← Back

Privacy Policy

Last updated: March 2026

Monoloque takes your privacy seriously. This policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Who We Are

Monoloque is a sole proprietorship (eenmanszaak) registered with the Dutch Chamber of Commerce (KVK). Monoloque operates an online platform that connects music artists with event organizers.

Contact: info@monoloque.nl

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Account role (Artist or Organizer)
  • Password (stored as a cryptographic hash; we never store plaintext passwords)

2.2 Profile Information

Depending on your role, we may collect:

  • Artists: Artist name, genres, city, biography, profile image, social media links.
  • Organizers: Venue name, location, description, capacity, profile image.

2.3 Audio & Content Data

Artists may upload audio tracks, sets, and mixes to their profile. These files are stored and displayed to other users as part of the artist's public showcase.

2.4 Financial & Billing Information

To facilitate payments and invoicing, we collect:

  • Artists: Legal/trade name, address, KVK number (Chamber of Commerce), BTW number (VAT) or KOR exemption status, IBAN, and bank account holder name.
  • Organizers: Business name, address, KVK number (if applicable).

This information is required to generate invoices, process payouts, and comply with Dutch tax law.

2.5 Payment Data

Payment transactions are processed by our payment partner Mollie B.V. Monoloque does not store your bank account login credentials or full payment card numbers. We store:

  • Transaction references (Mollie payment IDs)
  • Payment amounts and status
  • Payment method used (e.g., iDEAL | Wero, Bancontact)
  • Invoice records and PDF copies
  • Payout records and SEPA transfer references

2.6 Artist Payout Onboarding (Mollie Connect)

To receive payouts, Artists connect their account to Mollie via Mollie Connect (OAuth). During this process:

  • You are redirected to Mollie's secure onboarding environment to create a Mollie account.
  • Mollie collects your identity, business, and bank account details directly — Monoloque does not see or store these details.
  • We share your name and email address with Mollie to pre-fill the onboarding form.
  • After onboarding, we receive and store a secure access token to manage payouts on your behalf. These tokens are stored in an encrypted, access-restricted database table.
  • We store your Mollie organization ID and onboarding status to display your payout readiness in the dashboard.

A transaction fee of €2.50 per booking is deducted from your payout as an Application Fee (see Terms of Service, Section 6). You are informed of this fee before starting the onboarding process and must give explicit consent.

2.7 Booking & Contract Data

We collect data related to Bookings, including event details, agreed fees, contract signatures (including IP address, user agent, and timestamp for audit purposes), and booking status history.

2.8 Technical Data

We automatically collect:

  • IP address (for security and contract signing audit trails)
  • Browser type and version
  • Device information
  • Pages visited and actions taken on the Platform

3. How We Use Your Data

We use your data for the following purposes:

  • Providing the service: Artist-organizer matching, communication, booking management.
  • Payment processing: Processing Booking payments, generating invoices on behalf of Artists, executing monthly SEPA payouts, managing the Trust Level system.
  • Profile display: Showing uploaded tracks and sets on artist profiles so organizers can listen before booking.
  • Communication: Sending booking notifications, payment reminders, payout notifications, and service updates.
  • Legal compliance: Tax record keeping, invoice generation, anti-fraud measures.
  • Service improvement: Improving matching algorithms, analyzing aggregate usage patterns.

4. Legal Basis (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b)): Processing necessary to provide our services, including account management, booking facilitation, and payment processing.
  • Legal obligation (Art. 6(1)(c)): Processing required by Dutch tax law, including invoice generation, financial record keeping (7-year retention), and BTW compliance.
  • Legitimate interest (Art. 6(1)(f)): Processing for fraud prevention, service improvement, and platform security.
  • Consent (Art. 6(1)(a)): Where applicable, for optional features such as marketing communications.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

5.1 Between Users

Profile information (name, genres, city, bio, images) is visible to other Users as part of the matching and booking service. Financial details (IBAN, KVK, BTW number) are only included on invoices shared between the relevant Artist and Organizer.

5.2 Payment Processor (Mollie B.V.)

We share data with Mollie B.V. (registered in the Netherlands) for payment processing. Mollie is a licensed payment service provider regulated by De Nederlandsche Bank (DNB). We share data with Mollie in two ways:

  • Payment processing: Transaction data (amounts, payment method, payer details) is shared to process payments from Organizers.
  • Artist payout onboarding (Mollie Connect): When Artists set up payouts, we share their name and email with Mollie to pre-fill the onboarding form. Artists provide their identity, business, and bank details directly to Mollie. We receive an OAuth access token to manage payouts on their behalf.

Mollie's privacy policy is available at mollie.com/privacy.

5.3 Infrastructure & Service Providers

Your data is processed by the following providers, who act as data processors under GDPR:

  • Supabase — database, authentication, and file storage.
  • Google — transactional email delivery (booking confirmations, payment notifications, account updates) via the Gmail API. Your email address and name are shared to deliver these messages.
  • Railway — cloud hosting infrastructure for our backend services.

5.4 Legal Requirements

We may disclose data when required by law, court order, or government regulation.

6. Data Storage & Security

Your data is stored securely using:

  • Supabase infrastructure with row-level security (RLS) policies ensuring Users can only access their own data.
  • Encrypted cloud storage for audio files and invoice PDFs.
  • HTTPS encryption for all data in transit.
  • Secure authentication with JWT tokens.

Financial data (IBAN, KVK, BTW numbers) is stored in dedicated database tables with restricted access policies. This data is never logged in application logs.

7. Retention Periods

Data TypeRetention PeriodReason
Account informationDuration of account + 1 yearService provision
Profile informationDuration of accountService provision
Audio tracksDuration of accountProfile showcase
Financial & billing data7 years after creationDutch tax law (fiscale bewaarplicht)
Invoices & transactions7 years after creationDutch tax law
Contract signatures7 years after eventLegal evidence
Technical logs90 daysSecurity & debugging

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Update or correct inaccurate data via your profile settings or by contacting us.
  • Right to erasure: Request deletion of your account and personal data, subject to legal retention requirements (financial records must be retained for 7 years).
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw at any time.

To exercise any of these rights, contact us at info@monoloque.nl. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Monoloque uses strictly necessary cookies for authentication and session management. These cookies are required for the platform to function and cannot be disabled. They contain no personal data beyond your encrypted session token and are automatically deleted when your session expires.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track individual Users.

10. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA (e.g., by infrastructure providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

For privacy-related questions, contact us at info@monoloque.nl