FanBridge Solutions for:

    🎉 FanBridge is now part of the ConvertKit family! To learn more about ConvertKit and how it serves the needs of musicians like you, read more here.

    FanBridge Terms and Policies

    GDPR + FanBridge's Data Policy

    Last Update: May 17, 2018

    FanBridge Data Policy

    What is GDPR?

    The General Data Protection Regulation (GDPR) is a regulation on how the personally identifiable information (PII) on data subjects is handled by those that store and process that data. It gives those subjects the right to access, withdraw, rectify, erase, and/or restrict the processing of that data should they choose to do so.

    GDPR Compliance

    Both FanBridge and owners of FanBridge accounts are required to comply with the standards set up by GDPR. Users that comply with the FanBridge Terms of Service and Privacy Policy will find both their list acquisition and messaging to be in compliance with GDPR. FanBridge is not liable for any violations of unlawful consent-based list acquisition and messaging on the platform as detailed in FanBridge’s policies.

    FanBridge supplies all users with support in providing data subjects the ability to exercise their rights to Rectify, Withdraw, Access, Erase, and Restrict the processing of PII.

    To exercise these rights as a subscriber, go to this page.

    All FanBridge clients with accounts on this platform can also exercise their rights as a data subject, which they can do on this page.

    If you have any GDPR related questions, please contact us at gdpr (at)

    FanBridge Information Security Incident Response Policy


    This document describes the overall plan for responding to information security incidents at FanBridge. It defines the roles and responsibilities of participants, characterization of incidents and procedures.

    Incident Handling

    • The incident response process has several phases:

    • Preparation: Definition of incident response process and organizational structure with roles and responsibilities for responding to the incident.
    • Identification: Determine if an incident has occurred and do incident classification to assess the impact. Notify the appropriate individuals and external parties.
    • Containment: Isolate the affected systems in order to restore business operations while preserving valuable evidence.
    • Eradication: Find and eliminate the root cause of the breach or incident.
    • Recovery: Restore and return affected systems and/or devices back into business operations.
    • Lessons Learned: Do a post-mortem meeting with all IRT members in order to analyze and document everything about the breach. Determine what worked well in our response plan, and where we can improve. Learn from the events and work to strengthen the systems against the future attacks.

    Incident Classification

    All suspected incidents must be referred to the Incident Response Team (IRT). Further assessment may result in a reassignment to a different level of severity by the IRT.

    Critical: Any unexpected or unauthorized change, disclosure or interruption to information assets that could be damaging to FanBridge's customers. Examples: A major attack against the infrastructure; an incident with major impact on operational activities; significant loss of confidential data and/or mission-critical systems or applications.

    High: A successful breach has occurred and/or a threat has manifested itself. A large number of systems or accounts are affected.

    Medium: The threat and impact is limited in scope. Early indications of a possible attack or intrusion detected with minimal risk of impact. A small number of systems or accounts are affected.

    Low: An incident with no effect on system operations. Penetration or denial of service attacks attempted with no impact. No critical infrastructure is affected.

    Different Types of Information Security Incidents

    Examples of information security events and incidents that may pose a threat include:

    • A server known to hold sensitive data which has been accessed or otherwise compromised by an unauthorised entity.
    • An unauthorised or unwarranted entity causing a network outage.
    • System slowdown or failure.
    • Changes in default or user-defined settings.
    • Unexplained or unexpected use of system resources.
    • Unusual activities appearing in system or audit logs.
    • Changes to or appearance of new system files.
    • Users unexpectedly locked out, etc.
    • Appliance or equipment failure.
    • Unexpected enabling or activation of services or ports.
    • Unexpected activity that has been detected.

    Incident Response Team (IRT)

    The IRT refers to the group of people who will be the first responders for information security incidents and will act as the point of contact for information security incidents. The IRT consists of a virtual team made up of members of the FanBridge DevOps and Engineering teams. The roles and responsibilities for the IRT are as follows:

    Initial response, mitigation and (where appropriate) escalation of information security incidents. Regular monitoring of network traffic to identify compromised or potentially compromised systems within the network; receiving internal and external reports on compromised systems. Informing and supporting staff to ensure that computer security incidents are dealt with promptly and effectively;

    Ensuring that compromised systems are fully cleaned and patched against known vulnerabilities, or the risk otherwise mitigated, before being reconnected to the network.

    Reporting Security Incidents

    Security incidents can be detected by various sources. All incidents must be reported to the IRT [security (at)]