Privacy Policy

Effective Date: December 17, 2025

1. Introduction

Blacklight ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Blacklight is co-headquartered in Brooklyn, NY (USA) and Berlin, Germany. We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) for European users.

2. Information We Collect

Account Information

When you create an account, we collect:

• Phone number (required for verification)
• Email address
• Name
• Artist type and professional information

Profile Content

Content you choose to upload to your EPK, including:

• Photos and videos
• Music and audio files
• Biographical information
• Professional history and credentials
• Social media links

Usage Data

We automatically collect:

• Page views and interactions with your EPK
• B2B (industry view) unlock events
• Device information and browser type
• Referring URLs

3. IP Address Handling

We collect IP addresses for security and analytics purposes. How we use IP data depends on your cookie consent:

• If you accept analytics cookies: We use IP addresses for city-level geolocation to provide you with geographic analytics about your EPK visitors.
• If you decline analytics cookies: We only use IP addresses for country-level geolocation. Your analytics will show country-level data only.

IP addresses are retained for 24 hours for rate limiting and security purposes, after which they are deleted or anonymized.

4. Analytics and Tracking

We collect analytics to help you understand how visitors interact with your EPK:

• Page views: How many people view your public EPK
• B2B unlock events: When someone accesses your industry view (timestamp and approximate location)
• Referral sources: How visitors find your EPK

If you enable Google Analytics integration on your EPK (optional), Google's privacy policy applies to that data collection.

5. Cookies

Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

• B2B session cookie: Remembers when a visitor has unlocked your industry view (30-day duration)
• Authentication cookies: Keeps you logged into your account

Analytics Cookies

These cookies help us understand how visitors use the Service. They are only set if you accept them:

• Blacklight analytics cookies
• Google Analytics (if enabled by artist)

Your cookie preference is remembered for 12 months. You can change your preference at any time through the cookie banner.

6. Consent Records

When you provide consent (for example, agreeing to our Terms or accepting cookies), we store a record of that consent including:

• The text you agreed to
• Timestamp of your consent
• Your IP address at the time of consent

Consent records are retained for the duration of your relationship with Blacklight plus 3 years, as required by GDPR.

7. Third-Party Services

We use the following third-party services to operate Blacklight:

• Stripe: Payment processing. We do not store your credit card information; Stripe handles all payment data.
• Supabase: Database and authentication infrastructure.
• Vercel: Website hosting and content delivery.
• hCaptcha: Spam protection for forms. hCaptcha is GDPR-compliant and privacy-focused.
• Firebase Cloud Messaging: Push notifications for mobile apps.
• Mailersend: Transactional email delivery (account verification, notifications).

Each of these services has their own privacy policy governing how they handle your data.

8. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send you technical notices and support messages
• Respond to your comments, questions, and requests
• Provide analytics about your EPK performance
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

9. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: With third-party vendors who assist us in operating the Service
• Legal requirements: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets
• With your consent: When you explicitly agree to sharing

10. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

• Right to access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data
• Right to data portability: Request your data in a portable format
• Right to object: Object to certain processing of your data
• Right to withdraw consent: Withdraw consent at any time

Data Export

You can export all your data at any time through your account settings. Your export will include:

• Profile data (JSON format)
• All uploaded media files
• Analytics data (CSV format)
• Inquiry history (CSV format)
• Invoice records (CSV format)

Account Deletion

You can delete your account at any time. Account deletion will permanently remove all your data, including your profile, uploaded content, and analytics. This action cannot be undone.

We process deletion and data export requests within 30 days.

11. Data Retention

We retain your data for as long as your account is active. Specific retention periods:

• Inquiry history: Free tier: 30 days. Starter: 1 year. Pro and Business: Unlimited.
• Analytics data: Free: 7 days. Starter: 90 days. Pro: 1 year. Business: Unlimited.
• Audit logs: 2 years minimum (for security purposes)
• Consent records: Duration of relationship plus 3 years

When you delete your account, all associated data is permanently deleted.

12. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Row-level security at the database level
• Regular security audits
• Access controls and authentication

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

13. International Transfers

Your data may be processed in the United States, Germany, or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR.

14. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

16. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

privacy@blklight.net