Melafz

Privacy Policy

Melafz

Last updated: 26 June 2026

This Privacy Policy explains how Melafz ("Melafz", "we", "us", "our") collects, uses, shares and protects your personal data when you use the Melafz mobile application and any related websites and services (together, the "Service"), and your rights in relation to that data.

We are committed to protecting your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

Please read this Policy alongside our Terms & Conditions.


1. Who we are (data controller)

Melafz is the "controller" of your personal data. This means we are responsible for deciding how and why your personal data is processed.

If you have any questions about this Policy or how we handle your data, please contact us using the details above.

Data Protection Officer

We are not legally required to appoint a Data Protection Officer (DPO) under Article 37 of the UK GDPR, because our core activities do not consist of large-scale systematic monitoring or large-scale processing of special category data. Our privacy contact above is responsible for data protection matters. We keep this position under review as the Service grows.


2. The personal data we collect

We collect and process the following categories of personal data:

a) Account data — when you create an account: your name, email address, and a password (which we store only in an irreversible, hashed form — we never store or see your actual password).

b) Content you create ("User Content") — the information you choose to add to the Service, which may include:

c) Technical and usage data — collected automatically when you use the Service: a secure authentication token (to keep you signed in), basic device and app information, and server log data including your IP address, request times and error logs. We use this to operate, secure and debug the Service.

d) Communications — if you contact us (for example by email), we keep a record of that correspondence.

e) Transactional email data — your email address is used to send service emails such as a password-reset code or a sign-up verification code (OTP).

What we do NOT collect


3. How we collect your data

We collect data: (a) directly from you when you register, create content, or contact us; and (b) automatically through your use of the app (technical and log data).


4. Why we use your data, and our lawful basis

Under the UK GDPR we must have a lawful basis for each use of your data. The table below sets out our purposes and bases.

Purpose Data used Lawful basis (UK GDPR Art. 6)
Create and manage your account; let you sign in Account data Contract — to provide the Service you sign up for
Store and display your songs, notebooks, setlists and gigs back to you User Content Contract
Send service/transactional emails (password reset, verification code) Email address Contract, and legal obligation / legitimate interests in securing accounts
Keep the Service secure, prevent abuse, debug and maintain it Technical & usage data Legitimate interests — running a safe, reliable service
Respond to your enquiries and provide support Communications Legitimate interests
Comply with legal and regulatory obligations As required Legal obligation
Send you optional product news or marketing (only if offered and you opt in) Email address Consent (you can withdraw at any time)

Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights, and we believe they are not. You can ask us for more information about this assessment.

Information about other people that you enter

If you add another person's details to a gig/booking (e.g. a client's name and phone number), you are responsible for making sure you are allowed to share that information with us, and that it is accurate. We process it on your behalf solely to provide the calendar feature to you, on the basis of our and your legitimate interests in you being able to manage your engagements. If someone whose details you have entered asks us to remove them, we may contact you or remove the data.


5. Who we share your data with

We do not sell your personal data. We share it only with the service providers ("processors") that help us run Melafz, and only as needed:

Recipient Purpose Location
Railway (hosting + PostgreSQL database) Hosting the app and storing your account and content United States
Resend (email delivery) (being introduced) Sending transactional emails (verification & password-reset codes) United States / EU
Apple App Store / Google Play Distributing the app and (in future) processing any in-app purchases Global

We require our processors to protect your data and to act only on our instructions, under written agreements that meet Article 28 of the UK GDPR.

We may also disclose data if required by law, to enforce our Terms, or to protect the rights, safety or property of Melafz, our users, or others.


6. International transfers

Some of our processors (including our hosting provider) are located outside the UK, including in the United States. Where we transfer your personal data outside the UK, we ensure an appropriate safeguard is in place, such as:

You can ask us for more detail about the safeguards that apply to a particular transfer using the contact details in section 1.


7. How long we keep your data

(Where this Policy gives a maximum period as "up to 90 days", we may keep data for a shorter time.)


8. Your rights

Under the UK GDPR you have the right to:

How to exercise your rights: email us at privacy@melafz.com. We will respond within one month (we may extend this by up to two further months for complex requests, and will tell you if so). Exercising these rights is free, although we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive. We may need to verify your identity first.

You can delete your account at any time by contacting us, and (where available) from within the app.


9. Complaints

If you are unhappy with how we have handled your data, please contact us first so we can try to put it right. You also have the right to complain to the UK's data protection regulator:

Information Commissioner's Office (ICO)https://ico.org.uk — helpline 0303 123 1113.


10. Children's data

Melafz is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. (Under the UK GDPR, children aged 13 or over can in principle consent to online services themselves, but we have set our minimum age at 16 to keep things simple and protective.) If you believe a child under 16 has given us personal data, please contact us and we will delete it.


11. How we protect your data

We use appropriate technical and organisational measures to protect your data, including: encryption of data in transit (HTTPS), storing passwords only as salted hashes, access controls, and using reputable hosting and email providers. No system can be 100% secure, but we work to protect your data and to keep our measures under review.


12. Data breaches

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it where required, and we will inform affected users without undue delay where the breach is likely to result in a high risk to them.


13. Cookies and similar technologies

The Melafz app uses a secure token stored on your device to keep you signed in — this is strictly necessary for the Service to work. The app does not use advertising or analytics cookies. Our public web pages (such as this policy) use only essential cookies, if any. Because we do not set non-essential cookies, we do not currently show a cookie banner; if this changes, we will update this Policy and seek your consent where required by PECR.


14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Please review it periodically.


15. Contact us

Questions, requests or complaints about this Policy or your data:

Melafzprivacy@melafz.com — Unit 1, Watling Gate, 297-303 Edgware Road, London, NW9 6NB