WePlayIn.Band

Introduction
This Privacy Policy explains in detail how Appfab Technology, through its service WePlayIn.Band (“we”, “our” or “us”), collects, uses, shares and protects your personal information when you use our mobile application, web application and related services (collectively, the “Service”). This policy applies to all users of our platform, including musicians, orchestra members and orchestra administrators/directors. WePlayIn.Band is specifically designed for orchestra and band management, providing tools for planning rehearsals and performances, organizing repertoire, managing musician profiles and positions, and facilitating communication within musical organizations. Our commitment is to handle your data responsibly and transparently.
Data Controller Information
The data controller responsible for your personal information is Appfab Technology, which operates the WePlayIn.Band service. Our servers are located exclusively within the European Union, ensuring compliance with European data protection standards. Contact information:
Information We Collect
Personal Information
When you register and use our Service, we may collect the following personal information:
  • Account Information:
    • Full name (first and last name)
    • Email address
    • Password (stored in encrypted format)
    • Profile photo (optional)
    • Phone number (optional)
    • Language preference
  • Orchestra Membership Information:
    • Role within each orchestra (Musician, Assistant, Director, Manager, Administrator)
    • Section assignments (e.g., Strings, Brass, Woodwinds)
    • Position details (e.g., First Violin, Trumpet, Clarinet)
    • Instrumental proficiency and priority settings
    • Date of joining the orchestra
    • Activation status within each orchestra
  • Emergency Contact Information (for musicians):
    • Emergency contact name
    • Emergency contact phone number
    • This information is visible only to orchestra administrators and directors
  • Event and Attendance Data:
    • Availability status for events (Available, Unavailable, Tentative)
    • Attendance history
    • Notes regarding attendance or absence
    • Position assignments for specific events
  • Financial and Compensation Data (when the feature is enabled for the orchestra):
    • Assigned compensation level (tier) and corresponding rates per event type
    • Per-event compensation amounts and approval status
    • Expense reimbursement requests with amount, category (travel, meals, supplies, equipment, accommodation, uniform, other) and description
    • Uploaded receipts and supporting documents (images or PDF files)
    • Payment history and approval status
    • This information is visible to orchestra directors and administrators; musicians can only view their own financial data
  • Login Session Data:
    • Unique device identifier
    • Device name (e.g., “Paolo’s iPhone”)
    • Platform (mobile or web)
    • Date and time of last access
    • Session creation date and time
    • Application and operating system version
    • You can view all active sessions and revoke access to individual devices through your profile settings
  • Usage Data:
    • Access dates and times
    • Platform feature usage patterns
    • User-generated content such as notes and repertoire information
    • Platform settings and preferences
  • Device Information:
    • Device type and model
    • Operating system and version
    • Unique device identifiers
    • IP address
    • Browser type and version (if applicable)
    • Mobile network information
  • Location Information:
    • Venue addresses for events and rehearsals
    • City and country information for orchestras
    • This information is used exclusively for event organization purposes
Calendar Integration
With your explicit permission, we may access your device’s calendar to:
  • Add orchestra events and rehearsals to your personal calendar
  • Set reminders for upcoming events
  • Remove events if they are cancelled or modified
  • Update event details in case of changes
You can control calendar access permissions through your device settings at any time.
AI Assistant and Voice Recordings
The AI Assistant is an optional feature that can be enabled for each orchestra. When you use the AI Assistant:
  • Text commands and conversation history are sent to our servers for processing.
  • Voice recordings (M4A audio format) are captured via the device microphone (on mobile devices only) and transmitted to our servers for transcription and command processing.
  • Audio files are temporarily stored on the device and deleted after the upload is completed.
  • The maximum recording duration is 30 seconds.
  • AI processing occurs server-side; audio transcription and text analysis may be processed through third-party artificial intelligence service providers.
  • The AI uses conversation context (previous messages in the session) to provide more relevant responses.
  • Token usage is tracked for each orchestra for service measurement purposes.
