Complete Your Booking

How would you like to receive booking notifications?

Choose at least one way to stay updated about your session.

Almost Done!

Your payment was successful! Please provide any additional details below.

Comma-separated. They'll receive booking confirmation.
Skip and finish
← All Policies

Privacy Policy

Version 3.0 Effective March 15, 2026
Recent changes: v3.0: Consolidated from 3 separate documents (privacy policy, cookie policy, data retention schedule) into single Privacy Policy.

Introduction

Second Street Music ("SSM," "we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the SSOS Platform, including our website, marketplace, event ticketing, learning platform, messaging, gig network, storage, PTT, and all related services.

Information We Collect

Information You Provide


  • Account Information: Name, email, phone number, password, profile photo
  • Payment Information: Credit/debit card details (processed via Stripe, not stored by SSM)
  • Booking Information: Date, time, room selection, duration, service type
  • Profile Information: Bio, music genre preferences, skills, instruments, EPK content
  • Marketplace Data: Product listings, seller information, shipping addresses, purchase history
  • Event Data: Event details, ticket purchases, attendance records
  • Learning Data: Course enrollments, quiz responses, certificates earned
  • Communications: Messages sent through Platform messaging, support requests, feedback
  • Identity Verification: Government ID (for background checks, if applicable), business documentation
  • Consignment Data: Item descriptions, photos, condition reports, pricing agreements
  • Gig Applications: Resume/portfolio information, availability, performance history

Information Collected Automatically


  • Usage Data: Pages visited, features used, time spent on Platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies: Session cookies, analytics cookies, preference cookies (see Section 2.7, Cookies & Tracking)
  • Booking Activity: Booking history, cancellation patterns, no-shows
  • Location Data: Approximate location from IP address (not GPS tracking)
  • NFC Interactions: Tap events, shared profile data (with your consent per interaction)

Recording & Transcription Data


  • PTT Audio: Push-to-talk voice communications may be recorded if enabled by session host (see Terms of Service, Section 1.13)
  • LiveKit Sessions: Real-time audio/video for courses and events may be recorded
  • Transcriptions: AI-generated transcriptions of recorded sessions for ADA accessibility
  • IMPORTANT: Pennsylvania is a two-party consent state (18 Pa.C.S. § 5703). All recordings require explicit consent from all participants. The Platform enforces consent collection before any recording begins.

Information from Third Parties


  • Stripe: Payment confirmation, card brand (last 4 digits only), payout status
  • Background Check Providers: Melissa Data (sex offender registry), Checkr (PA Act 153 clearances)
  • OAuth Providers: Profile information from Google, Apple, or other social login providers
  • Calendar Services: Calendar data synced via Google Calendar or Microsoft 365 OAuth (opt-in only)
  • External Storage: File metadata from Dropbox, Google Drive, OneDrive (when you connect)

How We Use Your Information

  • Provide Services: Process bookings, orders, enrollments, event tickets, gig applications
  • Process Payments: Charge for services, issue refunds, manage credits, facilitate payouts via Stripe Connect
  • Communicate: Send confirmations, reminders, booking updates, order status, course notifications
  • Marketplace Operations: Facilitate transactions, manage escrow, process returns, calculate commissions
  • Improve Services: Analyze usage patterns, optimize Platform features, A/B testing
  • Marketing (with consent): Promotional offers, newsletters, featured listings
  • Security & Fraud Prevention: Detect fraudulent transactions, prevent account takeover, monitor for abuse
  • Legal Compliance: Tax reporting (1099s for sellers/providers), respond to legal requests, maintain audit trail
  • Background Checks: Process clearance checks for providers working with minors (with separate consent)
  • Accessibility: Generate transcriptions of recorded content for ADA compliance

How We Share Your Information

Service Providers


  • Stripe: Payment processing and payouts
  • AWS SES: Email notifications and marketing communications
  • LiveKit: Real-time audio/video communication infrastructure
  • Cloudflare: Website hosting, CDN, security
  • Printful: Print-on-demand fulfillment (shipping address shared for POD orders)
  • Melissa Data / Checkr: Background check processing (with separate consent)
  • Cover Genius: Insurance policy management (if applicable)

Other Users


  • Public Profiles: Name, profile photo, bio, EPK content visible to other Platform users
  • Marketplace: Seller name and general location visible to buyers; shipping address shared with sellers for fulfilled orders
  • Events: Organizer information visible to ticket buyers
  • NFC Shares: Profile data you choose to share via NFC tap
  • Reviews: Your reviews and ratings visible to other members

Legal Requirements


We may disclose information to comply with legal obligations, protect our rights, prevent fraud, or protect safety.

