Privacy Policy

This policy explains how Request It Live Ltd (“Company”, “we”, “us”, “our”) collects, uses, and protects your personal data when you use the Request-it.live platform.

Effective Date: 16 February 2026 · Last Updated: 16 February 2026

1. Data Controller

The data controller responsible for your personal data is:

Request It Live Ltd

Email: privacy@request-it.live

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Irish Data Protection Act 2018.

2. Data We Collect

2.1 Account & Profile Data (Performers)

When you register as a performer, we collect:

Email address and authentication credentials
Stage name, bio, and profile photo
Music styles and performer type
Social media handles (Instagram, TikTok, YouTube) and website URL
Location preferences (city, address, coordinates for venue matching)
Band member names (if applicable)

2.2 Fan Data

When you submit a song request or tip, we may collect:

Your name (or “Anonymous” if you choose not to share it)
Email address (optional)
Song request details and messages
Tip amounts and payment confirmation data

2.3 Venue Data

When venues are registered on the platform, we collect:

Venue name, address, and contact details
Phone number and website URL
Venue type and description
Social media links

2.4 Event & Booking Data

When events or gigs are created, we collect:

Event name, date, time, and location
Client name, email, and phone number (for private bookings)
Performance type (e.g. wedding, corporate, public)
Special instructions and set list preferences

2.5 Financial Data

To process subscriptions, tips, and payouts:

Stripe customer and subscription identifiers
Payment intent references (we do not store card numbers)
Stripe Connect account details for performer payouts
Withdrawal history and earnings summaries
Subscription plan, billing cycle, and status

All card and bank details are processed and stored directly by Stripe. We never have access to your full card number or bank account details.

2.6 Music Platform Data

If you connect a music streaming account, we store:

OAuth access and refresh tokens (for Tidal)
MusicKit authentication tokens (for Apple Music)
Your user ID and display name on the connected platform
Playlist identifiers for automated playlist management

Tokens are used solely to provide playlist and track features. They are deleted when you disconnect a platform.

2.7 Analytics & Technical Data

We automatically collect:

IP address
Browser type and device information (user agent)
Pages visited and referral source
Session identifiers and visit timestamps

2.8 Communications

If you contact us or use in-platform messaging:

Your name and email address
Message content and subject
Any replies or correspondence

3. How We Use Your Data

We use your personal data for the following purposes:

a.Providing the service — Creating accounts, managing profiles, processing song requests, enabling live sessions, and delivering platform features.
b.Processing payments — Managing subscriptions, processing tips, facilitating performer payouts via Stripe Connect, and maintaining financial records.
c.Music integrations — Connecting to Tidal and Apple Music to enable playlist management and track search features.
d.Platform improvement — Analysing usage patterns, monitoring performance, and improving features and user experience.
e.Safety & compliance — Detecting and preventing fraud, abuse, and suspicious tipping activity. Enforcing our terms of use and complying with legal obligations.
f.Communications — Sending transactional emails (e.g. login links, payment confirmations), responding to support requests, and platform announcements.

4. Legal Basis for Processing

We process your data under the following legal bases:

Legal Basis	Applies To
Contract performance	Account creation, subscription management, payment processing, service delivery
Legitimate interests	Platform security, fraud prevention, analytics, service improvement, enforcing our terms
Consent	Music platform connections, marketing emails, optional data sharing
Legal obligation	Financial record keeping, regulatory reporting, responding to lawful requests

Where we rely on consent, you may withdraw it at any time by contacting us or using in-platform controls. Withdrawal does not affect the lawfulness of prior processing.

5. Third-Party Services

We share data with the following third-party service providers who process it on our behalf or as independent controllers:

Stripe

Payment processing, subscription billing, performer payouts (Stripe Connect). Stripe acts as an independent data controller for payment data.

Supabase

Cloud database hosting and authentication services. Data is stored in managed PostgreSQL databases with row-level security.

Google

OAuth authentication (optional sign-in method). Only basic profile information is accessed during sign-in.

Tidal / Apple Music

Music streaming integrations for playlist management and track search. Connected only when you explicitly link your account.

We do not sell your personal data to any third party. Data is only shared where necessary to provide the service, comply with legal obligations, or with your explicit consent.

6. Data Retention

We retain your data only for as long as necessary to fulfil the purposes described in this policy:

•Account data — Retained while your account is active and for a reasonable period after deletion to resolve disputes.
•Financial records — Retained for a minimum of 6 years as required by UK tax and accounting regulations.
•Song requests & tips — Retained as part of session history for performer analytics.
•Music platform tokens — Deleted immediately when you disconnect a music service.
•Analytics data — Retained in aggregated or anonymised form for platform improvement.

You may request deletion of your data at any time (see Your Rights below).

7. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

•Right of access — Request a copy of the personal data we hold about you.
•Right to rectification — Request correction of inaccurate or incomplete data.
•Right to erasure — Request deletion of your personal data (“right to be forgotten”).
•Right to restrict processing — Request that we limit how we use your data.
•Right to data portability — Receive your data in a structured, machine-readable format.
•Right to object — Object to processing based on legitimate interests or for direct marketing.
•Right to withdraw consent — Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@request-it.live. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or the Data Protection Commission (DPC) in Ireland.

8. Cookies & Analytics

We use cookies and similar technologies for the following purposes:

Type	Purpose	Details
Essential	Authentication	Session cookies for login state and security. These are necessary for the platform to function.
Functional	Preferences	Storing user preferences such as theme settings and dismissed notifications.
Analytics	Usage tracking	Page views, visit frequency, and referral sources to help us understand how the platform is used.

We do not use third-party advertising cookies or tracking pixels.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encrypted data transmission (HTTPS/TLS)
Row-level security policies on database tables
Secure authentication via magic links and OAuth (no passwords stored)
PCI-DSS compliant payment processing through Stripe
Access controls limiting data access to authorised personnel
Regular monitoring for suspicious activity

While we take all reasonable precautions, no system is completely secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by law.

10. International Transfers

Some of our third-party service providers may process data outside the UK and EEA. Where this occurs, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreements (IDTAs)
Adequacy decisions by the relevant authorities

11. Children's Privacy

The platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify users of material changes by updating the “Last Updated” date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this privacy policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us:

Privacy enquiries: privacy@request-it.live

General support: support@request-it.live

End of Privacy Policy