Privacy Policy
Last updated: 2026-01-01
This policy explains what information My Scene collects, how we use it, the third parties involved, and the choices you have. It applies to the My Scene website, dashboard and any related services we operate.
Introduction
My Scene is operated by My Scene. We provide an operations platform for artists, managers, agencies and labels. We are the data controller for personal data processed about visitors of our marketing site, and a data processor for personal data your workspace stores inside the dashboard (fans, contacts, bookings, financial records). For workspace data your organisation remains the controller and our Data Processing Agreement applies.
Data We Collect
Account data: name, email, password hash, profile picture, organisation and role. Workspace content: bookings, contracts, invoices, expenses, fan and contact lists, files you upload, and any other content you enter. Usage data: pages viewed, features used, IP address, device and browser, approximate location, and timestamps, used to keep the service secure and improve it. Billing data: when you subscribe, our payment provider (Stripe) processes card details on our behalf; we only store the last four digits and the subscription status. Communication: emails you send us and support tickets you open.
How We Use Data
We process personal data to provide and secure the service, authenticate users, send transactional email (sign-in, billing, invitations, password resets), prevent fraud and abuse, comply with legal obligations, and, where you opted in, send product updates. Our legal bases are performance of contract (Art. 6.1.b GDPR), legitimate interest in running and improving the service (Art. 6.1.f), legal obligation (Art. 6.1.c), and consent where required (Art. 6.1.a). We do not sell personal data and we do not use workspace content to train AI models.
Third Parties
We rely on a small number of sub-processors to run the service: Supabase (database, authentication, file storage, EU region), Cloudflare (CDN, edge functions, DDoS protection), Stripe (payment processing), Resend (transactional email), and our AI providers (Google and OpenAI) for in-product AI features. Each sub-processor is bound by a Data Processing Agreement and processes data only on our instructions. A current list is available on request via privacy@myscene.app.
Your Rights
Under the GDPR and comparable laws you have the right to access, rectify, erase, restrict and port your personal data, to object to processing based on legitimate interest, and to withdraw consent. Workspace admins can export or delete most data directly from the dashboard. For anything else, write to privacy@myscene.app and we will respond within 30 days. You can also lodge a complaint with your local data protection authority, in the Netherlands that is the Autoriteit Persoonsgegevens.
Contact
My Scene, Amsterdam, the Netherlands. For privacy questions email privacy@myscene.app. For security disclosures email security@myscene.app. We retain account and billing data for as long as your account is active and up to 7 years afterwards where required by tax law. All other data is deleted within 90 days of account closure.
