Our privacy policy

Last Updated: 18th February 2026
Effective Date: 18th February 2026


Hootenanny is committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR).


This Privacy Policy (“Policy”) explains how we collect, use, disclose, and protect your personal data when you use our products and services (“Service”).


“Personal data” means any information that identifies or can identify you as an individual.

By accessing or using our Service, you agree to the collection and processing of your information as described in this Policy. If you do not agree, please do not use the Service.


1. About Us

Hootenanny is operated by Fanclub Ltd, trading as Hootenanny.

Registered in England and Wales (Company No. 13824724)
Registered address: Copscap Barn, Eastgate, Hornton, Oxfordshire, United Kingdom

Fanclub Ltd acts as the Data Controller for personal data processed under this Policy.

For privacy-related enquiries:
Email: hello@hootenanny.io


2. Information We Collect

2.1 Information You Provide Directly

  • Name

  • Email address

  • Consent preferences (marketing and artist communications)

  • Information provided in surveys or research, for example age, location, or demographic details


2.2 Information Collected Automatically

  • IP address

  • Browser type and version

  • Operating system

  • Usage data, including interactions with our Service

  • Cookies and similar tracking technologies


2.3 Information from Third Parties

We may receive information from:

  • Analytics providers

  • Social media platforms

  • Advertising networks

  • Payment processors, for example Stripe

This information helps us improve and personalise the Service.


3. How We Use Your Information

We process personal data for the following purposes:

3.1 Service Delivery

To provide, operate, and improve our platform and subscriptions.

3.2 Email Marketing and Communications

To send newsletters, updates, and promotional content where you have given consent.

3.3 Lead Generation for Artists

To manage signups to artist mailing lists where you have provided explicit consent.

3.4 Analytics and Reporting

To provide aggregated insights such as:

  • City-level subscriber counts

  • Engagement metrics

  • Purchase trends

We do not share full postcodes, exact addresses, or purchase-linked names with artists.

3.5 Legal and Compliance

To comply with applicable laws, enforce agreements, and prevent fraud.

3.6 Research and Development

To improve features and develop new functionality.

If we intend to use your personal data for purposes not listed above, we will seek your explicit consent.


4. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR and EU GDPR:

  • Subscription management, including payment processing: Contractual necessity

  • Email marketing: Consent

  • Lead generation campaigns: Explicit consent

  • Analytics dashboard reporting, aggregated data only: Legitimate interest

  • Internal backups and security: Contractual necessity and or legal obligation

Where we rely on legitimate interests, we ensure processing is proportionate, limited to aggregated insights, and does not override your fundamental rights and freedoms.

You have the right to object to processing based on legitimate interests at any time.


5. Sharing Your Information

We may share personal data in the following circumstances:

5.1 Service Providers

Trusted partners providing:

  • Hosting services

  • Analytics

  • Email delivery, for example MailerSend

  • Payment processing

  • Customer support

All processors operate under Data Processing Agreements (DPAs).

5.2 Lead Sharing

We share contact details with artists only where you have provided explicit consent.

We do not share:

  • Full postcodes

  • Exact addresses

  • Purchase-linked names

Artists act as independent data controllers for data they receive.

5.3 Legal Compliance

Where required by law, regulation, court order, or legal process.

5.4 Business Transfers

In the event of merger, acquisition, or sale of assets, personal data may be transferred to the new entity.


6. International Transfers

Your personal data may be processed outside the UK or EEA.

Where transfers occur, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement (IDTA)

  • Adequacy regulations where applicable

These safeguards ensure your data remains protected to GDPR standards.


7. Retention of Personal Data

We retain personal data only as long as necessary for the purposes described.

  • Active subscribers: Duration of subscription

  • Unsubscribed users: 12 months after unsubscribe

  • Lead generation contacts: 12 months after consent withdrawal or inactivity

  • Payment records: Up to 7 years, legal and accounting requirement

  • Exported CSV files: Maximum 30 to 90 days

  • Anonymised or aggregated data: Indefinitely

We may retain certain information longer where required to comply with legal obligations or resolve disputes.

8. Cookies and Tracking Technologies


We use cookies and similar technologies for:

  • Essential website functionality

  • Analytics

  • Email engagement tracking, including open rates, click rates, CTOR and CTR

  • Marketing, where consent is given

Non-essential cookies are deployed only with your consent.

You may withdraw consent for non-essential cookies or marketing communications at any time via the cookie banner or your account settings.

For more information, please refer to our Cookie Policy.


9. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects solely through automated processing.

If this changes, we will update this Policy and provide appropriate notice.


10. Children’s Data

Our Service is not intended for individuals under the age of 16, or the applicable minimum age in your jurisdiction.

We do not knowingly collect personal data from children without appropriate consent. If you believe a child has provided personal data, please contact us.


11. Your Rights

Under applicable data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your personal data

  • Restrict processing

  • Object to processing

  • Withdraw consent at any time

  • Request data portability

  • Lodge a complaint with a supervisory authority

To exercise your rights, contact: hello@hootenanny.io

UK users may lodge complaints with the Information Commissioner's Office (ICO).


12. Security of Your Information

We implement appropriate technical and organisational measures, including:

  • Role-based access controls

  • Encryption where possible

  • Controlled data export retention

  • Regular review of access permissions

We are planning additional security measures, such as two-factor authentication, to further protect user accounts in the future. While we take reasonable steps to protect personal data, no system is completely secure.


13. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.


14. Updates to This Policy

We may update this Policy periodically.

Changes take effect 30 days after posting the updated version. We encourage regular review of this page.