Legal Notice & Privacy Policy

Privacy Policy

Effective date: 16 September 2025

1) Controller

Matic Krmelj
📧 matickrmelj@gmail.com

2) What we collect

• Account data (Google Sign-In): when you sign in via Google OAuth 2.0 / OpenID Connect, we receive your Google account’s unique ID (sub), email address, display name, and profile picture (if available), plus whether the email is verified. In our local database we also store: your role (role, e.g. admin or user), status (is_active – active/deactivated), timestamps for creation and last sign-in.
• Session & cart: we use an essential session cookie. Your cart state (items, quantity, currency) is stored in the session so the site can function.
• Content you submit: comments (name, text, timestamp) and content metadata you edit (e.g., descriptions, colors). File uploads are limited to admins.
• Technical data: standard server logs (IP, user-agent, requested path) may be kept briefly for security and troubleshooting. When loading third-party assets (see §5), your IP and browser details are sent to those providers to deliver files.

3) Purposes & legal bases (GDPR)

• Authentication & account management (enabling sign-in, roles, admin activation/deactivation): legitimate interests of the controller and/or performance of a contract when you create/use an account.
• Site functionality & cart (essential session cookie): legitimate interests and/or exemption for strictly necessary cookies.
• Administration (managing content and users): legitimate interests.
• Security & abuse prevention (basic logs, safeguards): legitimate interests.

4) Cookies & similar tech

We use only strictly necessary cookies for session and cart. No analytics, ads, or tracking cookies.

5) Third-party providers / transfers

• Google (Sign-In): we use Google OAuth 2.0 / OpenID Connect. Google processes your data under its own privacy terms. We only receive the basic profile data listed in §2.
• CDN scripts & fonts: the site loads Turbo from unpkg.com and web fonts from fonts.googleapis.com/fonts.gstatic.com. Your IP and browser details are shared with those hosts to serve the files. We do not receive analytics from them.
• Media delivery: audio files are streamed directly from our server.

6) Retention

• Account data: kept until you request deletion or the account is removed. A deactivated account cannot sign in until an admin re-activates it; deactivation does not auto-delete data.
• Comments & content metadata: kept until edited/removed or upon a valid deletion request.
• Session/cart: stored for the duration of the session or a short period necessary for operation.
• Server logs: retained briefly for security and debugging.

7) Sharing

We do not sell personal data. We share it only when necessary to operate the service (see §5) or where required by law.

8) Your rights (GDPR)

You may request access, rectification, erasure, restriction, portability, and object to processing. You also have the right to lodge a complaint with your local supervisory authority. For requests, contact: matickrmelj@gmail.com.

9) Security

We apply reasonable technical and organizational measures (e.g., HttpOnly/SameSite session cookies, HTTPS, access control). No internet service can be 100% secure.

10) Children

This service is not directed to children under 16. If you believe we collected data from such a person, contact us to remove it.

11) Changes

We may update this policy from time to time. The latest version is always available on this page with the effective date.

Legal Notice

• All music, files, and content on this site are the property of Matic Krmelj, unless stated otherwise. Unauthorized copying, distribution, or derivative use is prohibited.
• Users may listen and share links to tracks. Downloads and use of files are permitted only as indicated on the site.