band Pencil or the public. To protect against legal liability.

Breach Notification

In the unlikely event of a data security incident, we are committed to promptly notifying all affected users via email within 72 hours. As the data controller for the data you collect, including but not limited to your clients and members, it is possible that you may have a legal obligation to contact the relevant data protection office and individuals whose data is stored in Band Pencil if their data has been affected.

Information Requests

Users can delete all their personal data by contacting the support team for 'Right for Erasure' requests. Users can request a download of personal information in a spreadsheet format. Please contact the support team who can help with this.

Data Protection Officer

Our Data Protection Officer can be contacted via the contact page. Our Information Commissioner's Office (ICO) reference number is ZA556426. Please contact our support for the copy of this certificate.

Your Account

When you request to delete your account, we reset your account first to remove all data and then remove your account. To do this please contact us quoting your account number found on your settings page. Your account will be deleted within 28 working days.

Changes to this Document

Band Pencil reserves the right to change this document at any point without written notice. Wherever possible Band Pencil will give two-week’s notice of any changes of this document and will communication those changes with the user via in-app notification and/or email users who are subscribed to our Product Updates newsletter.

Effective date of privacy policy: 5 June 2023
Last revised: 22 May 2023
Last minor revision (correction of spelling mistakes etc.): 26 October 2023.

Try Band Pencil for Free

A better experience for your members, musicians, crews and clients
and fewer headaches for you. You’ll be set up in minutes.