Privacy Policy
Last updated: January 5, 2026
Introduction
Soundlash ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our website and services, in accordance with the General Data Protection Regulation (GDPR).
Data We Collect
Contact Form Data
When you submit a contact form, we collect:
- Your name
- Your email address
- Your message content
- Festival suggestion details (if applicable)
Spotify Authentication
When you connect your Spotify account to create playlists, we temporarily access:
- Your Spotify user ID and display name
- Your profile picture
- Permission to create and modify playlists on your behalf
Important: We do not store your Spotify credentials. Authentication tokens are stored locally in your browser and are never transmitted to our servers.
Cookies and Local Storage
We use browser local storage to save your Spotify authentication tokens for session persistence. We do not use tracking cookies or third-party analytics.
How We Use Your Data
- Contact requests: To respond to your inquiries and festival suggestions
- Playlist creation: To create Spotify playlists on your behalf when you use our service
- Service improvement: To improve our website and user experience
Data Retention
- Contact form data: Retained for up to 2 years or until your request is fully processed, whichever comes first
- Spotify tokens: Stored locally in your browser until you log out or clear your browser data
Your Rights Under GDPR
As a user, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate personal data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing of your personal data
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses HTTPS encryption for all data transmissions.
Third-Party Services
We use the following third-party services:
- Spotify: For authentication and playlist creation. Subject to Spotify's Privacy Policy
- Deezer: For audio previews. Subject to Deezer's Privacy Policy
- Supabase: For database hosting and contact form storage (EU-based servers)
Contact Us
To exercise any of your rights or if you have questions about this Privacy Policy, please contact us through our contact form.
If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority.
Policy Updates
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.