LoudLikeLive
Log in

Privacy Policy

Last updated: 21 June 2026

1. Data controller

The controller of the personal data collected through the LoudLikeLive platform (the «Platform») is Niita OÜ, a company incorporated under Estonian law in the form of an osaühing (private limited company).

  • Registry Code: 17171094
  • VAT number: EE102828096
  • Registered office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551 — Estonia
  • Date of incorporation: 5 February 2025
  • Company contact: hello@niita.studio
  • Privacy & GDPR requests: privacy@loudlikelive.com

2. Data we collect

Depending on how you use the Platform, we process the following categories of personal data:

  • Registration and account data: name, email address, optional avatar and identifiers provided by the sign-in provider (Google or Facebook), phone number if provided, preferred language, last login date.
  • Profile data: profile type (artist, venue, festival, rehearsal room), short and extended biography, music genres, address and geographic coordinates of the venue, capacity, website, social links, cover and profile photos, technical equipment/backline, rates, awards and credentials, VAT number (only for Silver-verified venues).
  • Data about third parties (band, staff, crew): if you manage an artist or organisational profile you may add data about band members and staff/crew contacts (name, role, instrument, contact details). See section 9.
  • Generated technical documents: stage plan, technical rider and electronic press kit (EPK), including any generated PDFs and the public token links that allow them to be shared.
  • Usage and booking data: bookings and performance proposals created or received, reviews, messages exchanged in the booking flow, reports submitted, co-management invitations, notification preferences.
  • Calendar data: tokens for personal/public iCal feeds and, if you enable synchronisation, the Google Calendar OAuth tokens and the identifiers of synchronised events.
  • Technical and security data: IP address, user-agent, login attempt logs, temporary OTP codes, two-factor authentication credentials (for administrators), anti-bot tokens.
  • Payment data: the Platform does not currently handle direct transactions or payments and does not collect card or bank account data.

3. Purposes of processing

  • Provide the matchmaking and booking service between artists, venues, festivals and rehearsal rooms.
  • Authenticate users via email OTP code, Google OAuth or Facebook OAuth, and secure access (including two-factor authentication for administrators and anti-bot protection at sign-up).
  • Verify the identity and trustworthiness of profiles (venue verification via Google Maps with an OTP to the public email, VAT number via VIES, artist profile via Spotify).
  • Send transactional notifications (booking confirmations and changes, reviews, invitations, reminders) via email and, if enabled by the user, via Telegram.
  • Enable synchronisation of the events calendar (iCal feeds and, on opt-in, Google Calendar).
  • Allow, at the user's initiative, the import of public data from a Facebook Page of the venue or artist type.
  • Offer location-based features (distance search, maps).
  • Ensure security, fraud prevention and moderation (handling of reports).
  • Comply with legal obligations, in particular tax and administrative ones.

4. Legal basis

Processing is based on: (a) performance of the contract for the use of the Platform (Art. 6(1)(b) GDPR); (b) consent, for optional processing such as Telegram notifications, Google Calendar synchronisation and Facebook import, which can be withdrawn at any time (Art. 6(1)(a) GDPR); (c) legitimate interest in security, fraud prevention and content moderation (Art. 6(1)(f) GDPR); (d) legal obligations, where applicable (Art. 6(1)(c) GDPR).

5. Email and Telegram notifications

We send transactional emails for the operation of the service. You may also optionally connect a Telegram account to receive the same notifications through our bot: in that case we process your Telegram identifier solely to deliver notifications. The connection is opt-in and can be revoked at any time from your settings by disconnecting the Telegram account.

6. Calendar synchronisation (Google Calendar and iCal)

The Platform generates iCal feeds (public per profile and personal via token) so you can subscribe to events in your calendar. If you enable Google Calendar synchronisation, we ask for OAuth authorisation to the scope needed to create and update the events of your bookings, and we store the related tokens in encrypted form.

LoudLikeLive's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Calendar data is used exclusively to provide and improve the synchronisation feature and is not transferred to third parties or used for advertising or profiling.

7. Facebook import

If you choose to connect a Facebook Page (venue or artist Pages only), with your authorisation we access the Page's public data to pre-fill your profile. We process only the data strictly necessary for the import and we do not publish anything on your behalf.

8. Third-party services

The Platform integrates with the following providers, each with its own privacy policy and, where they act as processors, bound by appropriate agreements:

  • Google (OAuth login, Google Maps Places for venue verification and navigation links, Google Calendar for synchronisation) — policies.google.com/privacy.
  • Meta / Facebook (OAuth login and import of public Page data) — facebook.com/privacy/policy.
  • Spotify (artist profile verification) — spotify.com/legal/privacy-policy.
  • Telegram (notification delivery, only if enabled) — telegram.org/privacy.
  • Cloudflare (Turnstile, anti-bot protection at sign-up) — cloudflare.com/privacypolicy.
  • OpenStreetMap / Nominatim (address geocoding and map tiles; displaying a map involves sharing your IP address with the tile provider) — osmfoundation.org/wiki/Privacy_Policy.
  • VIES of the European Commission (VAT number verification for venues).
  • Hosting and email providers: the infrastructure is hosted in data centres located within the European Union; transactional emails are sent through our email provider.

9. Data about third parties (band, staff, crew)

If you enter personal data of third parties — for example band members, technicians or staff contacts — you declare that you have an adequate legal basis to provide it (e.g. their consent or a legitimate interest) and you undertake to inform them of this processing. You are responsible for the accuracy of such data. This data is processed to populate the profile's roster, stage plan, rider and EPK, and may appear in documents shared via token links. Upon request, we will facilitate the exercise of rights by the third-party data subjects.

10. International transfers

Data is hosted within the European Union. Some third-party providers (e.g. Google, Meta, Spotify, Cloudflare, Telegram) may also process data outside the European Economic Area: in that case the transfer takes place on the basis of adequacy decisions or standard contractual clauses adopted by the European Commission.

11. Data retention

Profile data is kept for as long as the account is active. If the account is closed, the email is anonymised, the profile is removed and personal data (name, avatar, address, VAT number, OAuth tokens, Telegram identifier) is deleted within 30 days. Booking data is kept in pseudonymised form for statistical, tax and fraud-prevention purposes for 5 years. Login attempt logs are kept for a maximum of 90 days.

12. Security

We adopt appropriate technical and organisational measures: encryption of sensitive tokens and secrets at rest, multi-factor authentication for administrative access, rate limiting and anti-bot protection at sign-up. No system is, however, 100% secure: please keep your credentials safe and use the «remember device» option only on trusted devices.

13. Your rights

Under the GDPR you may exercise at any time the rights of access, rectification, erasure, restriction, portability and objection, as well as the withdrawal of any consent given. To exercise them, write to privacy@loudlikelive.com or use the data deletion instructions page.

You also have the right to lodge a complaint with the competent supervisory authority: the Garante per la protezione dei dati personali in Italy or the Andmekaitse Inspektsioon (AKI) in Estonia.

14. Cookies and similar technologies

The Platform uses essential technical cookies for its operation (authentication, session, CSRF protection, «remember device», language preference) and the functional tokens needed for Cloudflare Turnstile anti-bot protection. Any analytics or marketing cookies are installed only with your prior consent, which you can manage from the banner and the «Cookie preferences» link in the footer. For the full list of cookies and their durations, see the Cookie Policy.

15. Minors

The Platform is intended for users aged at least 16. We do not knowingly collect data from minors under 16; if you believe this has happened, contact us and we will delete it.

16. Changes

We will update this policy when necessary. The date at the top of the page indicates the latest revision. If the changes are substantial we will notify users by email.