Privacy Policy

This Privacy Policy explains how MostlyHarmless Labs, a company registered in England and Wales (“we”, “us”, or “our”) collects, uses, stores, and shares personal information when you use the StagePay mobile apps, the website at stagesofpay.com, and related services (the “Service”). StagePay is the product name under which we offer these services. We also include a technical description of what syncs where so you can assess risk: that detail is part of this Policy, not a separate secret playbook.

Use the Google Play or Apple privacy labels together with this Policy. If you use the app without creating an online account, most of your business content stays on your device; we still initialise Google services used for analytics and (on supported builds) advertising, as described below.

1. Principles

• Local-first. By default, invoices, expenses, contacts, venue records, receipt image files, and app settings are stored on-device (for example Hive on mobile).
• Opt-in cloud. Cloud backup/sync is only available on the Pro+ plan (see in-app wording), only when you link a non-anonymous StagePay account, and only when demo data mode is off. You can stop using sync by disconnecting or deleting cloud data as the app allows.
• No sale of personal data. We do not sell your personal information, invoices, or receipt images as a data broker would.
• Minimum necessary. We process data needed to run the feature you are using and to meet legal, security, and fraud-prevention obligations.

2. Categories of information we process

2.1 Content you create in the app

Depending on how you use StagePay, this can include:

• Invoices, line items, totals, taxes, payment and terms text, PDF-related fields.
• Gigs, venues, buyers, and contact records you save.
• Expenses, mileage, categories, notes, and evidence metadata.
• Receipt photos or scans you capture or pick (processed on-device for OCR where applicable).
• Templates, branding, logo references, and business profile (name, address, tax identifiers you enter).
• Recurring schedule definitions and automation metadata.

None of the above is uploaded to our cloud by default. It leaves the device only when you use Pro+ sync (section 3) or when it is included in analytics payloads (section 4), which are designed to avoid raw invoice line text where possible but are not a substitute for legal advice on your own compliance.

2.2 Account and authentication (Firebase Auth)

If you create a StagePay online account, we process your email address, authentication credentials (stored by Google Firebase Authentication), a stable user id, and related session data. A paid subscription alone does not require an account; an account is required for Pro+ cloud sync and related online features as implemented in the app.

2.3 Pro+ cloud sync (Google Cloud Firestore)

When you are entitled to Pro+, signed in with a registered (non-anonymous) account, and sync runs, the app writes structured documents to Cloud Firestore in our Firebase project under:

• users/{yourUid}/businessProfile/current — business profile fields needed for billing identity (for example name, country, tax identifiers, accounting method, timestamps). The Pro+ tier may sync additional metadata fields the app labels as extended profile data.
• users/{yourUid}/invoices/{invoiceId} — invoice metadata (identifiers, dates, amounts, status, venue references, buyer tax fields where present). The Pro+ tier expands the payload to include richer fields such as descriptions, notes, line/tax detail, automation metadata, and country-specific blocks as implemented in the current app version.
• users/{yourUid}/expenses/{expenseId} — expense metadata (amounts, categories, mileage, links to invoices). The Pro+ tier may include supplier text, notes, and a local receipt file path string as stored in your expense record. Receipt image bytes are not uploaded to Firebase Storage in the current app; they remain on your device unless you share them yourself (for example by attaching a file to email).
• users/{yourUid}/recurringSchedules/{scheduleId} — recurrence settings, cadence, template hooks, and related fields.

Each synced document includes server-managed sync timestamps where the app writes them. Data in Firestore is protected by Firebase security rules so that only the authenticated user whose uid matches the path can read or write their own tree under users/{uid}/….

2.4 Product analytics (Firebase Analytics)

After the app starts, we initialise the Firebase SDK and use Google Analytics for Firebase to understand how StagePay is used: for example app opened, invoice lifecycle events, and coarse feature usage. We also set user properties such as plan tier, role, currency, country, and onboarding completion. These events help us improve stability and prioritise fixes; they are not the same as selling your data to third-party advertisers. Analytics runs for users who can reach Google’s endpoints from the device. If you need to exercise GDPR rights over Analytics-derived processing, contact us (section 12).

2.5 Advertising identifiers (Google AdMob)

On builds that ship with Google Mobile Ads, the app can show Google AdMob placements (for example around certain free-tier invoice flows). AdMob and its partners may process device and advertising identifiers, coarse location, and similar data under Google’s policies to deliver and measure ads. Paid tiers may reduce or remove ad surfaces as implemented in the app. For how Google uses this data, see Google’s Privacy Policy and AdMob’s developer disclosures.

