Skip to content
loadout
loadout.band

Privacy Policy

Effective date: June 4, 2026

Loadout is operated by Edge Case Studios, LLC, a limited liability company organized under the laws of Washington State, United States. This Privacy Policy explains what information we collect when you use Loadout, how we use it, who we share it with, and the rights you have over it. It applies to loadout.band, help.loadout.band, and any other website, application, or service we operate under the Loadout brand (collectively, "Loadout" or "the Service").

If you have questions about this policy, email us at support@loadout.band.

Quick summary

We try to keep this short because long policies don't help anyone. The honest version:

  • We collect what we need to run a band-management app: your email and name to log you in, your band's songs and setlists because that's what the product is for, your payment information when you use Loadout Tips (handled by Stripe), and basic technical data (IP addresses, browser type) for security and logging.
  • We don't sell your data. We don't run ad networks. We don't track you across other sites.
  • We use a handful of trusted services to operate Loadout: Cloudflare hosts the app, Stripe processes payments, Resend sends emails, Anthropic powers our AI features. Each of these has its own privacy policy and handles only the data needed to do its job.
  • You can delete your account at any time, and we'll delete your data within 30 days.
  • You have legal rights to your data under California and EU privacy laws. We explain those below.

Who we are

Loadout is operated by:

Edge Case Studios, LLC Washington State, USA Contact: support@loadout.band

Edge Case Studios is the data controller for personal information collected through Loadout. We are responsible for deciding how and why your data is processed.

What information we collect

Information you provide directly

When you create an account or use Loadout, you may provide:

  • Account information: your email address, name, and password (passwords are hashed using industry-standard methods and never stored in plain text).
  • Band information: band name, member roles, location/timezone, photos, logos, external tip handles (Venmo/Cash App/PayPal usernames), and other public-facing band content.
  • Musical content: songs, lyrics, chord charts, setlists, and performance notes you upload. This is content you create or import.
  • Gig information: venue details, dates, finances (payment amounts, expenses), audience requests, and post-show notes.
  • Payment information (when you enable Loadout Tips): collected directly by Stripe through Stripe Connect onboarding, not by us. This includes your bank account or debit card details, government identification required by financial regulations, and tax information. Stripe is the data controller for this information; their privacy policy governs how it's handled. We receive only the data needed to display your balance, process tips, and report tax forms.
  • Communications: any messages you send us at support@loadout.band or other support channels.

Information collected automatically

When you use Loadout, we automatically collect:

  • Technical data: your IP address, browser type, device type, operating system, and pages visited within the Service. This is used for security, rate limiting, error tracking, and basic operational logs.
  • Cookies and similar technologies: we use cookies that are essential for the Service to function. These include authentication session cookies, CSRF protection tokens, and a session cookie for our demo mode. We do not currently use analytics, advertising, or tracking cookies. If we add analytics in the future, we will update this policy and request consent where required.
  • Audit logs: we keep records of significant account actions (signing in, changing settings, sending invites, processing tips, etc.) for security, compliance, and debugging purposes.

Information about other people

If you invite a band member or another person submits an audience request through your public gig page, we collect their email address (for invites) or name and contact information (for audience requests, if provided). You should only invite people who have consented to receive an invitation, and you should make sure your public gig page clearly tells fans how their information will be used.

What we don't collect

We do not knowingly collect:

  • Social Security Numbers or other government IDs (Stripe collects this directly when needed for Connect onboarding)
  • Health information
  • Biometric data
  • Precise location data (GPS)
  • Information from children under 13 (see "Children" below)

How we use your information

We use your information for the following purposes:

  • To operate the Service: authenticate you, store your songs and setlists, run AI features, send emails about gigs and tips, and process payments through Stripe.
  • To improve the Service: general product improvement based on aggregated, anonymized usage patterns. We do not profile individual users for marketing.
  • To communicate with you: transactional emails (invite confirmations, payment notifications, dispute alerts, account changes), and direct responses if you contact support.
  • To prevent abuse: rate limiting, fraud detection on tips, dispute monitoring, and enforcing our Terms of Service.
  • To comply with legal obligations: responding to lawful requests from authorities, generating 1099 tax forms for U.S. taxpayers using Loadout Tips (handled by Stripe on our behalf), and complying with applicable privacy laws.

We do not use your information for targeted advertising, and we do not sell your personal information.

