Privacy Policy

1. Who are we?

Weblord
Tip.dj is a service of Weblord, based in the Netherlands.
Email: privacy@tip.dj

Weblord is the data controller for the personal data processed via tip.dj.

2. What data do we collect?

Guests (without account)

• Session ID (anonymous, stored in the browser)
• Name (optional, if entered with a request)
• Payment details processed via Stripe — we do not store full card details
• Time and content of song requests
• Push notification subscription (temporary, only for iDEAL/Bancontact requests)

Guests (with account)

• Email address and display name
• Encrypted password (bcrypt)
• Song request history
• Saved favourite DJs
• Saved payment methods (Stripe customer ID + card token — no full card numbers)

DJs

• Email address and profile information (name, bio, photo, location)
• Encrypted password
• Stripe Connect account ID and payout information
• History of received requests and earnings
• Push notification subscription (for real-time notifications)

Technical data

• IP address (temporary, for abuse prevention and rate limiting)
• Browser type and version (via HTTP headers)
• Timestamp of API requests

3. What do we use your data for?

• Performance of the agreement: processing song requests and payments (GDPR art. 6(1)(b)).
• Legal obligation: retaining transactions for tax purposes (GDPR art. 6(1)(c)).
• Legitimate interest: abuse prevention, security, and service improvement (GDPR art. 6(1)(f)).
• Consent: sending push notifications (GDPR art. 6(1)(a) — you can withdraw this at any time via your browser settings).

We do not use your data for advertising purposes and do not sell it to third parties.

4. Retention periods

• Account and transaction data is retained as long as the account is active, plus 7 years thereafter due to tax retention obligations.
• Anonymous session data from guests without an account is retained for a maximum of 30 days.
• Guest push notification subscriptions expire automatically after 30 days or after the request is completed.
• Log files are retained for a maximum of 30 days.

5. Third parties and processors

We share data with the following parties, only to the extent necessary:

6. Your rights (GDPR)

As a data subject you have the following rights:

• Access: you can request which data we process about you.
• Rectification: you can have incorrect data corrected.
• Erasure: you can request deletion of your data ("right to be forgotten"), unless legal retention obligations apply.
• Restriction: you can request a temporary restriction of processing.
• Portability: you can request your data in a common format.
• Objection: you can object to processing based on legitimate interest.
• Withdraw consent: if processing is based on consent (e.g. push notifications), you can withdraw it at any time.

Send your request to privacy@tip.dj. We will respond within 30 days.

7. Security

We take appropriate technical and organisational measures to protect your data, including:

• Encrypted transport via HTTPS/TLS
• Encrypted password storage (bcrypt)
• Access control via JWT tokens with limited validity
• Restricted access to production databases

8. Cookies and local storage

tip.dj does not use third-party tracking cookies. We use localStorage in your browser solely to store your login session (JWT token) when you create an account. This is necessary for the operation of the service and does not require consent.

9. Complaints

Do you have a complaint about how we handle your personal data? Please contact us first at privacy@tip.dj. You also have the right to file a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl.

10. Changes

This privacy policy may be updated. In case of material changes you will be informed via the website or by email if you have an account. The most current version is always available at tip.dj/privacy.