Skip to main content
← Back to Crate Crawl

Privacy Policy

Last updated: March 2026

Crate Crawl is a music discovery platform built for DJs. We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it. We believe in plain language — no legal fog, no dark patterns. If anything in here is unclear, reach out and we will explain it.

1. What We Collect

Account Information

When you create an account, we collect your email address and a display name of your choosing. Your password is handled entirely by Supabase authentication — it is hashed before it ever reaches storage, and we never have access to your plaintext password.

Music Preferences and Ratings

When you rate tracks, build crates, and dig for music on the platform, we store your ratings, crate configurations, genre preferences, and taste profile data. This is the core data that makes Crate Crawl work — without it, we cannot personalize your recommendations. This data is associated with your account and stored in our database.

Audio Files

If you use the Track Fixer feature, you upload audio files for format conversion and metadata correction. These files are stored temporarily on Cloudflare R2, our cloud object storage provider. Uploaded files are automatically and permanently deleted within 48 hours of the processed file becoming available for download. We do not retain your audio files longer than necessary to provide the service.

Payment Information

Payment processing is handled by Stripe. Crate Crawl never stores your card number, CVV, or full payment details. When you upgrade your subscription, Stripe handles all sensitive financial data and returns us only a customer identifier and subscription status. We store that identifier to manage your account tier.

Usage Data

We track basic usage counters — how many tracks you have discovered this week, how many crates you have created, and how many Track Fixer jobs you have run. This data is used to enforce your plan limits and reset at the appropriate billing interval.

2. How We Use Your Data

We use your data to operate and improve Crate Crawl. Specifically:

  • Providing the service: Your taste profile and ratings power the recommendation engine that finds tracks matching your crates. Without this data, we cannot deliver relevant results.
  • Improving recommendations: In aggregate, user rating patterns help us tune the scoring algorithm that ranks tracks. We do not sell or expose individual rating data to third parties.
  • Transactional emails: We send emails for account confirmation when you sign up, password reset requests when you initiate them, and payment receipts when charges occur. We do not send marketing emails without your explicit opt-in.
  • Account management: We use your account data to enforce plan limits, process subscription changes, and respond to support requests.

3. Third-Party Services

Supabase

Crate Crawl uses Supabase as its authentication provider and primary database. Your account data, crates, dig history, and ratings are stored in Supabase infrastructure. Supabase is SOC 2 compliant and stores data in AWS data centers. You can review Supabase's own privacy practices at supabase.com/privacy.

Cloudflare R2

Audio files uploaded to Track Fixer are stored in Cloudflare R2 object storage. Files are stored only as long as needed — they are automatically deleted within 48 hours after the processed output is ready for download. Cloudflare does not process your audio files; they are only stored in transit for the conversion workflow.

Stripe

Subscription billing is processed by Stripe, a PCI-DSS Level 1 certified payment processor. When you enter payment details on checkout, those details go directly to Stripe's servers — Crate Crawl servers never touch your raw card data. We receive a Stripe customer ID and subscription object, which we store to keep your account tier in sync.

4. We Do Not Sell Your Data

We do not sell, rent, or share your personal data with third parties for marketing, advertising, or data broker purposes. Full stop. The business model is subscriptions, not surveillance. Your music taste is yours.

5. Your Rights

You have the right to access, correct, and delete the personal data we hold about you. Specifically, you can:

  • Update your display name and email address from your account settings.
  • Request a full export of your account data by contacting us at the email below.
  • Request complete deletion of your account and all associated data. We will process deletion requests within 30 days. Note that Stripe may retain transaction records as required by financial regulations.

To exercise any of these rights, contact us at privacy@cratecrawl.com. We will respond within 30 days.

6. Data Retention

We retain your account data for as long as your account is active. Audio files uploaded to Track Fixer are deleted within 48 hours of download availability. If you delete your account, we delete your personal data within 30 days, except where retention is required by applicable law (such as financial records).

7. Security

We take reasonable technical and organizational measures to protect your data. Passwords are hashed by Supabase using industry-standard algorithms. Data in transit is encrypted via HTTPS. Audio files in Cloudflare R2 are stored with encryption at rest. That said, no system is perfectly secure. If you discover a security issue, please report it to privacy@cratecrawl.com and we will respond promptly.

8. Changes to This Policy

We may update this privacy policy as the product evolves. When we make material changes, we will notify you via email or a prominent notice in the app. The “last updated” date at the top of this page will always reflect the current version. Continued use of Crate Crawl after changes are posted constitutes your acceptance of the updated policy.

9. Contact

Questions, concerns, or requests related to your privacy can be directed to: privacy@cratecrawl.com

Terms of ServiceBack to Crate Crawl