Privacy
turntbl.com/privacy

Privacy Policy

Effective Date
March 16, 2026
Last Updated
March 16, 2026
Applies To
turntbl.com (web application)

This Privacy Policy explains how turntbl ("turntbl," "we," "us," or "our") collects, uses, shares, and protects your personal information when you access or use the turntbl web application at turntbl.com (the "Service"). By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

01Introduction

turntbl is a free, web-based music rating and social platform. We are committed to protecting your privacy and being transparent about the data we collect and how we use it.

This Policy applies to all users of the Service, including visitors who browse without an account and registered users. It covers:

  • Information you provide directly (e.g., account registration, ratings, reviews).
  • Information collected automatically as you use the Service (e.g., usage data, cookies).
  • Information we receive from third parties (e.g., linked services like Spotify).

This Policy does not apply to third-party websites or services linked from our Platform. We encourage you to review their privacy policies independently.

02Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you register, we collect your email address, username (handle), and password (stored in hashed form). You may optionally provide a display name, profile picture, and banner image.
  • User Content: Music ratings (numerical scores), written reviews, comments, and replies you post on the Platform.
  • Third-Party Account Data: If you choose to connect a third-party music service (such as Spotify), we may collect publicly available or user-authorized data from that service, including your listening history, followed artists, and saved music. This is used solely to personalize your turntbl experience.
  • Communications: Any messages you send us via email or feedback forms.

2.2 Information Collected Automatically

  • Usage Data: Pages you view, features you use, search queries, albums you rate, profiles you visit, and timestamps of your activity.
  • Device & Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, and general geographic location (derived from IP — not precise GPS).
  • Cookies & Similar Technologies: We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and analyze Platform usage. See Section 5 for details.

2.3 Information We Do Not Collect

  • Audio files, music recordings, or streaming data.
  • Precise geolocation data (GPS coordinates).
  • Biometric data.
  • Financial information or payment card data (the Service is free; we process no payments).
  • Government-issued ID numbers.

03How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and Operating the Service: Creating and managing your account, processing and displaying your ratings and reviews, enabling community features (comments, follows, activity feeds), and maintaining Platform security.
  • Personalizing Your Experience: Generating music recommendations based on your ratings and connected third-party service data, customizing content and discovery features.
  • Analytics and Improvement: Understanding how users interact with the Platform, identifying bugs and performance issues, and developing new features.
  • Communications: Sending essential service notifications (account confirmations, security alerts, Terms or Policy updates). We do not send marketing or promotional emails without your explicit opt-in.
  • Safety and Integrity: Detecting and preventing fraud, abuse, spam, and violations of our Terms of Service.
  • Legal Compliance: Complying with applicable laws, regulations, court orders, and legal processes.

Legal Basis for Processing (EEA / UK Users): Where required by GDPR, we rely on the following legal bases: (a) Performance of a contract — to provide the Service you signed up for; (b) Legitimate interests — for analytics, security, and Platform improvement; (c) Consent — for optional features such as Spotify integration and marketing communications; (d) Legal obligation — for compliance with applicable law.

04How We Share Your Information

We do not sell your personal information. We may share your data in the following limited circumstances:

  • With Other Users (Publicly): Your username (handle), profile picture, ratings, reviews, and comments are visible to other turntbl users and the general public by default. Your email address is never publicly displayed.
  • Service Providers: We engage trusted third-party vendors to help us operate the Platform, including cloud infrastructure (Vercel), database services (Supabase), caching infrastructure (Upstash Redis), and music data providers (Spotify API, Last.fm, Apple Music/iTunes). These providers access your data only to perform services on our behalf and are bound by confidentiality obligations.
  • Business Transfers: If turntbl is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
  • Legal Requirements: We may disclose your information when required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, the rights of others, or the safety of any person.
  • With Your Consent: For any other purpose with your explicit prior consent.

05Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential Cookies: Required for authentication (keeping you logged in) and basic Platform functionality. These cannot be disabled without breaking the Service.
  • Analytics Cookies: Used to understand how users navigate the Platform (e.g., which pages are visited most). We may use privacy-respecting analytics tools that do not build cross-site profiles.
  • Preference Cookies: Store your settings and preferences (e.g., display settings) between sessions.

We do not use third-party advertising or behavioral tracking cookies. We do not participate in cross-site tracking networks.

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from logging in or using core features of the Platform. Most modern browsers allow you to view, manage, and delete cookies via their settings menu.

06Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal data. turntbl respects and honors these rights globally.

