Privacy Policy

This policy applies to two groups of people:

• Organization users — staff, administrators, and directors at theatre companies who log in and use MainPlank to manage their productions.
• Roster members — cast members, crew, and other personnel whose contact information and professional details are managed inside MainPlank by an organization. Roster members may never log in directly; they interact via magic-link portal access or receive messages sent through the platform.

From organization users:

• Name and email address (for account creation and login)
• Usage data — pages visited, actions taken, feature usage
• IP address and browser/device information

From roster members (entered by organization staff):

• Name, email address, phone number
• Headshot or profile photo
• Professional details — union status, credits, resume, skills
• Sensitive information optionally provided — emergency contact, allergies or accessibility needs, agent information
• Communication preferences and consent records
• Casting history and production involvement within the platform

Roster member information is entered by and belongs to the organization that added it. MainPlank acts as a data processor on behalf of that organization.

• To provide and operate the MainPlank service
• To send communications on behalf of theatre organizations — rehearsal schedules, casting notices, announcements — in accordance with recorded consent
• To deliver magic-link portal access to roster members
• To maintain audit logs of profile changes and communications sent
• To improve the platform and diagnose technical issues
• To comply with legal obligations

We do not sell personal information to third parties. We do not use roster member data for advertising or cross-organization profiling.

Theatre organizations using MainPlank may send SMS messages to roster members who have given explicit consent. Consent is recorded at the time it is collected, along with the identity of the staff member who recorded it.

SMS messages are sent from 1-888-206-2578. Recipients can opt out at any time by replying STOP. To opt back in, reply START. Message and data rates may apply. See our SMS Consent page for full details on how consent is collected and managed.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties. We share your mobile phone number only with the service providers that help us deliver these messages (for example, Twilio for SMS delivery), and only for the purpose of sending the messages you requested.

We share information only as necessary to operate the service:

• Supabase — database and authentication infrastructure
• Resend — transactional email delivery
• Twilio — SMS delivery
• Cloudflare R2 — file and asset storage
• Railway — application hosting infrastructure

These providers are bound by their own privacy and data processing agreements. We do not share data with any other third parties except as required by law.

Organization accounts and associated data are retained for as long as the account is active. Roster member records persist within an organization's account until deleted by organization staff or until the organization closes its account.

Consent log entries are immutable records and are retained for the life of the organization account for legal compliance purposes.

Roster members who wish to access, correct, or request deletion of their information should contact the theatre organization that manages their record. Organization staff can update or delete roster member data directly in MainPlank.

If you are unable to reach your organization or have concerns about how your data is handled, contact us directly at privacy@mainplank.com.

We use industry-standard security practices including row-level security on all database tables, encrypted connections (TLS), and strict access controls that prevent one organization from accessing another's data. Sensitive fields (emergency contacts, medical notes, agent information) are stored in separate tables with additional access restrictions.

MainPlank is not directed at children under 13. If a theatre organization manages youth performers, the organization is responsible for ensuring appropriate guardian consent has been obtained before adding that person's information to the platform.

We may update this policy from time to time. Material changes will be communicated to organization account holders via email. Continued use of the platform after changes constitutes acceptance of the updated policy.

Questions about this policy: privacy@mainplank.com