Business Transfers


If SSM is sold, merged, or acquires another entity, your information may be transferred.

Data Retention

See Section 2.8 (Data Retention Schedule) for detailed retention periods per data type.

Summary:

  • Account Information: Duration of account + 7 years
  • Booking/Transaction Records: 7 years (tax/legal)
  • Messages: 3 years after last activity (or account deletion)
  • Recordings/Transcriptions: 90 days after session (configurable by host)
  • Analytics: Aggregated/anonymized indefinitely
  • Background Checks: Retained per PA Act 153 requirements

Your Rights

Access & Correction


  • View your data via account settings
  • Request full data export: privacy@secondstreetmusic.com
  • Correct inaccurate information in account settings

Deletion


  • Request account deletion: privacy@secondstreetmusic.com
  • Some information retained for legal compliance
  • Deletion processed within 30 days (GDPR-compliant)

Opt-Out


  • Marketing Emails: Unsubscribe link in every email
  • Cookies: Browser settings or our cookie consent tool
  • PTT Recording: Decline consent when prompted (you may still use PTT without recording)
  • NFC Sharing: Disable NFC sharing in account settings
  • Calendar Sync: Disconnect OAuth at any time

Data Portability


Request machine-readable copy of your data: privacy@secondstreetmusic.com. Provided within 30 days.

CCPA Rights (California Residents)


If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

Cookies & Tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better experience by remembering your preferences, keeping you logged in, and understanding how you use the Platform.

Types of Cookies We Use

#### Strictly Necessary Cookies
These cookies are essential for the Platform to function. They cannot be disabled.

| Cookie | Purpose | Duration |
|--------|---------|----------|
| `sb-access-token` | Supabase authentication session | Session |
| `sb-refresh-token` | Supabase session refresh | 7 days |
| `cookie-consent` | Stores your cookie preferences | 1 year |
| `csrf-token` | Cross-site request forgery protection | Session |

#### Functional Cookies
These cookies remember your preferences and choices.

| Cookie | Purpose | Duration |
|--------|---------|----------|
| `theme` | Light/dark mode preference | 1 year |
| `sidebar-collapsed` | Dashboard sidebar state | Persistent |
| `timezone` | Your timezone for booking display | 1 year |
| `recent-searches` | Recent marketplace search terms | 30 days |

#### Analytics Cookies
These cookies help us understand how visitors use the Platform. All data is aggregated and anonymized.

| Cookie | Purpose | Duration | Provider |
|--------|---------|----------|----------|
| `_ga` | Google Analytics visitor ID | 2 years | Google |
| `_ga_*` | Google Analytics session | 2 years | Google |

#### Marketing Cookies
We do not currently use marketing or advertising cookies. If we add them in the future, we will update this policy and require your consent.

Cookie Consent

On your first visit, you will see a cookie consent banner. You can:

  • Accept All: Enable all cookie categories
  • Necessary Only: Only essential cookies (analytics disabled)
  • Manage Preferences: Choose which categories to enable

You can change your preferences at any time via Settings > Privacy > Cookie Preferences.

Third-Party Cookies

  • Stripe: Sets cookies for payment processing and fraud detection
  • Google Analytics: Sets analytics cookies (if you consent)
  • Supabase: Sets authentication cookies

Third-party cookies are governed by those companies' respective privacy policies.

How to Control Cookies

#### Browser Settings
Most browsers allow you to block or delete cookies. Instructions:

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies
  • Edge: Settings > Privacy > Cookies

#### Do Not Track
We honor Do Not Track (DNT) browser signals by disabling analytics cookies when DNT is enabled.

Impact of Disabling Cookies

If you disable necessary cookies, some Platform features will not work:

  • You will not be able to stay logged in
  • Booking and checkout may not function
  • Your preferences will not be remembered

Disabling analytics cookies has no impact on Platform functionality.

