Privacy Notice
Last updated: 8 May 2026
1. Controller
Justin Dorber
Aalesunder Str. 4
10439 Berlin
Germany
E-mail: hello@soundsol.co
2. Purposes and legal basis of processing
Server logs and security data
When you visit the site, technical data such as IP address, browser type, timestamp, requested page and security-related request metadata may be processed to operate, secure and optimise the website. The legal basis is our legitimate interest under Art. 6 (1)(f) GDPR.
Messages you send us
If you contact us by e-mail, we process your e-mail address, message content and related metadata to respond to your inquiry. Depending on the context, the legal basis is Art. 6 (1)(b) GDPR for pre-contractual or contractual communications, or Art. 6 (1)(f) GDPR for general inquiries and feedback.
Event and source submissions
If you send a SoundSol event, venue, artist, festival, space or source suggestion, we may process the public source URL, title/name, city, venue/location, date/time, fit note, image or press-kit URL, your stated relationship to the suggestion and, if you provide it, your e-mail address. We use this to review possible SoundSol listings, verify factual details, prevent abuse and follow up about that specific suggestion. Suggestions are editorial signals only and are not automatically published. The legal basis is our legitimate interest under Art. 6 (1)(f) GDPR.
Newsletter or marketing-interest requests
If you actively ask to receive future SoundSol updates, editorial notes or newsletter emails, we process your e-mail address and request as consent-based newsletter or marketing interest under Art. 6 (1)(a) GDPR. Newsletter signups are handled through Buttondown, which stores the subscription record, manages confirmation and unsubscribe links, and keeps this separate from event/source submissions. You can withdraw consent at any time using the unsubscribe link in any newsletter email.
Admin authentication
The public website can be browsed without creating an account. Protected admin areas use Supabase authentication and technically necessary cookies or browser storage to keep authorised admin users signed in and to protect the service. The legal basis is Art. 6 (1)(f) GDPR.
Error monitoring and diagnostics
If enabled in production, Sentry may process technical error, performance and diagnostic data such as error messages, stack traces, device/browser information, URLs, timestamps, masked replay data and security-event metadata. This is used to identify bugs, prevent abuse and keep the service reliable. The legal basis is Art. 6 (1)(f) GDPR.
Privacy friendly web analytics
We use Vercel Web Analytics to understand aggregate site usage such as page views, referrers, approximate region, device type and performance signals. Vercel Web Analytics is intended to run without advertising cookies and without building visitor profiles. We use these statistics to understand which pages, event guides and city guides are useful and to improve the service. The legal basis is our legitimate interest under Art. 6 (1)(f) GDPR.
3. Recipients and processors
We use service providers to host, secure and operate the website. These providers may process personal data on our behalf under appropriate data-processing terms.
- Vercel Inc. — hosting, deployment, content delivery, server logs and privacy friendly aggregate web analytics.
- Supabase Inc. — database, storage, authentication and related backend services. The exact project region and transfer safeguards should be confirmed in the active Supabase project settings.
- Sentry — error monitoring, diagnostics, performance monitoring and, where enabled, masked session replay.
- Buttondown — newsletter signup forms, subscription records, confirmation e-mails, newsletter delivery, unsubscribe handling and related deliverability logs for signal — by soundsol.
- E-mail provider — processing of messages, event/source tips and replies sent to hello@soundsol.co.
4. Retention periods
- Server and security logs — retained only as long as needed for operation, security, debugging and legal protection, unless a longer retention period is required by law.
- Inquiry e-mails — normally erased 12 months after the last communication, unless longer retention is required for legal, accounting or dispute-resolution purposes.
- Private event/source submissions — rejected, spam or unused submissions are normally deleted or anonymised within 3–6 months. If a suggestion becomes a public editorial listing, we retain only the factual public listing/source information while removing private submitter contact data when no longer needed.
- Newsletter or marketing-interest requests — kept until you withdraw consent or until the related update workflow is no longer active.
- Admin authentication records — retained as long as required to operate and secure admin access.
5. International data transfers
Some providers may process data outside the European Economic Area. Where this occurs, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, and additional contractual or technical measures.
6. Your rights
You can request at any time:
- access to your personal data;
- rectification or erasure;
- restriction of processing;
- objection to processing based on legitimate interests;
- withdrawal of consent for newsletter or marketing-interest processing;
- data portability where Art. 20 GDPR applies.
To exercise these rights, e-mail hello@soundsol.co.
You also have the right to lodge a complaint with the competent data protection supervisory authority, including the Berlin Commissioner for Data Protection and Freedom of Information.
7. Security
Traffic between your browser and this site is encrypted via TLS/SSL. We also use technical and organisational measures intended to protect the website and admin systems against misuse.
8. External links
This website contains links to third-party sites, ticketing providers, organisers and venues. Their own privacy notices and terms apply once you leave soundsol.
Questions? Write to hello@soundsol.co.