Last updated: May 2026
OnCue is a live event run sheet platform operated by S&B Event Advisory AS, a company registered in Norway. Company name: S&B Event Advisory AS Organisation number: 935 067 820 Address: Jenshaugveien 32, 1363 Høvik, Norway Email: support@oncue.show Website: https://oncue.show S&B Event Advisory AS is the data controller responsible for your personal data.
We collect the following personal data when you use OnCue: · Account information: your name, email address, and password (stored as a secure hash) when you register. · Profile data: display name and account preferences you set within the service. · Usage data: the shows, cues, and run sheets you create within the platform. · Billing information: subscription status and billing history. Payment card details are processed and stored solely by Stripe — we never see or store your card number. · Communications: messages you send to our support team. · Mobile numbers: only when you voluntarily use the SMS share feature. Numbers are used solely to send the requested message and are not retained for other purposes. · Technical data: IP address, browser type, and session data collected automatically for security and service operation purposes.
We use your personal data to: · Provide, operate, and maintain the OnCue service. · Process payments and manage your subscription. · Send transactional messages (account confirmation, billing receipts, password resets, support replies). · Send SMS messages only when explicitly requested by you (e.g. sharing a viewer link with a colleague). · Monitor and improve platform stability and performance using aggregated, anonymised data. · Comply with legal obligations. Legal basis (GDPR): We process your data on the basis of contract performance (to deliver the service you signed up for), legitimate interest (service security and improvement), and your consent (where explicitly given, e.g. for SMS sharing). We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.
OnCue offers an optional feature to share a run sheet viewer link via SMS. This feature works as follows: · You manually enter a recipient's mobile number and click "Send". · A single SMS is sent containing a secure link to the viewer page. · The recipient is a known colleague or crew member you have chosen to contact. · No marketing or bulk SMS messages are ever sent through this feature. · Mobile numbers are not stored beyond what is required for delivery and logging purposes. · SMS delivery is handled by Twilio and is not guaranteed. To opt out of receiving SMS messages from OnCue, reply STOP to any message received.
OnCue uses the following cookies and browser storage: · Authentication session cookie: set by Supabase to keep you logged in securely. This is strictly necessary for the service to function. · Language preference cookie: stores your chosen language (English or Norwegian). This is a functional cookie with no tracking purpose. We do not use advertising, analytics, or tracking cookies. We do not use third-party cookies for profiling or behavioural targeting.
Your data is stored securely using Supabase (PostgreSQL), hosted within the European Union. We use industry-standard encryption for data in transit (TLS 1.2+) and at rest. Access to personal data is restricted to authorised personnel and services only. We apply row-level security policies to ensure users can only access their own data. While we take reasonable technical and organisational measures to protect your data, no system is completely secure. We cannot guarantee absolute security.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority (Datatilsynet) within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by GDPR Article 34.
OnCue uses the following third-party services to operate. Each processes data according to their own privacy policies: · Stripe: payment processing — stripe.com/privacy · Supabase: database and authentication — supabase.com/privacy · Vercel: hosting and deployment — vercel.com/legal/privacy-policy · Resend: transactional email — resend.com/privacy · Twilio: SMS delivery — twilio.com/legal/privacy Where these providers act as data processors on our behalf, we have ensured appropriate data processing agreements are in place.
Your data is primarily stored and processed within the European Economic Area (EEA). Where any of our third-party service providers transfer data outside the EEA, they do so under appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
Under GDPR and Norwegian privacy law (personopplysningsloven), you have the right to: · Access: request a copy of the personal data we hold about you. · Rectification: request correction of inaccurate or incomplete data. · Erasure: request deletion of your data ("right to be forgotten"), subject to legal retention obligations. · Restriction: request that we limit how we process your data. · Objection: object to processing based on legitimate interest. · Portability: receive your data in a structured, machine-readable format. · Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing. To exercise any of these rights, contact us at support@oncue.show. We will respond within 30 days. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.
We retain your account data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes (e.g. billing records may be retained for up to 5 years under Norwegian accounting law). Anonymised and aggregated data may be retained indefinitely for analytical purposes.
OnCue is intended for professional use by adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by displaying a notice within the service. We encourage you to review this policy periodically. Continued use of OnCue after changes take effect constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, or wish to exercise your rights, please contact us: S&B Event Advisory AS Jenshaugveien 32, 1363 Høvik, Norway Email: support@oncue.show You may also contact Datatilsynet (the Norwegian Data Protection Authority): Website: datatilsynet.no Phone: +47 74 07 70 00