Legal
Privacy Policy
This policy explains what personal data soundr collects, why, the lawful bases we rely on, who processes it on our behalf, how long we keep it, and the rights you have. It applies to soundr.social and our companion apps.
Last updated · Version 1.0
1. Who is responsible for your data
soundr is the controller of the personal data it processes about you in connection with the platform. We operate from the European Union and apply the EU General Data Protection Regulation (GDPR).
2. What we collect
- Account & profile data — your email, display name, roles (fan, artist, organizer/venue), and any profile details or media you add.
- Activity data — events you save, RSVP to or buy tickets for, reviews, and fan media you submit.
- Usage & device data — pages and features you use, approximate location (city/area you choose for discovery), language, and technical data such as device type and IP address used to keep the service secure.
- Transaction data — records of ticket orders, refunds and the events they relate to. Card and payment-instrument details are collected and processed by our payment provider, not by soundr — we never see or store your full card number.
- Communications — messages you send us and your newsletter / notification preferences.
3. How and why we use it (lawful bases)
We rely on the following GDPR lawful bases:
- Performance of a contract — to create and run your account, process ticket orders, and provide the platform.
- Consent — for the soundr weekly newsletter, non-essential marketing, and non-essential cookies. You can withdraw consent at any time.
- Legitimate interests — to keep soundr secure, prevent fraud and abuse, understand and improve the service, and promote events — balanced against your rights.
- Legal obligation — to meet tax, accounting, consumer-protection and content-moderation duties (including the EU Digital Services Act).
5. Processors and recipients
We share personal data with carefully selected service providers who process it on our behalf under data-processing agreements:
- Polar — our payment provider and Merchant of Record. Polar processes payment and billing data to take payment, apply taxes (VAT) and handle Strong Customer Authentication, and acts as the seller of record for ticket transactions.
- Hetzner — our hosting and infrastructure provider, with data hosted in the European Union.
- Our email provider — to send transactional emails (e.g. order confirmations, security notices) and, where you have opted in, the soundr weekly newsletter.
We also share data where necessary with event organizers and venues for the events you buy tickets to (so they can admit you and meet their obligations), and with authorities where we are legally required to. We do not sell your personal data.
6. International transfers
We aim to keep personal data within the European Economic Area. Where a provider processes data outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with additional measures where needed.
7. How long we keep it
We keep personal data only as long as needed for the purposes above:
- Account & profile data — for as long as your account is active, then deleted or anonymised after closure.
- Transaction records — retained for the period required by tax and accounting law (typically several years).
- Moderation & safety records — kept for as long as needed to handle reports, appeals and legal obligations.
- Marketing consent & preferences — until you withdraw consent or unsubscribe.
8. Your rights
Subject to the conditions in the GDPR, you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to certain processing;
- receive your data in a portable format (data portability);
- withdraw consent at any time, without affecting prior processing;
- lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at privacy@soundr.social. You can manage your newsletter and notification preferences directly in your account settings, and your cookie choices via cookie settings. We are building self-service tools to download and delete your data; in the meantime we will action your request within the time limits the GDPR requires.
9. Children and age-restricted events
soundr is not directed at children under the age at which they can consent to data processing in their country. Some events are restricted to people aged 18 or over; where an event is marked 18+, attendance and related processing are limited accordingly.
10. Changes to this policy
We may update this policy. When we make material changes we will update the effective date above and, where appropriate, notify you.
11. Contact
Questions about your privacy? Email privacy@soundr.social.