BandQuartermaster Privacy Policy

Effective 16 July 2026

This policy explains what information the BandQuartermaster app collects, why, and how it's handled. BandQuartermaster is operated by Martin Bassett-Rhodes ("we", "us"). If you have questions about this policy or want to exercise any of the rights described below, see the Contact Us section below.

1. Who This Applies To

This policy covers the BandQuartermaster iOS app and the Firebase-hosted backend it connects to. It applies to anyone who creates an account, whether as an organisation's administrator, a librarian, a member of an organisation's roster, or anyone else using the app.

2. Information We Collect

Account information. When you sign up, we collect the email address and password you provide (handled entirely by our authentication provider, Firebase Authentication — we never see or store your password ourselves), and the display name you choose.

Organisation and roster information. An organisation's administrator can add a name, email address, and phone number for each person on their roster, and link that entry to a signed-up user account. This information is entered and controlled by that organisation, not by us.

Content created within the app. Depending on which parts of the app an organisation uses, this can include: a catalogue of sheet music and any digital score/part files uploaded against it; records of who has borrowed or requested a piece; a physical inventory of instruments and uniforms, including their condition, assignment, and issue/return history; and bug reports or feature requests submitted through the app's Feedback feature. Much of this content is naturally tied to a named person (e.g. "issued to," "requested by," "inspected by") as part of how the feature works.

Photos. If your organisation uses the instrument inspection feature, photos taken or chosen to document an instrument's condition are uploaded and stored against that record.

Face ID / Touch ID. If you choose to enable it, BandQuartermaster can use Face ID or Touch ID to lock access to the app on your own device. This is handled entirely by Apple's operating system — we never receive, see, transmit, or store your biometric data. We only ever receive a yes/no result from Apple's system.

Technical information. Our infrastructure provider, Firebase (part of Google Cloud Platform), processes standard technical information (such as IP address) as an inherent part of providing authentication and hosting — we don't separately collect or log this ourselves. We do not use analytics, advertising, or tracking SDKs of any kind.

3. How We Use Your Information

We use the information described above only to operate the features of the app: authenticating you, showing you the data your organisation and your permissions entitle you to see, and letting you use the Library, Instruments, Uniforms, Members, and Feedback modules. We do not use your information for advertising, and we do not sell it to anyone.

4. Who Can See Your Information

5. Where Your Information Is Stored

Data is stored using Firebase (Google Cloud Platform), in the europe-west2 (London, UK) region. If you're located outside that region, your information may be transferred there as part of normal operation of the service.

6. How Long We Keep Your Information

We keep your information for as long as your account and your organisation's use of the app remains active. An organisation's administrator can deactivate or remove a roster entry at any time. You can delete your own account at any time from within the app (Settings > Delete Account); to request deletion of other personal data, contact us using the details in clause 10.

7. Your Rights

Depending on where you're located, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to how it's used. To exercise any of these, contact us using the details in clause 10 and we'll respond as soon as we reasonably can.

8. Children's Privacy

BandQuartermaster itself is intended for use by adults managing an organisation's administration. An organisation's roster may include entries for members who are minors, added and controlled by that organisation's administrator as part of their own records — if you have concerns about a specific roster entry, please raise it with that organisation directly, or contact us.

9. Security

We take reasonable steps to protect your information, including relying on Firebase's own security infrastructure and access controls built into the app (only people in your organisation, with the right permissions, can see your organisation's data). No method of storage or transmission is completely secure, and we can't guarantee absolute security.

10. Contact Us

If you have any questions about this policy, or want to exercise any of the rights described above, contact Martin Bassett-Rhodes at martin@solutionsdecoded.co.uk.

11. Changes to This Policy

We may update this policy from time to time as the app changes. We'll update the effective date at the top when we do. Continuing to use the app after a change means you accept the updated policy.