Legal · Privacy

Privacy policy.

Written for humans. The legalese is in here too, but you shouldn't need a lawyer to understand what we do with your data.

Last updated · June 17, 2026

What's actually going on

  • The desktop app sends anonymous, opt-out usage analytics and crash reports — never the contents of your records — and you can turn both off in Settings → Privacy.
  • Your records live in a SQLite file on your computer. Without Cloud, they never leave your device.
  • If you subscribe to Cloud, your collection syncs to a private, per-user database only your account can reach (encrypted in transit). It is not end-to-end encrypted — we operate the database.
  • We don't sell, share, or license your data to anyone.
  • If you join the beta waitlist, we store your email with Resend (our email provider) only to tell you when access opens. Ask us and we'll remove it.

Draft. This policy is pending legal review. Don't rely on it as final until this banner is removed.

01Who we are

PhaseCrate ("we", "us") provides a tool for DJs and record collectors to organize, sync, and explore their music collections. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have.

02What we collect

We collect the following categories of data:

  • Account data: your email, display name, optional profile image, and the preferences you give us at sign-up (DJ/collector role, collection size, music genres, how you heard about us). Passwords are stored only as a salted hash, never in plain text.
  • Collection data: the records, tracks, tags, BPM, key, waveforms, notes, and related metadata you sync through Cloud or import from a connected service such as Discogs.
  • Connection tokens: when you connect Discogs, its access tokens are stored on your own device in your operating system's secure keychain — they never reach our servers. The access token for your private Cloud database is stored encrypted on our servers.
  • Billing data: if you subscribe to Cloud, our payment provider Polar.sh (acting as merchant of record) processes your payment details. We receive billing status, plan, and invoice records — never your full card number.
  • Usage & device data: server logs (including IP address and request timestamps), crash reports, and anonymous product analytics. In the desktop app, analytics and crash reporting are on by default but can be turned off in Settings → Privacy.

03How we use your data

We use your data to:

  • provide, maintain, and improve the Service;
  • authenticate you and protect your account;
  • sync collection data across your devices;
  • process payments and manage subscriptions;
  • respond to support requests;
  • detect, prevent, and respond to fraud, abuse, and security incidents;
  • comply with legal obligations.

We do not sell your personal data. We do not use your collection data for advertising.

05Sharing

We share data only with:

  • Cloudflare — application hosting, edge network/CDN, and image storage;
  • Turso — database hosting for your account and your private Cloud collection;
  • Polar.sh — payment processing and merchant of record for Cloud subscriptions;
  • Resend — transactional email (verification, password reset) and the beta waitlist;
  • Sentry — crash and error reporting for the desktop app (processed in the EU);
  • PostHog — anonymous product analytics (processed in the EU);
  • Discogs — only when you choose to connect your Discogs account;
  • professional advisors and authorities when legally required.

Each processor is bound by a written agreement to handle your data only for the purposes we specify.

06Data retention

We keep your account and collection data for as long as your account is active. Specific periods:

  • Sign-in sessions expire after 14 days of inactivity; expired sessions are purged automatically every day.
  • Cloud collection data: if you cancel Cloud or a payment fails, your synced collection is retained for 30 days and then deleted.
  • Account deletion: when you delete your account we remove your personal data and keep only a minimal record needed to honour the deletion across your devices, plus anything we must retain to meet legal obligations (e.g. tax and accounting).

07International transfers

We host the Service on Cloudflare's global edge network, and your account and Cloud collection data are stored in our Turso database. Crash reporting (Sentry) and product analytics (PostHog) are processed in the European Union. Where data is transferred outside your country or region, we rely on appropriate safeguards such as Standard Contractual Clauses.

08Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. To exercise these rights, contact privacy@phasecrate.io. You also have the right to lodge a complaint with a supervisory authority.

09Security

We use industry-standard protections: traffic is encrypted in transit, stored data is encrypted where appropriate, and access is limited to the smallest set of people who need it. No system is perfectly secure; we encourage strong passwords and reporting any suspected unauthorised access.

10Cookies & local storage

On our website and web app we use a small number of strictly necessary cookies to keep you signed in (set by our authentication system). During the Discogs sign-in handshake we briefly store a temporary value in your browser's session storage, which is cleared once the handshake completes. Our website analytics (PostHog) run cookieless — we set no analytics or advertising cookies. The desktop app stores app settings and an anonymous analytics identifier locally on your device, not as browser cookies. You can control cookies through your browser settings; disabling the sign-in cookies will prevent you from staying logged in.

11Children

PhaseCrate is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children below that age. If you believe we have, contact us and we will delete it.

12Changes

We may update this Privacy Policy from time to time. Material changes will be communicated to account holders before they take effect.

13Contact

Privacy questions: privacy@phasecrate.io
Everything else: hello@phasecrate.io