Privacy Policy

1. Information We Collect

When you use Fresh Wax, we collect:

• Account information: Email address, display name, and password
• Profile information: Artist name, bio, and links (if applicable)
• Purchase history: Records of your transactions including items, amounts, and shipping details
• Content: DJ mixes, comments, ratings, and vinyl listings you submit
• Payment information: Card details are processed directly by Stripe/PayPal and never stored on our servers
• Usage data: Pages visited, features used, and technical information (browser, IP address)
• Newsletter data: Email address, consent timestamp, and engagement metrics

2. How We Use Your Information

We use your information to:

• Provide and maintain the Fresh Wax platform
• Process purchases and deliver digital content
• Enable community features (comments, ratings, mixes, live chat)
• Send transactional emails (order confirmations, shipping updates, verification reminders)
• Send marketing emails (newsletter) — only with your explicit consent
• Analyse site usage to improve our services (with your consent)
• Prevent fraud and abuse

3. Third-Party Services

We do not sell your personal information. We share data with the following processors to operate our service:

Payment Processing

• Stripe — Processes card payments. Receives: name, email, card details, billing address, order amount. Stripe Privacy Policy
• PayPal — Alternative payment method. Receives: email, name, order amount. PayPal Privacy Policy

Infrastructure & Hosting

• Cloudflare — Hosting, CDN, and security. Processes: IP addresses, page requests, security tokens. Cloudflare Privacy Policy
• Google Firebase — Authentication and database. Stores: account data, orders, content. Firebase Privacy

Communications

• Resend — Transactional and marketing emails. Receives: email address, name. Resend Privacy Policy
• Pusher — Real-time notifications for live streams and chat. Receives: anonymised user IDs. Pusher Privacy Policy

Analytics

• Google Analytics 4 — Site usage analytics (only with your consent). Receives: anonymised IP, page views, events. Google Privacy Policy

Content & Security

• Giphy — GIF search in live chat. Receives: search queries. Giphy Privacy Policy
• Google Translate — Optional chat translation. Receives: message text. Google Privacy Policy
• Google reCAPTCHA — Fraud prevention on forms. Receives: browser behaviour data. Google Privacy Policy

Your public profile, uploaded mixes, comments, and ratings are visible to other users.

4. Data Retention

We retain your data for the following periods:

• Account data: Until you delete your account
• Order and financial records: 7 years after the transaction (UK tax and accounting obligations)
• Comments and ratings: Until you delete your account (anonymised, not deleted, to preserve community content)
• DJ mixes and vinyl listings: Until you delete your account or remove the content
• Newsletter subscription: Until you unsubscribe or delete your account
• Analytics data: 14 months (Google Analytics default retention)
• Error logs: 90 days
• Session cookies: Expire when you close your browser or after 14 days

5. Data Storage & Security

Your data is stored securely using industry-standard practices:

• All data is encrypted in transit (TLS/HTTPS)
• Passwords are hashed and never stored in plain text
• Payment card data is processed directly by Stripe/PayPal and never touches our servers
• Infrastructure is hosted on Cloudflare (global edge network) and Google Cloud (Firebase)
• Server-side authentication uses service account credentials with least-privilege access

6. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the right to:

• Access — Request a copy of all personal data we hold about you
• Rectification — Correct inaccurate information via your account settings
• Erasure — Delete your account and all associated data from your account dashboard
• Data portability — Download your data in machine-readable format (JSON) from your account dashboard
• Restrict processing — Request that we limit how we use your data
• Object — Object to processing based on legitimate interests
• Withdraw consent — Withdraw cookie or newsletter consent at any time

How to Exercise Your Rights

For most actions (deletion, data export), use the tools in your account dashboard. For other requests, contact us and we will respond within 30 days. If you are unsatisfied with our response, you can complain to the Information Commissioner's Office (ICO).

7. Cookies

We use essential cookies for authentication, cart, and session management. Analytics cookies (Google Analytics) are only set with your explicit consent. You can manage your cookie preferences at any time using the cookie banner or visiting our Cookie Policy.

8. Newsletter & Marketing

We send marketing emails only with your explicit, informed consent (double opt-in). You can unsubscribe at any time via the link in every email or from the unsubscribe page. We record consent timestamps and source for compliance purposes.

9. Third-Party Links

Our platform may contain links to external sites. We are not responsible for the privacy practices of other websites.

10. Children's Privacy

Fresh Wax is not intended for users under 13 years of age. We do not knowingly collect information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a prominent notice on the site. The "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or data subject access requests (DSARs), please contact us. We aim to respond to all requests within 30 days.