Privacy Policy

Effective Date: March 1, 2026Last Updated: March 1, 2026

1. Overview

SetLedger ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. SetLedger is operated from Canada and complies with applicable Canadian privacy law (PIPEDA) and, where applicable, the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Data We Collect

2.1 Account Information

  • Name, email address, and password (hashed) when you register.
  • Profile details you optionally provide (DJ name, city, primary software e.g. Serato®).

2.2 Set & Performance Data

  • DJ set files, track lists, BPM data, timestamps, venue names, and other performance metadata you upload.
  • Usage statistics derived from your uploads (e.g., most-played tracks, set frequency).

2.3 Billing Information

Plan type and billing history. Payment details (card numbers, etc.) are processed directly by our payment provider (Stripe) and are never stored on SetLedger servers.

2.4 Usage & Technical Data

  • Log data: IP address, browser type, pages visited, time on site, and referring URLs.
  • Device information: operating system, screen resolution, browser version.
  • Cookies and similar tracking technologies (see Section 6).

2.5 Communications

  • Emails or messages you send to our support team.
  • Responses to surveys or feedback requests, if you choose to participate.

3. How We Use Your Data

We use your data to:

  • Create and manage your account.
  • Provide, maintain, and improve the Service.
  • Process payments and manage subscriptions.
  • Generate analytics and performance insights from your uploaded set data.
  • Send transactional emails (account confirmations, billing receipts, password resets).
  • Send product updates or marketing communications (you may opt out at any time).
  • Detect and prevent fraud, abuse, or security incidents.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

If you are in the EU/EEA, our legal bases for processing are:

  • Contract: Processing necessary to provide the Service you signed up for.
  • Legitimate Interests: Improving the Service, ensuring security, and communicating with users.
  • Consent: For marketing emails and non-essential cookies.
  • Legal Obligation: Where required by applicable law.

5. Data Sharing & Third Parties

We share data only as necessary with trusted service providers:

ProviderPurpose
Polar.shPayment processing
SupabaseDatabase & backend infrastructure
Resend / SendGridTransactional email delivery
BoltWeb hosting & delivery

All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

We may disclose data if required by law, court order, or to protect the rights and safety of SetLedger or its users.

6. Cookies

SetLedger uses the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, session management). Cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the platform (e.g., PostHog, Google Analytics). You may opt out via your browser settings or our cookie banner.
  • Preference Cookies: Remember your settings and preferences across sessions.

You can manage cookie preferences in your browser or via the cookie settings link in the site footer.

7. Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Cancelled accounts: Data is retained for 30 days post-cancellation to allow for reactivation or export, then permanently deleted.
  • Billing records: Retained for 7 years as required by applicable tax and accounting law.
  • Support communications: Retained for 2 years.

8. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (TLS/HTTPS).
  • Encrypted data storage at rest.
  • Role-based access control limiting internal access to user data.
  • Regular security reviews of our infrastructure.

No system is 100% secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated data ("right to be forgotten").
  • Export your data in a portable format.
  • Opt out of marketing communications at any time.
  • Withdraw consent for non-essential data processing.

To exercise any of these rights, email us at privacy@getsetledger.com. We will respond within 30 days.

10. Children's Privacy

SetLedger is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

11. International Data Transfers

SetLedger is operated from Canada. If you access the Service from outside Canada, your data may be transferred to and processed in Canada or other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for any such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on the website at least 14 days before they take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.

13. Contact

For privacy-related questions or to exercise your rights:

Email: privacy@getsetledger.com

Website: getsetledger.com