This Privacy Policy explains how we process personal data when you use the j.show platform ("Platform", "Service") or visit our public website. It supplements our Terms of Use.
1. Controller / Contact
Jonas Stricker
Im Geigersberg 8, 74348 Lauffen am Neckar, Germany
Email: contact@j.show
VAT ID: DE288958387
We have not appointed a data protection officer (not legally required). For data protection questions, please contact us directly at the address above.
2. Roles under the GDPR
j.show is a Software-as-a-Service platform for professional tour and show management. Depending on context, we act in different roles:
Controller for data we process to provide the Service to our customers (Platform owners) – e.g. registration, billing and support data – and for the public website.
Processor for data our customers (artists, agencies) store inside their Platform instance about their crew, contacts, venues, etc. The Platform Admin is the controller for that data. A data processing agreement (DPA) under Article 28 GDPR is available and will be concluded upon request at no cost.
Profile data of crew members / invited users: name, email address, phone number, location, role/function, password (stored hashed), language, device type, optional profile picture.
Third-party contacts (venues, promoters, hotels, contact persons): name, email, phone, address, tax numbers – entered by the Platform Admin.
Special categories (Art. 9 GDPR): health-related information such as allergies or dietary preferences of crew members, to the extent entered by the Admin or the data subject themselves. The Platform Admin is responsible for the legal basis (typically consent).
Business data: show and tour details, invoices, contract data, bank details (IBAN) – entered by the Admin.
Access and activity data: IP address on login, session ID, login/logout timestamps, device information (iPhone/Android, app version).
Legal basis: Art. 6(1)(b) GDPR (contract performance) for Platform owners and directly registered users; for crew data we act as processor on behalf of the Admin (Art. 28 GDPR); for health data Art. 9(2)(a) GDPR (consent, to be obtained by the Admin).
3.2 Billing and payments
Invoicing and payment data (company name, billing address, VAT ID, bank details via Stripe).
Legal basis: Art. 6(1)(b) GDPR (contract) and (c) GDPR (statutory retention obligations, sec. 147 AO, sec. 257 HGB).
3.3 Email communication
Transactional emails (registration, password reset, notifications, invoices) and support communication.
Legal basis: Art. 6(1)(b) GDPR (contract).
3.4 AI assistant "Kira" (optional)
The Platform includes an optional AI-based help assistant. Kira only processes data when you actively use the chat and send a message.
Transmitted to the AI provider (Anthropic PBC, USA): your chat input, user role, language, Platform subdomain, subscription type (free/Pro), email address (for support routing), IP address, URL of the page, and the most recent messages of the current conversation as context.
Not transmitted: show details, crew lists, contacts, financial figures, contracts, uploaded files or similar business data from your Platform.
Chat history is stored on our servers for quality assurance. You may request deletion via contact@j.show.
Anthropic does not use transmitted content for model training in accordance with its Enterprise API policy. Transmission occurs over TLS-encrypted connections.
Legal basis: Art. 6(1)(a) GDPR (consent through active use).
Transfer to a third country (USA): based on Standard Contractual Clauses under Art. 46(2)(c) GDPR and the EU-US Data Privacy Framework.
3.5 Public website (j.show)
When you visit our public website, your IP address is transmitted once to ip-api.com to determine your country and show regional pricing (EUR/USD). No trackers, cookies or analytics pixels are used.
We use only strictly necessary cookies required for Platform operation:
JSHOW_N2 – session cookie for login (HttpOnly, Secure, SameSite=Lax).
JSHOW_APP – token to recognize the mobile app.
farben_auto – dark/light mode preference.
appversion, device – for device/version detection in the app.
No cookie banner is required because no consent-based cookies (tracking, analytics, advertising) are set. You may delete cookies through your browser; without the session cookie, login is not possible.
Legal basis: sec. 25(2)(2) TTDSG (strictly necessary cookies) in conjunction with Art. 6(1)(b) GDPR.
5. Encryption
All data transmitted between your device and our servers is secured via SSL/TLS.
Passwords are stored only as cryptographic hashes, never in plain text.
Other personal data is stored server-side on encrypted file systems; no additional application-level field-level encryption is applied.
6. Recipients / Data sharing
6.1 Within the Platform
Inside a Platform instance: a person's name, email, phone, location and role are visible to all users with access to that Platform (except users with "Guest" role, who have restricted access).
Travel party of an event: visible to "Guests" if they are part of that travel party themselves.
LINK function: Admins, agencies and tour managers can grant third parties (e.g. local promoters) a time-limited link with selected event information. Creation is logged.
Data subjects can toggle "Hide my contact" under "Edit profile" so contact data (email, phone) is visible only to Admins/agencies.
6.2 Subprocessors
We engage carefully selected service providers with whom we have data processing agreements under Art. 28 GDPR. Data transfer is encrypted; providers outside the EU are contracted under Standard Contractual Clauses and, where available, the EU-US Data Privacy Framework.
Provider
Location
Purpose
Condition
Mailgun (Sinch Email)
EU region
Email delivery
always
Anthropic PBC
USA
Kira AI assistant
only on use
Stripe Payments Europe Ltd.
Ireland
Payment processing
only on payment
DocuSign, Inc.
USA/EU
E-signatures
only if Admin enables
Pdfcrowd
Czech Republic
PDF rendering
on PDF generation
ip-api.com
USA
Country detection
public website only
We do not use advertising trackers, analytics pixels, profiling services, social media plugins or ad services (no Google Analytics, no Meta Pixel, no Matomo). We do not sell or trade your personal data.
7. Storage location
Primary storage of Platform data is on servers in Germany. Individual subprocessors (see above) may process data within their responsibility in other countries.
8. Retention period
Profile data of crew members: stored until either the data subject or an Admin/agency deletes the profile. After deletion, all data about that person is removed completely and irrevocably; a backup-independent blacklist ensures that deleted profiles remain deleted even after a backup restore.
Platform instance: during the subscription term and up to 90 days after termination. Thereafter the database is fully deleted unless statutory retention obligations apply.
Invoicing and accounting data: 10 years (sec. 147 AO, sec. 257 HGB).
Kira chat history: retained until deletion on user request or together with the Platform instance; no automatic time-based deletion.
Log data (login/authlog): typically up to 12 months.
9. Your rights as a data subject
Under the GDPR you have the following rights:
Access (Art. 15 GDPR) – all data stored about you is viewable inside the Platform.
Rectification (Art. 16 GDPR) – editable under "Edit profile".
Restriction of processing (Art. 18 GDPR) – e.g. via the "Hide my contact" checkbox.
Objection (Art. 21 GDPR) – against processing based on legitimate interests.
Data portability (Art. 20 GDPR) – upon request at contact@j.show we will provide your data in a structured, commonly used format.
Withdrawal of consent (Art. 7(3) GDPR) – at any time with effect for the future.
Right to secrecy (sec. 1(1) DSG) – activate under "Edit profile" → "Hide my contact".
You can exercise these rights vis-à-vis the Platform Admin of your instance (controller of your crew/contact data) or directly with us (contact@j.show).
10. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
We may update this Privacy Policy when services, legal frameworks or subprocessors change. Material changes will be communicated to registered users with reasonable advance notice via email or Platform notification. The current version is always available at j.show/privacy.
