Privacy Policy
Last updated: April 13, 2026
What We Collect
MERCHcore collects the minimum information needed to operate the platform: phone numbers for authentication and SMS notifications, band and venue details for show management, merch item information and photos for inventory tracking, and sales transaction data for reporting. We do not collect credit card numbers directly — payment processing is handled by Stripe.
How We Use Your Data
Your data is used to: authenticate your account via SMS verification codes, send real-time sale alerts and show summaries to band leaders, process and record merchandise sales, generate profit and loss reports, and calculate payouts. We do not sell your data to third parties. We do not use your data for advertising.
SMS Messaging
By creating a MERCHcore account, you consent to receive SMS messages including verification codes, sale notifications, low stock alerts, and show summaries. Message frequency varies based on your activity. Message and data rates may apply. You can opt out of non-essential messages at any time by replying STOP to any message. Opting out of verification codes will prevent you from logging in.
Data Storage
Your data is stored securely on Supabase (database) and Vercel (application hosting), both of which use encryption at rest and in transit. Merch item photos are stored in Supabase Storage with public read access for display in the POS. Sale records are immutable — they cannot be edited or deleted to ensure accurate financial reporting.
Third-Party Services
MERCHcore uses the following third-party services: Supabase for database and authentication, Twilio for SMS messaging, Stripe for payment processing, Vercel for hosting, and Anthropic Claude for AI-powered merch item recognition. Each service has its own privacy policy governing how they handle data.
Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. Band leaders may export their sales data from the dashboard. Account deletion will remove your profile and disassociate your data, but immutable sale records will be retained for financial compliance.
Contact
For privacy-related questions, contact us at privacy@bandcore.band.