2.6 Website beta waitlist (Firestore)

If you request beta access on stagesofpay.com, the site writes a single document to Firestore collection betaSignups containing: email, self-reported role, marketing source, region, preferred store/plan interest, consent version, page path, browser user-agent snippet, and automation status fields used only to send you the confirmation workflow. You cannot read or update these documents from the client after creation; only our backend automations act on them.

2.7 Purchases (Apple, Google, RevenueCat)

When you buy Pro or Pro+, Apple or Google processes payment. We receive subscription state through RevenueCat (and the stores), not your full card number. RevenueCat acts as our subscription processor.

2.8 Calendar import

If you use calendar import, the app reads the calendar datasets you allow on-device to suggest gig dates. We do not upload your full calendar to our servers as part of that feature.

2.9 Notifications

With your OS permission, we may schedule local or push-style notifications for reminders you configure (for example payment due). Details depend on your platform and the app version you install.

2.10 Diagnostics and email delivery

We may rely on Google-provided crash or performance diagnostics as we enable them in Firebase. Transactional email (for example beta confirmation, account messages) may be sent through providers such as Resend from Google Cloud Functions, using the addresses and content required for that message only.

3. Legal bases (UK / EEA)

Where GDPR or UK GDPR applies, we rely on: performance of a contract (providing the Service you ask for); legitimate interests (securing the Service, analytics, non-intrusive product improvement, fraud prevention); consent where required (for example marketing cookies on the site if we add them, or optional preferences you toggle); and legal obligations where applicable.

4. How we use information

• Operate invoicing, expenses, PDF export, OCR, and related features.
• Sync your chosen data when you use Pro+ and a linked account.
• Validate entitlements and prevent abuse.
• Run Firebase Analytics and, where enabled, AdMob.
• Send service emails and beta communications you request.
• Comply with law and respond to valid legal requests.

5. Service providers

We use processors including Google (Firebase, Analytics, AdMob, Cloud Functions, Firestore, Authentication), RevenueCat, Apple, Google Play, Resend (email API), and Netlify (static site hosting). Processors are bound by contract or standard terms. We do not authorise them to use your StagePay business content for unrelated training or resale.

6. International transfers

Data may be processed in the UK, EEA, United States, or other regions where our providers operate. Where UK or EEA data is transferred internationally, we rely on approved transfer tools (for example UK IDTA / EU Standard Contractual Clauses) together with technical measures offered by Google and other vendors.

7. Retention

• On-device data remains until you delete it or uninstall.
• Firestore data remains until you delete it or delete your account, subject to backup lag.
• Account data is kept while the account is active and briefly afterward where law requires.
• Analytics retention follows Google’s settings for our property.

8. Security

We use TLS for data in transit to Google services, Firebase Authentication, Firestore security rules, and device protections you enable (passcode, biometrics). No method is 100% secure; protect your credentials and devices.

9. Children

StagePay is not directed at children under 16. We do not knowingly collect personal information from children.

10. Your rights

Depending on your location you may have rights to access, rectify, erase, restrict, port, or object to processing, and to complain to a supervisory authority. Contact us to exercise rights; many actions (export, deleting synced data, disconnecting cloud) are available or will be surfaced in-app as we ship updates.

If you created a StagePay/Firebase sign-in with email, password, or Google, you can request immediate erasure of your cloud profile and synced Firestore data (and deletion of your authentication account) via our self-service tool: Delete your StagePay account. Removing local-only data still requires uninstalling or clearing storage on each device.

11. Third-party policies

This Policy does not govern third parties you interact with through the app (promoters, stores, or ad networks). Read their policies too, especially Google’s when you use ad-supported builds.

12. Changes

We may update this Policy. We will change the “Last updated” date and, where the law requires, provide notice in-app or by email. If you use the beta signup form, we may bump a consent version string so we know which wording you agreed to.

13. Contact

Privacy questions and requests: privacy@stagesofpay.com.

UK/EU data protection contact: dpo@stagesofpay.com.

MostlyHarmless Labs is registered in England and Wales.

14. Relationship to Terms

Our Terms of Service describe authorised use of the Service. This Policy describes how personal data is handled. Both apply when you use StagePay.