  • You can control microphone permissions through your device settings.
Biometric Authentication
On mobile devices, you can enable biometric login (Face ID, Touch ID, fingerprint) for faster and more secure authentication.
  • Biometric verification is handled entirely by your device’s operating system.
  • WePlayIn.Band does NOT access, store or transmit any biometric data (fingerprints, facial scans, etc.).
  • When biometric authentication is enabled, your login credentials (email and password) are stored in encrypted form in your device’s secure storage (Keychain on iOS, Keystore on Android).
  • These credentials remain exclusively on the device and are never transmitted to our servers in this context.
  • You can enable or disable biometric authentication at any time through your profile settings.
  • This feature is not available in the web version.
Document Scanning and Text Recognition
On mobile devices, you can use the camera to scan musical scores and convert them to PDF format.
  • Document scanning uses your device’s native scanner (Google ML Kit Document Scanner on Android, VisionKit on iOS).
  • Text recognition (OCR) is used to automatically detect the title of scanned pages.
  • All image processing and text recognition are performed entirely on the device; no images are sent to external servers during the scanning process.
  • The resulting PDF is uploaded to our servers only when you explicitly confirm the upload.
  • Camera permissions can be controlled through your device settings.
How We Use Your Information
We use your personal information for the following specific purposes:
For All Users:
  • Account Management: Creating and maintaining your user account, authenticating your identity when you log in, and personalizing your experience.
  • Service Delivery: Enabling core platform features, including event planning, repertoire management, and communication functionalities.
  • Communications: Sending important notifications about:
    • Upcoming events and rehearsals
    • Schedule changes or cancellations
    • Orchestra announcements and news
    • System updates and maintenance information
  • Technical Support: Resolving technical issues, responding to your inquiries, and improving our service based on feedback.
  • Service Improvement: Analyzing usage patterns to enhance platform features, fix bugs, and optimize performance.
For Musicians:
  • Position and Section Management: Assigning and tracking your positions within orchestras and sections.
  • Availability Tracking: Recording and displaying your availability for specific events and rehearsals.
  • Performance Organization: Organizing repertoire lists and accessing event information relevant to your position.
For Directors and Administrators:
  • Orchestra Management: Facilitating the organization of the orchestra’s structure, sections, and positions.
  • Musician Administration: Managing musician profiles, positions, and attendance records.
  • Event Planning: Creating and organizing rehearsals, performances, and other events.
  • Attendance Monitoring: Tracking musician attendance and managing event availability.
  • Communication: Sending announcements and updates to orchestra members.
  • Data Export: Generating Excel files containing musician attendance data (event dates, participation status, positions, notes). Exported files are shared through the device’s sharing system. Once exported, the management and protection of such data is the responsibility of the user who performed the export.
Data Sharing and Disclosure
Within Orchestras
We operate according to a principle of limited visibility based on role and need-to-know:
  • Basic Profile Information: Your name, profile photo, role, section, and position will be visible to other members of the orchestras you belong to.
  • Contact Information: Your email and phone number are visible only to directors and administrators of your orchestra.
  • Availability and Attendance Information: Your availability status and attendance records for events are visible to other members of your orchestra.
  • Position and Section Details: Information about your assigned positions and sections is visible to other orchestra members to facilitate organization.
Role-Based Access:
  • Musicians: Can view their own profile, position assignments, event details, and limited information about other musicians in their orchestra.
  • Assistants: Have extended permissions compared to musicians to support directors in the day-to-day management of the orchestra.
  • Directors: Have additional access to manage repertoire, events, and view detailed information about musicians in their orchestra.
  • Managers: Have advanced access to orchestra management, including settings configuration and financial data oversight.
  • Administrators: Have full access to manage all aspects of the orchestra, including musician profiles, positions, and attendance records.
Third-Party Service Providers
We may share specific information with carefully selected third-party service providers who help us deliver our service:
  • Push Notification Provider (OneSignal): To deliver event notifications and important updates.
