Privacy Policy

1. Data We Collect

DJ accounts (via Google OAuth): We collect your Google account email address and display name when you sign in. We also store your uploaded music catalogue metadata, venue configuration, Stripe customer ID (if subscribed), and account settings.

Guest users: We collect your IP address for rate limiting purposes (stored ephemerally). We assign a rate-limit token cookie (rl_token) and use browser localStorage to track cooldown timers and request IDs for the session.

Error monitoring: We use Sentry to capture error reports for service stability. With your consent, Sentry may also record session replays to help us diagnose issues. Session replay data is masked and media is blocked by default.

2. How We Use Your Data

We use the data we collect to:

• Operate and maintain the song request system
• Authenticate DJ accounts via Google OAuth
• Process subscription payments through Stripe
• Rate-limit guest requests to prevent abuse
• Monitor errors and maintain service stability via Sentry
• Display DJ branding (logo, accent colour) on guest-facing pages
• Send service-related communications

3. Data Sharing

We do not sell your personal data. We share data only with the following service providers necessary to operate the Service:

• Firebase (Google Cloud) — database hosting and file storage
• Stripe — payment processing for subscriptions
• Sentry — error monitoring and (with consent) session replay
• Google OAuth — authentication

Each provider processes data in accordance with their own privacy policies. We do not share data with advertising networks or data brokers.

4. Cookies & Local Storage

We use the following cookies:

We also use browser localStorage on guest pages to store request cooldown timers and submitted request IDs. This data stays on your device and is not transmitted to our servers.

You can manage your cookie preferences at any time via the "Cookie Settings" link in the footer.

5. Data Retention

• DJ account data is retained while your account is active
• Song requests and messages are retained until the DJ deletes their account
• Rate-limit data is ephemeral and automatically expires after 24 hours
• Sentry error and replay data is retained per Sentry's data retention policy

When a DJ deletes their account, all associated data (profile, venues, requests, messages, catalogue, and settings) is permanently removed from our database.

6. Your Rights

Under applicable data protection laws (including GDPR and CCPA), you have the following rights:

• Access & Portability: Export all your data as a JSON file from Settings > Your Data
• Erasure: Delete your account and all associated data from Settings > Danger Zone
• Restrict Processing: Manage cookie preferences via the "Cookie Settings" footer link
• Withdraw Consent: You can withdraw cookie consent at any time, which disables non-essential tracking

Guest users can clear their local data by clearing their browser cookies and localStorage for this site.

7. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

If you have any questions about this Privacy Policy, please contact us at the support email listed in the application.