Who we share your information with

We share information with the following categories of recipients, each acting under contractual privacy obligations:

  • Cloudflare hosts Loadout's infrastructure (Workers, D1 database, R2 storage, KV caches, Workers AI). All your account and band data is stored on Cloudflare's infrastructure.
  • Stripe processes payments and runs Stripe Connect for Loadout Tips. Stripe is the controller for payment data, tax data, and Connect onboarding information.
  • Resend delivers transactional emails (verification, invites, dispute notifications, payment confirmations).
  • Anthropic processes AI requests (setlist generation, chord extraction) through Cloudflare AI Gateway. AI request data is subject to Anthropic's privacy and data handling policies; we do not allow this data to be used to train future AI models.
  • Google is involved if you choose to sign in with Google OAuth. Google receives your email address and basic profile information needed for sign-in; Loadout receives the same in return.

Each of these services operates under their own privacy policy and applicable data processing agreements. We choose them because of their security and privacy practices, but you should review their policies if you have specific concerns.

We may also share information:

  • In response to a lawful subpoena, court order, or other legal process.
  • To investigate fraud, abuse, or violations of our Terms of Service.
  • If Edge Case Studios, LLC is involved in a merger, acquisition, or sale of assets, in which case your information may be transferred to the new entity (subject to the same privacy commitments).

We do not sell your personal information to data brokers, advertisers, or any other third party.

How long we keep your information

We retain your personal information for as long as your account is active. If you delete your account:

  • We delete your account, songs, setlists, and personal information within 30 days.
  • We may retain some information for longer if required by law (for example, tax records related to Loadout Tips are retained per Stripe's tax compliance requirements, typically 7 years).
  • Audit logs may be retained in anonymized form for security and debugging purposes.

To delete your account, go to Settings → Account → Delete Account in the app. You'll see a confirmation, and the deletion process begins immediately with a 30-day grace period during which you can cancel.

Your rights

You have rights over your personal information, including the right to access it, correct it, delete it, and export it. The specific rights depend on where you live.

All users

Regardless of where you live, you can:

  • See your name and email in account settings (editing is coming; contact us in the meantime)
  • Delete your account and your associated data via account settings (30-day grace period applies)
  • Request a copy of your songs, setlists, and account data by emailing support@loadout.band
  • Contact us at support@loadout.band with any questions

California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the right to:

  • Know what personal information we collect about you and how we use it
  • Access the specific personal information we hold about you
  • Delete your personal information, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of your personal information (we don't sell or share for cross-context advertising)
  • Limit the use of sensitive personal information (we don't process sensitive personal information for purposes that require this option)
  • Non-discrimination — we won't deny service, charge different prices, or provide a lower level of service based on your privacy choices

To exercise any of these rights, email support@loadout.band. We'll respond within 45 days as required by law.

European Economic Area, UK, and Switzerland

If you are in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you the right to:

  • Access the personal information we hold about you
  • Rectification of inaccurate or incomplete information
  • Erasure (the "right to be forgotten")
  • Restriction of processing in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for processing based on consent
  • Lodge a complaint with your local supervisory authority

The legal bases under which we process your personal data are:

  • Contract: processing necessary to provide the Service you've signed up for
  • Legitimate interests: product improvement, security, and abuse prevention, balanced against your rights
  • Legal obligation: complying with tax, accounting, and other laws
  • Consent: for any optional features that require it (none currently)

To exercise any of these rights, email support@loadout.band.

International data transfers

Loadout is operated from the United States, and our infrastructure providers (Cloudflare, Stripe, Resend, Anthropic, Google) operate globally. If you use Loadout from outside the United States, your information will be transferred to and processed in the United States and other countries where our providers operate.

We rely on standard contractual clauses, our providers' data processing agreements, and your consent (where applicable) as the legal basis for these transfers.

Security

We take reasonable measures to protect your information:

  • Passwords are hashed and never stored in plain text
  • All connections to Loadout are encrypted via HTTPS
  • Payment information is handled by Stripe and never touches our servers in unencrypted form
  • We follow standard security practices for our infrastructure (Cloudflare's security features, principle of least privilege, audit logging)

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify you and applicable authorities as required by law.

Children

Loadout is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please email support@loadout.band and we will delete it.

If you are between 13 and 18 (or the equivalent age of majority in your jurisdiction), you should review this policy with a parent or guardian before using Loadout.

Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, services, or legal requirements. When we make changes, we will:

  • Update the "Effective date" at the top of this page
  • Post the updated policy at loadout.band/privacy
  • For significant changes, notify you by email or through the Service

Your continued use of Loadout after a policy update means you accept the updated policy. If you disagree with the changes, you can stop using Loadout and delete your account.

Contact us

Questions, requests, or complaints? Email support@loadout.band.

For formal data protection requests under CCPA, GDPR, or similar laws, please include "Privacy Request" in your subject line and describe the right you are exercising.

Last updated 2026-06-04.