← Home SpinLoud Legal

Privacy Policy

Last updated: May 27, 2026

1. Data Controller

SpinLoud, Inc. ("SpinLoud", "we") is responsible for the processing of your personal data. We act as data controller under the GDPR for EU residents and under Turkish law 6698 (KVKK) for Turkish residents.

SpinLoud, Inc.
77 Sands Street
Brooklyn, NY 11201

2. Data We Collect

When you use SpinLoud, we may process the following personal data:

• Identity: First name, last name, email address
• Business: Venue name, address, phone, tax details
• Payment: Card details processed by Stripe (SpinLoud does not store card numbers — only the Stripe customer ID)
• Usage: Listening time, channel preferences, session data, CherryPick request history
• Technical: IP address, browser, device type, cookie data
• Contact form: The content of messages you send us

3. How We Use the Data

• Providing, personalizing, and improving the service
• Account management and passwordless authentication
• Subscription and payment processing (via Stripe)
• Customer support and communication
• Legal compliance
• Marketing and analytics (with consent)

4. Data Sharing

Your personal data is not shared with third parties except in the following cases:

• Stripe Inc. — for payment processing (PCI DSS Level 1 compliant)
• Amazon Web Services (AWS) — for server, RDS PostgreSQL, and CloudFront CDN hosting (eu-central-1, Frankfurt)
• Google LLC — Google Analytics (anonymized usage statistics)
• Meta Platforms Inc. — Meta Pixel (ad performance measurement)
• Legal obligations: court order or competent authority request

5. Cookies

Our website uses cookies to improve user experience:

• Strictly necessary: Session, authentication (cannot be disabled)
• Analytics: Google Analytics — anonymous usage statistics
• Marketing: Meta Pixel — ad performance

You can manage or disable cookies in your browser settings. Disabling strictly necessary cookies may break service functionality.

6. Data Security

Your data is protected with SSL/TLS encryption, secure infrastructure, and layered access control. Payment information is only processed via Stripe's PCI DSS-compliant infrastructure; SpinLoud has no access to it. Database backups are encrypted at rest with AES-256.

7. Retention Periods

• Account data: While the account is active + 12 months after cancellation
• Billing/Payments: 10 years (per tax law)
• Listening data: 24 months (anonymized for analytics)
• Contact form: 24 months after the request is resolved

8. Your Rights

Under the GDPR (Articles 15–22) and KVKK (Article 11) you have the right to:

• Know whether your personal data is being processed
• Request information about the data we process
• Ask for correction or deletion of your data
• Object to or request restriction of processing
• Request data portability
• Object to automated decision-making

9. Policy Changes

This privacy policy may be updated due to legal requirements or service changes. Material changes are communicated by email at least 30 days in advance; the "Last updated" date at the top of this page is always current.

10. Contact

For privacy questions: privacy@spinloud.com

General contact: info@spinloud.com

SpinLoud, Inc.
77 Sands Street
Brooklyn, NY 11201, United States