6.1 All Users

Regardless of location, all turntbl users have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data via your account settings.
  • Delete your account and associated personal data (see Section 7 for retention details).
  • Withdraw consent for optional processing (e.g., disconnect your Spotify integration at any time).
  • Receive a copy of the data you have submitted (ratings, reviews, profile information) in a portable format upon request.

6.2 European Economic Area (EEA) and United Kingdom — GDPR / UK GDPR

If you are located in the EEA or UK, you have the following additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

  • Right of Access (Article 15): Request confirmation of whether we process your data and obtain a copy of it.
  • Right to Rectification (Article 16): Request correction of inaccurate personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Article 21): Object to processing based on legitimate interests.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (e.g., the UK ICO, or your EU national supervisory authority).

6.3 California Residents — CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the purposes for collection, and the categories of third parties with whom it is shared.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA beyond what is necessary for Service operation.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise your California rights, contact us at turntblteam@gmail.com with the subject line "California Privacy Request." We will respond within 45 days, with an optional 45-day extension for complex requests.

6.4 Canada — PIPEDA / Quebec Law 25

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), including the right to access, correct, and withdraw consent for non-essential processing of your personal information. Contact us at turntblteam@gmail.com to exercise these rights.

6.5 Australia — Privacy Act 1988

Australian users have rights under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including the right to access personal information we hold about you and to request correction of inaccurate information. If you have a complaint about how we have handled your personal information, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

6.6 Brazil — LGPD

Brazilian users have rights under the Lei Geral de Proteção de Dados (LGPD), including rights to access, correction, deletion, portability, and information about sharing of your personal data. Contact us at turntblteam@gmail.com to exercise your LGPD rights.

6.7 How to Exercise Your Rights

To exercise any of the rights described in this Section, please contact us at turntblteam@gmail.com. We will verify your identity before processing your request to protect against unauthorized access. We will respond within the timeframes required by applicable law (typically 30–45 days). We will not charge a fee for reasonable requests.

07Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service. Specifically:

  • Account Data: Retained for the life of your account. Upon account deletion, we will delete or anonymize your personal account data within a reasonable period (typically 30 days), except where we are required to retain it longer by law.
  • User Content (Ratings & Reviews): Publicly posted ratings and reviews may persist in anonymized or aggregated form even after account deletion, as they contribute to the community record. If you request deletion before closing your account, we will remove your identifying information from the content.
  • Usage Logs: Retained for up to 12 months for security and analytics purposes, then deleted or anonymized.
  • Legal Hold: We may retain data longer if required by applicable law, court order, or in connection with a legal dispute involving turntbl.

08Data Security

We take reasonable technical and organizational measures to protect your personal information against unauthorized access, loss, alteration, disclosure, or destruction. These measures include:

  • Encrypted data transmission (HTTPS/TLS) for all Platform traffic.
  • Hashed password storage — we never store your password in plaintext.
  • Authentication managed via Supabase Auth using industry-standard PKCE flow.
  • Access controls limiting employee and contractor access to personal data on a need-to-know basis.
  • Regular review of our security practices and third-party service security posture.

However, no security system is impenetrable. We cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at turntblteam@gmail.com. In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law.

09Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. If you are between 13 and 18 (or under the age of majority in your jurisdiction), you may only use the Service with verifiable parental or guardian consent.

If we learn that we have collected personal information from a child under 13 without proper consent, we will promptly delete that information. If you believe we have inadvertently collected data from a child under 13, please contact us at turntblteam@gmail.com.

10International Data Transfers

turntbl is operated from the United States. If you are accessing the Service from outside the United States, your personal information will be transferred to, stored in, and processed in the United States and potentially other countries where our service providers operate.

These countries may have data protection laws that differ from those in your home country. By using the Service, you acknowledge and consent to this transfer.

For users in the EEA, UK, or Switzerland, where required by law, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) adopted by the European Commission to ensure your data is adequately protected when transferred internationally. For more information about these mechanisms, contact us at turntblteam@gmail.com.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Posting the updated Policy on this page with an updated "Last Updated" date.
  • Displaying a notice on the Platform upon your next login, for significant changes.

Your continued use of the Service after any update constitutes your acceptance of the revised Policy. If you do not agree with the updated Policy, you must stop using the Service and may delete your account.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

12Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

turntbl Privacy Team
Privacy page: turntbl.com/privacy
Legal & Terms: turntbl.com/legal

We will endeavor to respond to all privacy inquiries within 10 business days.

By using turntbl, you confirm that you have read and understood this Privacy Policy.

© 2026 TURNTBL — ALL RIGHTS RESERVED — LAST UPDATED MARCH 16, 2026