Legal

Privacy Policy

Effective Date: April 6, 2026

1. Introduction

Session Route, LLC (“Session Route,” “we,” “us,” or “our”) operates the website located at sessionroute.comand related services (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Platform.

By creating an account or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, username, profile photo, location, role (studio owner, artist, or engineer), and genre preferences.
  • Studio Information: Studio name, address, description, room details, equipment lists, photos, operating hours, pricing, and booking policies.
  • Booking Information: Session dates, times, duration, service type, engineer selection, session files, and preparation materials.
  • Payment Information: Billing address and payment details processed through our third-party payment processor, Stripe. We do not store full credit card numbers on our servers.
  • Communications: Messages, reviews, and any other content you submit through the Platform.
  • Identity Verification: If a studio requires identity verification for bookings, you may be asked to provide government-issued identification.

2.2 Information Collected Automatically

  • Device & Browser Data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Usage Data: Pages visited, features used, time spent on pages, click patterns, search queries, referring URLs, and session duration.
  • Cookies & Similar Technologies: We use essential cookies for authentication and session management. See Section 8 for details.
  • Log Data: Server logs that record requests made to our Platform, including timestamps and API endpoints accessed.

2.3 Information from Third Parties

  • Authentication Providers: If you sign up or log in using a third-party service, we may receive your name and email address from that provider.
  • Stripe: Payment confirmation status, payout details, and Stripe account identifiers for studios using Stripe Connect.
  • Google Calendar: If you connect your Google Calendar, we access calendar event data solely to create, update, and delete booking-related events. We do not read or modify unrelated calendar events.

3. How We Use Your Information

We use the information we collect to:

  • Provide & Operate the Platform: Create and manage accounts, process bookings, facilitate payments, and deliver session files.
  • Process Payments: Charge deposits, authorize holds, capture payments, issue refunds, and distribute payouts to studios via Stripe Connect.
  • Communicate with You: Send booking confirmations, session reminders, receipts, account notifications, and respond to support inquiries.
  • Calendar Integration: Automatically sync confirmed bookings to your connected Google Calendar so sessions appear on your phone and devices.
  • Improve the Platform: Analyze usage patterns to fix bugs, develop new features, optimize performance, and improve user experience.
  • Ensure Safety & Security: Detect fraud, enforce our terms of service, prevent abuse, and protect the rights and safety of our users.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, or enforceable government requests.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 With Other Users

When you book a session, the studio and assigned engineer will see your name, contact information, session details, and any preparation files you upload. Studio profiles, engineer profiles, and artist profiles with public usernames are visible to other users of the Platform.

4.2 Service Providers

We use trusted third-party services to operate the Platform:

  • Supabase: Database hosting, user authentication, and real-time data synchronization.
  • Stripe: Payment processing, Connect payouts, and fraud prevention.
  • Google Calendar API: Calendar event creation and management for connected studios.
  • Resend: Transactional email delivery (booking confirmations, notifications).
  • Vercel: Website hosting and content delivery.

Each provider processes data only as necessary to perform their services and is bound by their own privacy policies and data processing agreements.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Booking records and transaction history are retained for a minimum of three (3) years for legal, tax, and accounting purposes.

When you delete your account, we will delete or anonymize your personal information within thirty (30) days, except where we are required to retain certain data by law. Session files stored in your library will be permanently deleted upon account deletion.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL (HTTPS)
  • Encryption of sensitive data at rest
  • Secure authentication with hashed passwords and session tokens
  • Row-level security (RLS) policies ensuring users can only access their own data
  • Role-based access controls for administrative functions
  • Regular security audits and dependency updates

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Update or correct inaccurate information via your profile settings.
  • Deletion: Delete your account and associated data through the Settings page on your dashboard. Studio owners can delete their studio and all related data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain types of data processing where applicable.
  • Withdraw Consent: Disconnect third-party integrations (such as Google Calendar) at any time through your settings.

To exercise any of these rights, contact us at privacy@sessionroute.com. We will respond to your request within thirty (30) days.

8. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core Platform functionality. These cannot be disabled.
  • Preference Cookies: Remember your settings such as theme preference (dark/light mode).

We do not use advertising cookies or third-party tracking pixels. We do not sell data to advertisers or participate in ad networks. Your browsing activity on Session Route is not tracked for advertising purposes.

9. Third-Party Links & Services

The Platform may contain links to third-party websites or services (e.g., Stripe payment pages, Google OAuth, social media profiles). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Google API Services Usage Disclosure

Session Route’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to Google Calendar event data (calendar.events scope).
  • We use this access solely to create, update, and delete booking-related calendar events on your behalf.
  • We do not use Google data for advertising, and do not share it with third parties except as required to provide the calendar sync feature.
  • We store Google OAuth tokens (access and refresh tokens) securely and use them only to maintain your calendar connection.
  • You can revoke access at any time by disconnecting Google Calendar in your studio settings or by removing access in your Google Account permissions.

11. Children’s Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@sessionroute.com.

12. International Data Transfers

Session Route is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. By using the Platform, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No Sale of Data: We do not sell personal information as defined by the CCPA.

To exercise your rights, contact us at privacy@sessionroute.com or use the account deletion feature in your dashboard settings.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by updating the “Effective Date” at the top of this page and, where appropriate, sending you an email notification.

Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Session Route, LLC

Email: privacy@sessionroute.com

Website: sessionroute.com