01 / Legal

Privacy Policy

Last updated 2026-05-08

We keep this short and honest. This is what UNID collects, why, and how we protect it.

1. What we collect

Account data

Email address + username (you provide at signup)
Password (hashed by Supabase; we never see it in plaintext)
Optional profile fields: display name, bio, avatar, genre preferences
Role (fan, artist, label) for feature gating

Activity data

Cases you post, answers you submit, votes, follows, saves, reports
Identification attempts — we don’t store the audio itself, only the match result and metadata
Points balance + ledger entries

Technical data

IP address (hashed before storage where used for rate limiting)
Device/browser user agent
Usage events (anonymized via PostHog — see section 3)
Error reports via Sentry (scrubbed of PII where possible)

Payments

When you buy points, Stripe processes the payment. We receive your Stripe customer ID and the amount of the purchase — we never see or store your card number. See Stripe’s Privacy Policy for their handling.

2. Why we collect it

Run the service: accounts, feed, identifications, points economy.
Moderate: spam prevention, DMCA response, abuse handling.
Improve: aggregate product metrics tell us what features work.
Communicate: transactional email (verification, password reset). Never marketing spam.

3. Third parties we share with

We minimize third-party sharing. Here’s every provider that sees any of your data and what they see:

Supabase (auth + database + file storage): all account and activity data. EU + US regions available.
Vercel (hosting): request logs, IP addresses for routing. No product data.
Stripe (payments): billing data only, when you make a purchase.
Cloudflare R2 (file storage): artist-uploaded track audio files are retained for the duration of the track’s presence in the UNID catalog. Temporary audio files submitted for identification purposes are automatically deleted within 30 hours.
Fly.io (infrastructure): we use Fly.io for audio fingerprinting processing. Audio data processed by Fly.io is not stored beyond the duration of the identification request.
AudD (identification): audio fingerprints submitted for matching.
PostHog (product analytics): anonymized event data tied to your user id. Session recording disabled.
Sentry (error tracking): stack traces + request context when something crashes.
Resend (transactional email): your email address + the specific message content.

We do not sell your data. We do not share it with advertisers. If that changes, we’ll notify users and update this policy.

4. Retention

Account data: kept until you delete your account. Deletion is scheduled with a 7-day grace window — sign back in within that window to cancel. After the window, your profile, cases, IDs, badges, watches, and uploaded files are removed permanently.
Audio uploads: deleted from R2 within 30h of upload (identify flow). Marketplace masters and avatar files are deleted at the time your account is deleted.
Activity data (cases, answers, etc.): retained while your account is active; deleted along with your account.
Email logs: kept while your account is active for deliverability + complaint history. Once your account is deleted, the row is anonymised (your userId is unlinked) and pruned 12 months later.
Audit log entries (admin actions): retained for the lifetime of the platform with your userId nulled on deletion. The action itself stays for legal/compliance review; nothing identifies you in it.
Marketplace purchase records: retained for the duration required by accounting law (typically 7 years), with your buyer-id reference cleared on deletion.
Server logs: 30 days.
Stripe records: retained per Stripe’s policy.

5. Your rights

Regardless of where you live, you can:

Access your data — download a JSON export from /api/users/me/export while signed in.
Correct your data — via Settings, or email us.
Delete your account — via Settings (7-day cancel window, then permanent).
Port your data — JSON export covers profile, cases, IDs, badges, scene championships, watches, profile-unlock history, clip likes/saves, votes, recent notifications, email-send history, conversation metadata, and admin actions targeting you. Other users’ usernames are anonymised; their message content is excluded for their privacy. Each export carries a _meta.schemaVersion field so the format can evolve.
Restrict visibility — Settings → Privacy lets you switch your profile to signed-in only or private at any time.
Object to specific processing — email us.

In the EU/UK, you have additional GDPR rights. In California, you have CCPA rights. Email privacy@unid.dev to exercise any.

6. Cookies + tracking

We use essential cookies for authentication (Supabase session) and CSRF protection. We do not use advertising or cross-site tracking cookies. PostHog runs in server-side-only mode with session recording disabled — we don’t need a cookie banner because we don’t drop non-essential cookies. If that ever changes, a consent flow will appear.

7. Security

All traffic over HTTPS (HSTS preload).
Supabase encrypts data at rest.
Sensitive secrets (API keys) stored in Vercel environment variables, never in the repo.
Access to production credentials is two-factor authenticated.

Despite our best efforts, no system is unbreakable. If we have a data incident affecting you, we’ll notify you by email within 72 hours.

8. Children

UNID is not directed at children under 13. We don’t knowingly collect data from children. If you believe a child has signed up, email us and we’ll remove the account.

9. Changes

We’ll update this policy as the product evolves. The “Last updated” date at the top reflects the current version. Material changes are announced by email to active users.

10. Contact

Questions, requests, or concerns: privacy@unid.dev.