  • Error Monitoring (Sentry): To monitor platform performance and resolve technical issues.
  • Cloud Storage Providers: To store and back up platform data securely.
  • Email Service Providers: To send email notifications when enabled.
  • Map and Geolocation Services (Google Maps, Google Places): To provide address autocomplete functionality when creating and editing event venues. Text entered in the address field is sent to Google servers to obtain completion suggestions.
All third-party providers are contractually obligated to use your information solely to provide services to us and are prohibited from using your information for their own purposes.
Legal Requirements
We may disclose your information if required by law, court order, governmental authority, or regulatory body. We will only share information that we are legally required to disclose and will make reasonable efforts to inform you of such disclosure, unless prohibited by law.
Orchestra Joining Process and Data Sharing
When You Request to Join an Orchestra
When you use an activation code or request to join an orchestra:
  • Initial Request: Your basic profile information (name, email, profile photo) becomes visible to the orchestra’s administrators and directors who need to review your request.
  • Pending Status: During this review period, your information is marked as “pending” and is accessible only to authorized administrators and directors of that specific orchestra.
  • Limited Data Sharing: Before approval, only the minimum information necessary to identify you and process your request is shared.
  • Request Cancellation: If you cancel your membership request before approval, your information is removed from the orchestra’s pending list, and they will no longer have access to your data.
After Your Request Is Approved
Once your membership request is approved:
  • Increased Visibility: Additional profile details become visible to other orchestra members based on their roles, as outlined in the “Within Orchestras” section of this policy.
  • Data Integration: Your profile becomes part of the orchestra’s organizational structure, enabling position assignments and event planning.
  • Notification: You will receive a notification informing you that your request has been approved and explaining what information is now shared with the orchestra.
Orchestra Administrator Responsibilities
Orchestra administrators and directors have specific obligations regarding user data:
  • Clear Purpose: They must use your shared information only for legitimate orchestra management purposes.
  • Consent Requirement: They must obtain your explicit consent before using your information for any purpose beyond standard orchestra management.
  • Data Protection Assurance: As data processors within the context of their orchestra, administrators must ensure the protection of your personal data.
  • No External Sharing: Orchestra administrators are strictly prohibited from exporting, transferring, or sharing member data outside the WePlayIn.Band platform unless:
    • Required by law
    • Explicitly authorized by each affected member
    • Necessary for the direct operation of the orchestra (such as sharing contact information for emergency purposes)
  • Communication Limitation: They may only contact you regarding orchestra-related matters, unless you provide specific consent for other types of communication.
  • Member Departure: If you leave an orchestra, administrators must respect this decision and cease using your data in that orchestral context.
Orchestra Data Separation
We maintain strict separation between orchestras:
  • Your data in one orchestra is not automatically shared with other orchestras you join
  • Each orchestra operates as a separate data environment
  • Administrators of one orchestra cannot access your information in another orchestra
Data Processing Agreement
By creating and managing an orchestra on our platform, orchestra administrators enter into an implicit data processing agreement with Appfab Technology in which they agree to:
  1. Process member data only for stated purposes related to orchestra management
  2. Implement appropriate security measures to protect member data
  3. Assist members in exercising their data rights
  4. Delete or return all personal data after a member leaves their orchestra
  5. Conduct all data processing activities in compliance with applicable data protection laws
Appfab Technology reserves the right to restrict or terminate administrator access for those who violate these data protection requirements.
Restriction on Commercial Use
We explicitly commit that your personal data will never be:
  • Sold to third parties
  • Used for advertising purposes
  • Shared with data brokers
  • Used for commercial activities beyond the direct operation of the WePlayIn.Band service
Your data is collected and processed solely for the purpose of providing and improving the WePlayIn.Band service and will not be monetized or exploited for commercial gain outside of our direct service offering.
Data Security
We implement comprehensive technical and organizational measures to protect your personal information:
  • Encryption: All data transmission between your device and our servers uses TLS/SSL encryption.
