CRATERADAR.COM // SOUND-SYSTEM READY

Legal

Privacy policy

Last updated: 2026-05-03

What we collect

  • Email address — required for an account, used for login, password reset, verification, and (if you opt in) price-drop / free-download alerts on tracks you’ve wishlisted or artists you follow.
  • Search queries — what you typed into the search box, logged so we can improve the catalog and detect missing coverage. Logged queries are not tied to your account in the public catalog and are pruned regularly.
  • Click-through events — when you click a store link from our site, we log the click before redirecting you. Used to compute popularity rankings.
  • IP hash — we hash your IP address (we never store the raw IP) for rate-limiting and abuse detection. The hash uses a server-side salt; we can’t recover the IP from the hash.
  • Subscription data (Pro users only) — your PayPal subscription ID and status, fetched from PayPal via webhook. We don’t see your card details; PayPal handles all payment processing.

Third parties

The following third parties process data on our behalf or on your behalf:

  • Cloudflare — hosts the site, the database, and the cron workers. Cloudflare sees every request to the site, including IP, user-agent, and request path.
  • Cloudflare Turnstile — anonymous bot detection on signup, login, password reset, and the contact form. No cookies, no cross-site tracking.
  • PayPal — handles all payments and subscription management. When you subscribe, PayPal shares your email + payer ID with us via webhook. Card data is never seen by us.
  • Resend — sends transactional email (verification, password reset, alerts). Resend processes the email address solely to deliver the message.
  • Outbound store links — when you click through to Beatport, Bandcamp, Hardtunes, or Black Reaper Records, you enter their world. They have their own privacy practices independent of ours.

What we don’t do

  • We don’t use cookies for tracking or advertising. The only cookie set is the session cookie required to keep you logged in (httpOnly, SameSite=Lax).
  • We don’t use Google Analytics, Meta Pixel, or any cross-site tracking platform.
  • We don’t sell, rent, or share data with advertisers.

Your GDPR rights

If you’re in the EU/EEA (which covers most of our user base), you have the right to:

  • Request a copy of all personal data we hold about you
  • Request correction of any inaccurate data
  • Request deletion of your account and all associated data (right to be forgotten)
  • Withdraw consent to data processing at any time
  • Lodge a complaint with your local data protection authority

To exercise any of these, contact us and we’ll respond within 30 days. Account deletion is also self-serve from /account/profile — though we keep aggregated, anonymized usage statistics that don’t identify individual users.

Retention

Account data lives until you delete it. Search query logs are kept for 90 days for product analysis, then dropped. Job-run logs are kept for 30 days for operational debugging. PayPal records are kept as long as legally required for tax / accounting purposes.

Changes

If we change this policy materially, we’ll notify users by email before the new version takes effect.

Contact

Questions: drop us a note.