Privacy Policy
1 About this policy
Le Speakeasy is a private workforce scheduling app for a live music venue. It is not a consumer app. Users are authorized venue managers and artists only. This policy explains what data the app processes and how it is protected.
2 Data controller
The data controller is Easova EURL, 1 rue des Bauches, 75016 Paris, France. For any question about this policy or your personal data, contact us at info@easova.com.
3 Data we collect
We collect only the data needed to run the scheduling application:
- Name
- Email address
- Hashed password (argon2id — never stored in plaintext)
- Role (manager or artist)
- Venue assignment
- Monthly availability
- Scheduling assignments
- Audio files (backing tracks uploaded by artists for their setlists)
4 Why we collect it
We collect this data solely to operate the scheduling application and organize live-show lineups and setlists. We never use it for marketing, advertising, behavioral profiling, cross-app tracking, or any purpose beyond running the app.
5 Legal basis
We process account and scheduling data on the basis of contract (Art. 6(1)(b) GDPR) — the data is necessary to provide you with the service. We process security logs on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in keeping the app secure.
6 Sub-processors
We rely on the following sub-processors to operate the app. Data is processed only on the venue's behalf, not for the sub-processors' own purposes.
| Sub-processor | Service | Location |
|---|---|---|
| Neon Inc. | PostgreSQL database hosting | Frankfurt, Germany (EU) |
| Vercel Inc. | Backend API hosting | Global edge, EU functions |
| Cloudflare Inc. (R2) | Audio file storage | Europe |
| Expo / Apple (APNs) | Push notification delivery | United States |
7 Data storage
Data is stored in the EU. Audio files are held in Cloudflare R2 Europe. The database is hosted with Neon in Frankfurt.
8 Data retention
Account data is retained while the account is active and deleted on request. Audio files are deleted when the artist removes them or when their account is closed. Security logs are retained for 12 months.
9 No tracking, no analytics
The app contains no analytics SDK, no crash reporting, no advertising identifiers, and no cross-app tracking of any kind.
10 Push notifications
Push notifications are used only to notify artists of confirmed lineups and shift changes. We send no marketing notifications.
11 Audio files
Audio files are uploaded solely to support the artist's performances and setlists within the app. They are not used for any other purpose and are not shared with third parties.
12 Security
We protect your data with argon2id password hashing, HTTPS/TLS on all connections, JWT tokens stored in the iOS Secure Store / Android Keystore, and role and venue-scoped access controls.
13 Your rights under GDPR
You have the right to access, rectification, erasure, portability, restriction, and objection. To exercise any of these rights, contact info@easova.com. We respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés, www.cnil.fr).
14 Children
The app is not directed at anyone under 16.
15 Policy changes
For material changes, users are notified via push notification or email.
16 Contact
For any question about this policy or your personal data, contact info@easova.com.