Email addresses are never shown publicly
Performer profiles do not display email addresses. Organizers contact performers only through the platform — either via Book Me or in-thread messaging on a confirmed booking. Once a booking is accepted, both sides can message each other inside the booking thread.
Login
We use Supabase Auth. Passwords are hashed with bcrypt. Sessions are tracked and you can see active sessions / log out remotely from Settings → Security.
Failed logins increment a counter; too many in a short window locks the account for safety (a "Try again later" message will appear).
Payment data
We never store full bank account numbers or card details. Bank accounts are linked through Stripe Financial Connections; only Stripe ever sees the raw numbers. We hold the Stripe customer ID and a tokenized payment-method reference — nothing else.
What we share between organizer and performer on a confirmed booking
- Names (first + last, or stage name for performers)
- Event details (date, time, location)
- Once a booking is accepted: in-thread messaging
- For paid-by-organizer travel: legal travel info (name, DOB, gender) — performer-side only, never to the organizer
We do not share private contact details (phone, email) between users.
Reviewing what we know about you
Under Settings → Account you can download an export of your data and submit a deletion request. Deletions are processed within 30 days; bookings and financial records are retained per US tax law.