Privacy Policy

1. Introduction

MyRoster ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at myroster.io.

Data Controller:
Alex Stevens Labs (SRL)
BE 0736.435.579
Rue Vivegnis 435
4000 Liège, Belgium

2. Information We Collect

2.1 Personal Data

We collect the following personal information:

• Email address: Used for authentication and communication
• Agency information: Agency name, description, and custom URL slug
• Artist data: Information about artists you add to your roster

2.2 Automatically Collected Data

• IP address: For security and rate limiting
• Browser information: User agent for technical compatibility
• Usage data: API calls, page views (anonymized)
• Consent records: Records of your GDPR consents with timestamps and IP addresses

3. How We Use Your Information

We use your information for:

• Providing and maintaining the MyRoster service
• Creating and managing your roster pages
• Sending you authentication links (magic links)
• Sending verification emails for new roster pages
• Security and fraud prevention
• Improving our services
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: You explicitly consent when creating a roster
• Contractual necessity: To provide the services you request
• Legitimate interests: Security, fraud prevention, and service improvement

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

• Service providers: Email delivery services, hosting providers
• External data services: For artist search functionality (no personal data shared)
• Legal authorities: When required by law

Your public roster pages are visible to anyone with the URL.

6. Data Retention

We retain your data:

• As long as your account is active
• Until you request deletion
• As required by law (minimum retention periods may apply)

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we use your data
• Object: Object to processing of your data
• Withdraw consent: Withdraw consent at any time

To exercise these rights, visit your dashboard or contact us.

8. Cookies and Tracking

We use essential cookies for:

• Session management (authentication)
• CSRF protection
• Security features

We do not use tracking or advertising cookies.

9. Data Security

We implement security measures including:

• HTTPS encryption
• CSRF protection
• Rate limiting and DDoS protection
• Secure session management
• Regular security updates

10. International Data Transfers

Your data may be stored and processed in servers located in the EU or other regions with adequate data protection standards.

11. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy. Changes will be posted on this page with an updated "Last updated" date.

13. Contact Us

For privacy questions or to exercise your rights:

• Email: privacy@myroster.io
• Data requests: Data Request Form

Data Controller:
Alex Stevens Labs (SRL)
BE 0736.435.579
Rue Vivegnis 435
4000 Liège, Belgium