Changes to Cookie Practices

We will update this section if we change our cookie practices. Material changes notified via cookie banner re-display.

Data Retention Schedule

Purpose

This schedule describes how long we retain different types of data and your rights regarding your data.

Retention Periods

| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information (name, email, phone) | Duration of account + 7 years | Tax/legal compliance |
| Booking Records | 7 years from booking date | Financial records requirement |
| Transaction/Payment Records | 7 years from transaction | IRS requirements |
| Marketplace Order Records | 7 years from order date | Tax/legal compliance |
| Messages (Platform messaging) | 3 years after last activity | Service continuity |
| PTT/LiveKit Recordings | 90 days after session (configurable by host) | Host-defined retention |
| Transcriptions | Same as associated recording | Tied to source recording |
| Course Enrollment Data | Duration of enrollment + 3 years | Certificate verification |
| Background Check Results | Per applicable law (min 1 year FCRA, per PA Act 153) | Legal compliance |
| Consignment Records | 7 years from consignment end | Financial/legal |
| Event Records | 7 years from event date | Financial/legal |
| Gig Records | 3 years from gig date | Tax reporting |
| NFC Interaction Logs | 1 year | Analytics |
| Login/Session Logs | 1 year | Security monitoring |
| Audit Trail | 7 years | Compliance |
| Analytics Data | Aggregated/anonymized indefinitely | Service improvement |
| Cookie Data | Per Section 2.7 (session to 2 years) | Functional/analytics |
| Marketing Consent Records | Until opt-out + 3 years | Compliance documentation |
| Support Tickets | 3 years after resolution | Quality assurance |
| E-Signature Records | 10 years after execution | ESIGN Act compliance |
| Split Sheet Agreements | Duration of copyright (life of author + 70 years) | Copyright documentation |

After Account Deletion

When you request account deletion:

  • Profile and personal data deleted within 30 days
  • Transaction records anonymized but retained for tax/legal (7 years)
  • Messages with other users anonymized (your name replaced)
  • Recordings you hosted: deleted (other participants notified)
  • Reviews you wrote: anonymized
  • Marketplace listings: removed
  • Consignment items: returned per consignment terms in the Provider & Seller Agreement

Your Data Rights

  • Access: Request a copy of your data at any time
  • Correction: Update inaccurate information via account settings
  • Deletion: Request deletion (subject to legal retention requirements)
  • Portability: Request machine-readable export of your data
  • Restriction: Request we limit processing of your data

Contact: privacy@secondstreetmusic.com

Legal Holds

We may extend retention periods when required by:

  • Active litigation or legal proceedings
  • Government investigations
  • Regulatory requirements
  • Active disputes on the Platform

Security

  • Encryption: HTTPS/TLS for all connections, encrypted data at rest
  • Access Controls: Role-based access, principle of least privilege, row-level security on all database tables
  • Audit Trail: All administrative actions logged
  • Payment Security: PCI-compliant via Stripe (SSM never stores card numbers)
  • Background Check Data: Encrypted at rest, access restricted to authorized personnel only
  • Regular Audits: Security reviews, vulnerability scanning, penetration testing

Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect information from minors. If we learn we have collected such information, we will delete it promptly.

Pennsylvania-Specific Disclosures

  • Data Breach Notification (73 P.S. § 2303): We will notify affected individuals without unreasonable delay if a breach compromises personal information. We will notify the PA Attorney General if 1,000+ PA residents are affected.
  • Two-Party Consent (18 Pa.C.S. § 5703): All audio/video recordings require consent from all participants.

Changes to Privacy Policy

Material changes posted 30 days in advance. Notification via email and in-platform banner. Continued use after changes constitutes acceptance.

Contact Us

Privacy questions or requests:

Second Street Music — Privacy
1954 N 2nd St
Philadelphia, PA 19122
Email: privacy@secondstreetmusic.com

Cookie questions: support@secondstreetmusic.com
Data retention questions: privacy@secondstreetmusic.com
Or use our contact form

Last Updated: March 9, 2026 | Version: 3.0