OnlyDig
PrivacyGDPR compliant

Privacy Policy

Last updated: May 2026 · Effective immediately

Who we are

OnlyDig is an underground music community platform. For any data-related questions, contact us at: support@onlydig.com

What data we collect

We collect only what is necessary to operate the platform: • Account data: email address, username, display name, bio, avatar image • Content data: posts, comments, likes, follows, messages, record cards • Preferences: language setting, social link • Technical data: session tokens (stored as HTTP-only cookies), IP address in server logs (not retained beyond 30 days) We do NOT collect: advertising identifiers, tracking cookies, browser fingerprints, or third-party analytics.

Legal basis (GDPR Art. 6)

• Performance of contract (Art. 6(1)(b)): account data and content necessary to provide the service • Legitimate interest (Art. 6(1)(f)): security logging, anti-abuse measures • Consent (Art. 6(1)(a)): email notifications (optional, can be withdrawn at any time)

How we use your data

• To provide and maintain the platform • To send transactional emails (account confirmation, password reset) • To display your profile and content to other users • To process subscription payments (when the Crate Privé launches, via Stripe) We do not sell your data. We do not use your data for advertising.

Data retention

Your data is retained for as long as your account is active. When you delete your account (Settings → Delete Account), all your data is permanently deleted from our systems within 30 days, except where required by law (e.g. payment records for tax purposes, retained for 7 years as required by EU law).

Your rights (GDPR)

Under GDPR, you have the right to: • Access your personal data (Art. 15) • Rectify inaccurate data (Art. 16) • Erasure ("right to be forgotten") (Art. 17) — delete your account at any time from Settings • Data portability (Art. 20) — request an export of your data at support@onlydig.com • Object to processing (Art. 21) • Lodge a complaint with your national data protection authority To exercise any of these rights, contact: support@onlydig.com

Cookies

We use strictly necessary cookies only: • Authentication session cookie (HTTP-only, secure) — expires when you log out • Theme preference (localStorage, not a cookie, not transmitted to servers) No advertising cookies. No third-party tracking. No consent banner required for strictly necessary cookies under ePrivacy Directive.

Third-party services

• Supabase (EU region, Frankfurt) — database and file storage. Data Processing Agreement in place. • Stripe — payment processing (when Crate Privé launches). Stripe is PCI-DSS Level 1 certified. • Vercel — hosting and edge network. Data may be cached globally for performance. No other third-party services receive your personal data.

International transfers

Vercel and Supabase may process data in data centres outside the EU/EEA. Where this occurs, appropriate safeguards are in place (Standard Contractual Clauses, GDPR Art. 46).

Changes to this policy

We may update this policy. Significant changes will be communicated via email or an in-app notice. Continued use of the platform after the effective date constitutes acceptance.

Questions about this policy?

support@onlydig.com
Complaints →Help →