Privacy Policy

As of: February 2026

1. Data Controller

The controller responsible for data processing on this website is:

Deepcut UG (haftungsbeschränkt) i.G.
[Street and Number]
[ZIP City]
Germany
Email: hello@getdeepcut.de

2. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

How do we collect your data?

Your data is collected when you provide it to us (e.g., waitlist registration, Founding Member purchase). Other data is automatically collected or collected with your consent when you visit the website (e.g., technical data such as browser, operating system, time of page visit).

3. Hosting

This website is hosted by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Cloudflare is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection.

When visiting this website, server log files are automatically recorded. These contain:

  • IP address (anonymized)
  • Date and time of the request
  • Page accessed / URL
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website).
Storage duration: Server logs are stored by Cloudflare for a maximum of 72 hours.
Data processing agreement: We have concluded a Data Processing Agreement (DPA) with Cloudflare pursuant to Art. 28 GDPR.

Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

4. Your Rights

You have the right to:

  • Access information about your stored personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of data processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdrawal of consent at any time with future effect (Art. 7(3) GDPR)

To exercise your rights, send an email to hello@getdeepcut.de.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR). The competent authority is:

[State Data Protection Commissioner of the respective federal state]
(The competent authority depends on the registered office of the controller and will be added after registration of the company.)

5. Data Collection on This Website

Waitlist Registration

When registering for the waitlist, we collect your email address and chosen role (Fan, Artist, Digger).

  • Purpose: Notification about the app launch and relevant updates
  • Legal basis: Art. 6(1)(a) GDPR (consent)
  • Storage duration: Until withdrawal of your consent or until deletion of your entry upon request
  • Storage location: Supabase (EU region, see section 6)

Founding Member Purchase

When making a Founding Member purchase, the following data is processed:

  • Email address
  • Selected tier
  • Badge ID (internally generated)
  • Stripe session ID
  • Display name (optional)
  • Billing address (via Stripe)

Purpose: Contract performance (provision of rewards, tier assignment, payment processing).
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Storage duration: Contract data is stored for the duration of the business relationship and beyond in accordance with statutory retention periods (6 years under § 257 HGB, 10 years under § 147 AO).

Cookies

This website does not use tracking cookies or analytics tools. Only technically necessary cookies are used that are required for the operation of the website (e.g., language preference).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the operation of the website).

6. Third-Party Services and Data Processing Agreements

We use the following third-party service providers, with each of whom a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded:

Stripe

We use Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. Stripe is certified under the EU-US Data Privacy Framework.

  • Data processed: Payment data, email, billing address
  • Legal basis: Art. 6(1)(b) GDPR (contract performance)
  • Third-country transfer: USA – secured by EU-US Data Privacy Framework

Privacy policy: https://stripe.com/privacy

Supabase

We use Supabase, Inc. (970 Toa Payoh North, #07-04, Singapore 318992) for data storage. Our database instance is located in the EU region (AWS eu-central-1, Frankfurt).

  • Data processed: Waitlist entries, Founding Member data, badge IDs
  • Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(a) GDPR (consent for waitlist)
  • Storage location: EU (Frankfurt, Germany)

Privacy policy: https://supabase.com/privacy

Resend

We use Resend, Inc. (San Francisco, CA, USA) for sending emails (e.g., purchase confirmations). Resend is certified under the EU-US Data Privacy Framework.

  • Data processed: Email address, email content
  • Legal basis: Art. 6(1)(b) GDPR (contract performance)
  • Third-country transfer: USA – secured by EU-US Data Privacy Framework

Privacy policy: https://resend.com/legal/privacy-policy

Fonts (Self-Hosted)

This website uses locally hosted fonts (Fontsource). No external connections are made to Google Fonts or other font CDNs. Your IP address is not transmitted to third parties.

7. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legislation or changes to our services. The current version can always be found on this page.

← Back to homepage

Music belongs to those who feel it.

Be part of it.

Become a Founding Member