Information We Collect
When you create an account or use IndiMu, we collect information necessary to provide the service. The type of information depends on your role (Musician or Venue) and how you use the platform.
Account Information
- Name, email address, and password (hashed — we never store plaintext passwords)
- Profile photo (optional)
- Role selection: Musician or Venue
Musician Profile Information
- Biography, genres, instruments and proficiency levels
- YouTube demo video URLs you choose to link
- Band memberships and associated band profiles
- Gig applications and booking history
Venue Profile Information
- Venue name, type, capacity, and description
- Location (city / address) and amenities
- Gig listings posted on the platform
- Booking history and payments made
Communications
- In-app messages sent between musicians and venues
- Booking requests, confirmations, and cancellations
- Reviews and ratings submitted after gigs
Technical Information
- Device type, operating system, and app version
- IP address and general location (country / region)
- Usage data: screens viewed, features used, session duration
- Firebase Cloud Messaging token (for push notifications)
How We Use Your Information
We use the information we collect for the following purposes:
Creating and managing your account, showing your profile to relevant venues or musicians, and facilitating bookings.
Processing payments through Stripe, issuing refunds per our cancellation policy, and maintaining transaction records.
Sending booking confirmations, reminders, notifications about new messages, and important service updates.
Detecting fraud, resolving disputes, enforcing our Terms of Service, and keeping the platform safe.
Understanding how users interact with the app to improve features, fix bugs, and enhance performance.
Meeting our obligations under applicable laws, including responding to lawful requests from authorities.
We do not use your information for automated decision-making that produces legal or similarly significant effects without human review.
Information Sharing & Disclosure
We do not sell your personal information. We share your data only in the following circumstances:
With Other Users (by design)
Your public profile information — name, bio, instruments, genres, demo video links, and reviews — is visible to other IndiMu users to enable discovery and bookings. You control the content of your profile.
With Service Providers
- Firebase (Google) — authentication, database (Firestore), file storage, and push notifications
- Stripe — payment processing and payout management
- SendGrid — transactional email delivery (e.g. welcome emails, booking confirmations)
Each provider processes data only as instructed and under their own privacy commitments.
For Legal Reasons
We may disclose your information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights or safety of IndiMu, our users, or the public.
Business Transfers
If IndiMu is acquired, merges with another company, or undergoes a similar transaction, your information may be transferred as part of that deal. We will notify you via email or in-app notice if this occurs.
Data Storage & Security
Your data is stored on Google Firebase infrastructure, which maintains ISO 27001 certification and SOC 2/3 compliance. Data is stored in Canada (us-central1 / northamerica-northeast1) unless otherwise required.
Security Measures
- All data transmitted between the app and our servers is encrypted via TLS 1.2 or higher
- Passwords are hashed using Firebase Authentication (bcrypt-based) — we never see your password
- Firestore security rules restrict access so users can only read/write their own data
- Firebase Storage rules prevent unauthorised file access
- Stripe handles all payment card data under PCI DSS Level 1 compliance
Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, tax, or dispute-resolution purposes.
Booking and payment records may be retained for up to 7 years to comply with Canadian financial record-keeping requirements.
Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal data:
Access & Portability
You can request a copy of the personal data we hold about you at any time by emailing info@indimu.ca. We will respond within 30 days.
Correction
You can update most of your personal information directly within the app via your profile settings. For data you cannot edit yourself, contact us and we will correct it promptly.
Deletion
You may request deletion of your account and associated personal data at any time. Send a request to info@indimu.ca. Note that some data may be retained as required by law (see Section 4).
Objection & Restriction
You may object to certain types of processing (e.g. analytics) or request that we restrict processing while a dispute is resolved. Contact us to exercise these rights.
Notifications
You can manage push notification preferences in your device settings or within the IndiMu app at any time.
Cookies & Analytics
Website (indimu.ca)
Our landing page uses minimal cookies:
- Firebase Analytics — anonymised page view counts and session data to understand site performance. This does not identify individual visitors.
- Session cookies — short-lived cookies used to manage your browsing session. These expire when you close your browser.
We do not use advertising cookies or third-party tracking pixels on our website.
Mobile App
The IndiMu mobile app does not use browser cookies. Firebase Analytics collects anonymised, aggregated usage statistics (e.g. feature usage counts, screen flows). This data cannot be used to identify you individually.
You can opt out of analytics collection by disabling "Share Analytics" in your device's app settings, where available.
Third-Party Services
IndiMu integrates with the following third-party services. Each has its own privacy policy:
- Google Firebase — firebase.google.com/support/privacy
- Stripe — stripe.com/privacy
- Twilio SendGrid — twilio.com/en-us/legal/privacy
- YouTube — when you link a YouTube video to your musician profile, users will load that video from YouTube's servers and be subject to Google's Privacy Policy
We are not responsible for the privacy practices of these third-party services. We encourage you to review their policies.
Children's Privacy
IndiMu is intended for users who are 16 years of age or older. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at info@indimu.ca and we will delete that information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Effective" date at the top of this page
- Send a notice to the email address associated with your account
- Display an in-app notification prompting you to review the changes
Your continued use of IndiMu after changes take effect constitutes your acceptance of the updated policy. If you disagree with any changes, you may close your account at any time.
Questions about your privacy?
We're here to help. Reach out to our team for any privacy-related questions, requests, or concerns.
✉️ info@indimu.ca12308444 Canada Inc. — Operated under IndiMu