Drum Circle Directory

Legal

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how Drum Circle Directory ("we", "us", "our") collects, uses, shares, and protects personal information when you use drumcircledirectory.com and any related sites, apps, and services (the "Service"). It also explains the rights you may have under laws like the EU and UK General Data Protection Regulation ("GDPR"/"UK GDPR") and the California Consumer Privacy Act as amended by the CPRA ("CCPA"). By using the Service you acknowledge this Policy.

1. Who We Are (Controller)

Drum Circle Directory is the "controller" of personal information processed through the Service. Contact: privacy@drumcircledirectory.com.

2. Information We Collect

Information you provide

  • Account data: name, email address, password hash, profile photo, optional phone number, social handles you choose to add.
  • Listing data: business name, location, address, GPS coordinates, description, images, video links, schedule, pricing, contact info, social links, and any other content you submit to a listing.
  • Claim & verification data: documents and identifiers you submit to claim a listing.
  • Payment data: processed by our payment processor (Stripe). We receive limited billing metadata (name, country, last 4 digits, brand, status) but never see or store your full card number, CVV, or bank credentials.
  • Communications: messages you send through contact forms, claim requests, support emails, and surveys.
  • Reviews & ratings you submit.

Information collected automatically

  • Device and browser data (user agent, OS, screen size, language, time zone).
  • IP address and approximate location derived from it.
  • Pages viewed, referrers, search terms, clicks, scroll depth, and session timing for analytics and abuse prevention.
  • Error logs and crash reports.
  • Cookies, local storage, and similar technologies β€” see our Cookie Policy.

From third parties

  • OAuth providers (e.g., Google) when you choose to sign in with them β€” we receive name, email, profile photo, and a stable identifier.
  • Imports you initiate (e.g., Facebook event import) for listings you submit.
  • Anti-fraud and security signals from our payment processor.

3. How We Use Information

  • Operate, maintain, and improve the Service, including search, ranking, recommendations, moderation, and personalization.
  • Display listings, banners, and sponsored placements you or third parties have purchased.
  • Process payments, subscriptions, renewals, refunds, and chargebacks.
  • Send transactional emails (receipts, claim verifications, security notices, policy updates). These are not marketing and cannot be opted out of while you have an active account.
  • Send marketing emails β€” only with your consent where required by law; you can unsubscribe at any time using the link in the email.
  • Detect, investigate, and prevent fraud, abuse, spam, security incidents, and violations of our Terms.
  • Comply with legal obligations, respond to lawful requests, and enforce our agreements.
  • Conduct analytics and product research using aggregated or de-identified data.

4. Legal Bases (EU/UK Users)

We rely on the following legal bases under GDPR/UK GDPR:

  • Contract β€” to provide the Service you request.
  • Legitimate interests β€” to secure, debug, and improve the Service, prevent fraud, and conduct direct marketing of similar products to existing users where permitted.
  • Consent β€” for non-essential cookies, marketing where required, and any optional features that ask for permission. You can withdraw consent at any time.
  • Legal obligation β€” to comply with tax, accounting, and regulatory duties.

5. How We Share Information

  • Public by design: content you publish to a listing (name, description, photos, schedule, contact info) is visible to anyone on the internet, may be indexed by search engines, and may be cached or scraped by third parties. Do not submit content you want to keep private.
  • Service providers (processors): hosting and database (Supabase/Lovable Cloud), payments (Stripe), transactional email, error reporting, AI providers, and analytics β€” all bound by contract to use data only as instructed and to protect it.
  • Advertisers: aggregated impression and click counts only β€” never personally identifiable information.
  • Legal & safety: when required by law, court order, subpoena, or to protect rights, property, or safety of users, the public, or us, and to investigate fraud or security incidents.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, with notice to you where required.

We do not sell personal information for money, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

6. Data Retention

We retain personal information only as long as necessary for the purposes set out in this Policy:

  • Account & listing data β€” for the life of your account and up to 24 months after deletion for backups, dispute resolution, and legal compliance.
  • Payment & billing records β€” at least 7 years where required by tax law.
  • Server logs & security events β€” up to 12 months.
  • Marketing preferences β€” until you withdraw consent or unsubscribe.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information ("right to be forgotten").
  • Restrict or object to certain processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with your local data-protection authority.

California residents have the rights to know, delete, correct, and limit use of sensitive personal information, and to opt out of "sale" or "sharing" (we do not engage in either). You may designate an authorized agent.

To exercise any right, email privacy@drumcircledirectory.comfrom the email address associated with your account, or include enough information to verify your identity. We will respond within the timeframe required by applicable law (typically 30–45 days). We will not discriminate against you for exercising your rights.

8. Security

We use commercially reasonable safeguards including encryption in transit (TLS), encryption at rest for our managed databases, hashed and salted passwords, row-level security in our database, scoped service-role keys, and access logging. No method of transmission or storage is 100% secure; you use the Service at your own risk and are responsible for the security of your password and devices. If we learn of a security breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

9. International Transfers

Our infrastructure and service providers may process data in the United States, the European Union, and other countries. Where required, we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or other approved safeguards.

10. Children

The Service is not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it. Parents and guardians are responsible for supervising children's online activity.

11. Automated Decisions & AI

We use automated systems to rank search results, surface recommendations, moderate content, and generate certain text (with human review for paid placements). These systems do not make decisions that produce legal or similarly significant effects on you. You can contact us at any time to discuss any automated determination affecting your listing.

12. Third-Party Links & Listings

Listings, banner ads, embeds, and blog posts may link to external sites we do not control. Their data practices are governed by their own privacy policies. We are not responsible for them.

13. Cookies

See our Cookie Policy for details on cookies and similar technologies. You can change your cookie preferences at any time via the "Cookie settings" link in the footer.

14. Changes

We may update this Policy from time to time. Material changes will be announced on this page with a new "Last updated" date and, where appropriate, by email or in-app notice.

15. Contact

Drum Circle Directory
Privacy contact: privacy@drumcircledirectory.com
Legal contact: legal@drumcircledirectory.com