Privacy PolicyVersion 1.0Effective: December 12, 2025Updated: December 12, 2025

Privacy Policy

This Privacy Policy explains how DrillRecord collects, uses, shares, and protects your personal data when you use the DrillRecord platform (the “Service”).

Terms of ServiceCookie Policy

Quick summary

  • We use your email/username to create and manage your account.
  • We use auth tokens (JWT) to keep you logged in securely.
  • Uploads (songs/artwork/metadata) may be public depending on your settings.
  • You can request access, deletion, or correction of your data.

1. Overview

This policy applies when you visit the Service, create an account, upload content (songs/artwork), or contact support.

“Personal data” means information that identifies you or can reasonably be linked to you (like email, account IDs, IP address, or device identifiers).

2. Who we are

Controller: DrillRecord

Address: Antwerp, Belgium

Privacy contact: support@drillrecord.com

We do not currently designate a DPO. For privacy matters, contact the email above.

3. Data we collect

A) Account & profile

  • Email address
  • Username / profile details you choose to add
  • Account IDs and timestamps (created/updated)
  • Passwords are processed and stored in a hashed form by our authentication system (we do not store plain-text passwords).

B) Authentication & security

  • JWT access/refresh tokens (session tokens)
  • Login events, security logs, device/browser info
  • IP address (typically collected by servers for security and fraud prevention)

C) Uploads & content

  • Audio files (songs), artwork/images, and any text/metadata you submit
  • Public page data (e.g., track title, artist name, links) depending on settings
  • Reports/flags related to content (if someone reports an upload)

D) Support communications

  • Messages you send to support and our replies

4. How we use your data

  • Provide the Service: create accounts, log in, host uploads, display profiles.
  • Security: prevent fraud/abuse, protect accounts, detect suspicious activity.
  • Support: respond to requests and troubleshoot issues.
  • Moderation: review reports and enforce platform rules.
  • Improve the Service: debug, performance monitoring, feature improvements.
  • Legal compliance: respond to lawful requests and enforce our Terms.

6. Sharing & processors

We share personal data only with service providers (“processors”) that help us run the Service, or when required by law.

Typical processors (replace with your real stack)

  • Hosting/CDN: where the website runs
  • Database & storage: where profiles and uploaded audio/images are stored
  • Authentication: account and session management (JWT tokens)
  • Email delivery: sending verification/reset emails
  • Error monitoring: logging crashes/performance (optional)

We may also share information if we believe it’s necessary to comply with law, enforce our Terms, or protect users and the Service.

7. Cookies & tracking

We use cookies or similar technologies for authentication and basic site functionality. If we use analytics or marketing cookies, we will ask for consent where required.

See our Cookie Policy for details.

JWT sessions

We use session tokens (JWT) to keep you logged in. These may be stored in secure cookies (recommended) or other storage depending on implementation. You can log out to invalidate sessions.

8. Retention

  • Account data: kept while your account is active.
  • Uploads: kept until you delete them or your account is removed.
  • Security logs: kept for a limited period (e.g. 30–180 days) unless needed longer for security/legal reasons.
  • Backups: may persist for a limited time after deletion.

9. Security

We use reasonable technical and organizational measures to protect personal data, such as access controls, encryption in transit (HTTPS), and monitoring for abuse.

No system is 100% secure, but we work to prevent unauthorized access, alteration, and loss.

10. Your rights

Depending on your location (including the EU/EEA), you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (in certain cases)
  • Restrict or object to processing (in certain cases)
  • Data portability (in certain cases)
  • Withdraw consent (when processing is based on consent)

To exercise rights, email support@drillrecord.com.

11. International transfers

If our service providers process data outside the EU/EEA, we rely on appropriate safeguards (for example, adequacy decisions or standard contractual clauses) where required.

12. Children

The Service is not intended for children who are not old enough to form a contract in their country. If you believe a child provided us personal data, contact us and we will take appropriate steps.

13. Changes

We may update this Privacy Policy. If changes are material, we will provide reasonable notice (for example via email or an in-app notice). The “Updated” date shows the latest version.

14. Contact & complaints

Privacy contact: support@drillrecord.com

Support: support@drillrecord.com