BandQuartermaster Privacy Policy
Effective 16 July 2026
This policy explains what information the BandQuartermaster app collects, why, and how it's handled. BandQuartermaster is operated by Martin Bassett-Rhodes ("we", "us"). If you have questions about this policy or want to exercise any of the rights described below, see the Contact Us section below.
1. Who This Applies To
This policy covers the BandQuartermaster iOS app and the Firebase-hosted backend it connects to. It applies to anyone who creates an account, whether as an organisation's administrator, a librarian, a member of an organisation's roster, or anyone else using the app.
2. Information We Collect
Account information. When you sign up, we collect the email address and password you provide (handled entirely by our authentication provider, Firebase Authentication — we never see or store your password ourselves), and the display name you choose.
Organisation and roster information. An organisation's administrator can add a name, email address, and phone number for each person on their roster, and link that entry to a signed-up user account. This information is entered and controlled by that organisation, not by us.
Content created within the app. Depending on which parts of the app an organisation uses, this can include: a catalogue of sheet music and any digital score/part files uploaded against it; records of who has borrowed or requested a piece; a physical inventory of instruments and uniforms, including their condition, assignment, and issue/return history; and bug reports or feature requests submitted through the app's Feedback feature. Much of this content is naturally tied to a named person (e.g. "issued to," "requested by," "inspected by") as part of how the feature works.
Photos. If your organisation uses the instrument inspection feature, photos taken or chosen to document an instrument's condition are uploaded and stored against that record.
Face ID / Touch ID. If you choose to enable it, BandQuartermaster can use Face ID or Touch ID to lock access to the app on your own device. This is handled entirely by Apple's operating system — we never receive, see, transmit, or store your biometric data. We only ever receive a yes/no result from Apple's system.
Technical information. Our infrastructure provider, Firebase (part of Google Cloud Platform), processes standard technical information (such as IP address) as an inherent part of providing authentication and hosting — we don't separately collect or log this ourselves. We do not use analytics, advertising, or tracking SDKs of any kind.
3. How We Use Your Information
We use the information described above only to operate the features of the app: authenticating you, showing you the data your organisation and your permissions entitle you to see, and letting you use the Library, Instruments, Uniforms, Members, and Feedback modules. We do not use your information for advertising, and we do not sell it to anyone.
4. Who Can See Your Information
- Other members of your organisation can see information relevant to their role, according to the permissions your organisation's administrator has granted them — this is core to how a shared roster/inventory tool works.
- Bug reports and feature requests you submit are visible to your organisation's administrators, and a summary (including your name, the title of your report, and which organisation you belong to — but not your email) is also visible to us, the app's developer, so we can manage support and development across every organisation using the app.
- Firebase / Google Cloud Platform is our infrastructure provider — it stores and processes data on our behalf as part of running the app, and does not use it for its own purposes.
- We do not share your information with any other third party, and we do not sell it.
5. Where Your Information Is Stored
Data is stored using Firebase (Google Cloud Platform), in the europe-west2 (London, UK) region. If you're located outside that region, your information may be transferred there as part of normal operation of the service.
6. How Long We Keep Your Information
We keep your information for as long as your account and your organisation's use of the app remains active. An organisation's administrator can deactivate or remove a roster entry at any time. You can delete your own account at any time from within the app (Settings > Delete Account); to request deletion of other personal data, contact us using the details in clause 10.
7. Your Rights
Depending on where you're located, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to how it's used. To exercise any of these, contact us using the details in clause 10 and we'll respond as soon as we reasonably can.
8. Children's Privacy
BandQuartermaster itself is intended for use by adults managing an organisation's administration. An organisation's roster may include entries for members who are minors, added and controlled by that organisation's administrator as part of their own records — if you have concerns about a specific roster entry, please raise it with that organisation directly, or contact us.
9. Security
We take reasonable steps to protect your information, including relying on Firebase's own security infrastructure and access controls built into the app (only people in your organisation, with the right permissions, can see your organisation's data). No method of storage or transmission is completely secure, and we can't guarantee absolute security.
10. Contact Us
If you have any questions about this policy, or want to exercise any of the rights described above, contact Martin Bassett-Rhodes at martin@solutionsdecoded.co.uk.
11. Changes to This Policy
We may update this policy from time to time as the app changes. We'll update the effective date at the top when we do. Continuing to use the app after a change means you accept the updated policy.