Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect information you provide directly: name, email, phone number, payment details, profile information, and business details. We also collect usage data automatically, including pages visited, features used, device information, IP address, browser type, and interaction patterns. For DJs, we collect business information such as genres, availability, pricing, and performance history. AI tools may process audio, images, and text you provide.

2. How We Use Your Information

We use your information to: provide and improve our services; process bookings and payments; send transactional emails and notifications; personalize your experience with AI-powered recommendations; analyze platform usage to improve features; detect and prevent fraud; comply with legal obligations; and communicate service updates. We do not use your data to train AI models without explicit consent.

3. Legal Basis for Processing (GDPR)

For users in the EEA, we process data under the following legal bases: (a) Contract performance — to provide our services; (b) Legitimate interests — to improve our platform and prevent fraud; (c) Consent — for marketing communications and optional AI features; (d) Legal obligation — for tax, accounting, and regulatory compliance. You may withdraw consent at any time without affecting prior processing.

4. Information Sharing

We do not sell your personal information. We share data only with: payment processors (PayMatrix) to complete transactions; cloud infrastructure providers (Vercel, Supabase) to host the platform; AI service providers (OpenAI, ElevenLabs) to process tool requests — only the minimum data needed; email delivery services (Amazon SES) for communications; law enforcement when required by law; and other users only as necessary to facilitate bookings (e.g., sharing a DJ's public profile with potential clients).

5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. For transfers from the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For transfers from the UK, we use the UK International Data Transfer Agreement. We ensure all recipients provide adequate data protection.

6. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest (AES-256); row-level security on our database; regular security audits and penetration testing; secure authentication via Supabase Auth with OAuth support; rate limiting and DDoS protection; and employee access controls with audit logging. We maintain an incident response plan and will notify affected users within 72 hours of a confirmed breach.

7. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies help us understand platform usage (opt-in only in the EEA). You can control cookie preferences through our cookie consent banner or browser settings. We do not use third-party advertising trackers. Our cookie consent mechanism complies with the ePrivacy Directive and GDPR.

8. Your Rights

Depending on your jurisdiction, you have the right to: access your personal data; correct inaccurate data; delete your data ("right to be forgotten"); restrict processing; data portability (export in machine-readable format); object to processing; withdraw consent; and lodge a complaint with a supervisory authority. Exercise these rights via Dashboard > Settings > Privacy, or email privacy@prodjagency.com.

9. CCPA Rights (California Residents)

California residents have additional rights under the CCPA: the right to know what personal information is collected and how it is used; the right to delete personal information; the right to opt-out of the sale of personal information (we do not sell data); and the right to non-discrimination for exercising privacy rights. To exercise these rights, use our "Do Not Sell My Information" toggle in Settings or contact us.

10. AI & Automated Decision-Making

We use AI for lead scoring, pricing recommendations, content generation, and music matching. These systems assist human decision-making but do not make fully automated decisions with legal or significant effects without human oversight. You have the right to request human review of any AI-assisted decision that significantly affects you. AI-processed data (audio, images, text) is not retained beyond the session unless you explicitly save the output.

11. Data Retention

We retain your data for as long as your account is active. After account deletion, we remove personal data within 30 days from active systems. Backups are purged within 90 days. Financial records are retained for 7 years as required by law. Anonymized usage data may be retained indefinitely for analytics. AI-generated content you save is retained until you delete it.

12. Children's Privacy

ProDJ is not intended for users under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16 (or 13 in the US), we will delete it promptly and terminate the associated account.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision. Continued use after the effective date constitutes acceptance.

14. Data Protection Officer

For privacy-related questions, data subject requests, or complaints, contact our Data Protection Officer at: dpo@prodjagency.com. You may also write to: ProDJ Agency, Attn: Data Protection Officer, 123 Music Lane, Suite 400, Los Angeles, CA 90001, United States. EU Representative: ProDJ EU Ltd, Dublin, Ireland.