  • Secure Storage: Personal data is stored in encrypted format where appropriate.
  • Access Controls: Strict access controls limit who within our organization can access your data.
  • Regular Security Audits: We conduct regular security assessments to identify and address potential vulnerabilities.
  • Incident Response Plan: We maintain procedures to promptly and effectively address potential data breaches.
While we implement these safeguards, no internet or electronic transmission is ever completely secure. We cannot guarantee absolute security, but we are committed to promptly notifying you of any breach affecting your personal information in accordance with applicable laws.
Data Retention
We retain your personal information for as long as:
  • Your account remains active
  • We need it to provide you with our services
  • It is necessary for legitimate business purposes
  • Required by law
If you delete your account, we will delete or anonymize your personal information within 90 days, except for information that we must retain for:
  • Legal compliance
  • Financial record-keeping
  • Dispute resolution
  • Fraud prevention
Your Rights and Choices
As a user based in the European Union or other regions with similar data protection laws, you have the following rights:
  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You may correct any inaccurate or incomplete personal information.
  • Right to Erasure: You may ask us to delete your personal information under certain circumstances.
  • Right to Restriction of Processing: You may ask us to restrict the processing of your personal information.
  • Right to Data Portability: You may request a machine-readable copy of your personal information to transfer to another service.
  • Right to Object: You may object to our processing of your personal information for certain purposes.
  • Right to Withdraw Consent: You may withdraw any consent previously given.
How to Exercise Your Rights
To exercise any of these rights, please contact us at info@appfabtech.com. We will respond to your request within 30 days. We may need to verify your identity before fulfilling your request. For data removal requests, please send a specific email with the subject line “Data Removal Request” to info@appfabtech.com, including your full name and the email address associated with your account.
Notification Preferences
Within the app settings, you can:
  • Enable or disable email notifications
  • Enable or disable push notifications
  • Customize the types of notifications you receive
EU-Specific Protections
Since our servers are located within the European Union and we adhere to GDPR requirements, you benefit from additional protections:
  • Legal Basis for Processing: We process your data on the basis of contractual necessity (to provide our service), legitimate interests (to improve our service), or your explicit consent.
  • Data Protection Officer: For data protection inquiries, contact the Appfab Technology DPO at info@appfabtech.com.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
Children’s Privacy
Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@appfabtech.com, and we will take steps to delete such information.
International Data Transfers
Although our servers are located within the European Union, users may access the service from around the world. If you access our service from outside the EU, your information may be transferred to and processed in the EU. These countries may have data protection laws that differ from those in your country. When we transfer personal data outside the EU, we ensure that appropriate safeguards are in place in accordance with GDPR requirements.
Updates to This Privacy Policy
We may periodically update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes:
  • We will post a notice within the app
  • We will update the “Last Updated” date at the beginning of this policy
  • We will send an email notification to the address associated with your account
  • We will request renewed consent where required by law
Orchestra Administrator Responsibilities
If you serve as an orchestra administrator or director, you have additional responsibilities:
  • Consent: You must obtain appropriate consent from musicians before adding them to your orchestra.
  • Data Minimization: Collect and use only the personal information necessary for orchestra management.
  • Privacy Respect: Respect musicians’ privacy preferences and data rights.
  • Access Limitations: Limit access to sensitive information to those who need it within your organization.
  • Confidentiality: Maintain the confidentiality of musicians’ information and do not share it outside your orchestra without consent.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Appfab Technology Viale della Repubblica 9, Pontedera, Italy Email: info@appfabtech.com Service: www.weplayin.band For formal data requests, including access, correction, or deletion, please include “Data Privacy Request” in the subject line of your email.

Last Updated: March 10, 2026

By using the WePlayIn.Band platform, you acknowledge that you have read and understood this Privacy Policy. This document constitutes a binding agreement between you and Appfab Technology (which operates the WePlayIn.Band platform) regarding the collection, use, and protection of your personal information.