← StandbyCue

Privacy Policy

Last updated: 14 June 2026

Controller: [Your company legal name / org. no.], Norway · Contact: hello@standbycue.app

StandbyCue ("we", "us") is a run-of-show / rundown tool. This policy explains what personal data we collect, why, how long we keep it, and the rights you have under the GDPR.

What we collect and why

  • Email — sign-in, account identification, transactional email (invites, password resets, receipts, support replies).
  • Password — stored hashed by our auth provider, to secure your account.
  • Name, phone, avatar (optional) — to show who you are to teammates.
  • Your content — events, rundowns, folders, cues, columns, uploaded images, chat messages.
  • Teams & memberships — workspaces you own or belong to, and your role.
  • Support tickets — the message and email you send via the Feedback form.
  • Billing data — subscription status, seats, receipts. Card details are handled by our payment provider (Lemon Squeezy) and never stored by us.
  • Usage / technical — account creation date, last sign-in, log data, for security and debugging.

We do not sell your personal data, and we do not use it for advertising.

How long we keep it

Account & content: while your account is active. If you delete your account (or ask us to), we erase your personal data and content. Support tickets: while we handle your request and a reasonable period after. Billing/accounting records: as required by law (Norwegian bookkeeping rules typically ~5 years), held by our payment provider as Merchant of Record. Deleted data may persist briefly in encrypted backups before rolling off.

Who we share it with

We use trusted sub-processors to run the service — see the Sub-processors list. In short: Supabase (database & auth), Vercel (hosting), Resend (email), Cloudflare (email routing), and Lemon Squeezy (payments, as Merchant of Record). Each processes data only on our instructions under a data-processing agreement.

Where your data is processed

Primarily within the EU/EEA where possible. Some providers may process data outside the EEA under appropriate safeguards (e.g. EU Standard Contractual Clauses).

Your rights (GDPR)

You have the right to access, rectify, erase, and port your data, and to restrict or object to certain processing, and to withdraw consent where applicable. We provide data exports in a machine-readable format (JSON). To exercise any right, email hello@standbycue.app; we respond within one month. You can also complain to the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no).

Security

Passwords are hashed; data is encrypted in transit (HTTPS) and at rest by our providers. Card data never touches our servers. Access to production data is limited to authorised administrators and logged.

Children

StandbyCue is not directed at children under 16, and we do not knowingly collect their data.

Changes

We may update this policy; material changes will be announced in the app. The date above reflects the current version.