Privacy Policy
Last updated: March 19, 2026
Groove Guru ("we", "us", or "our") operates grooveguru.nl. We are committed to protecting and respecting your privacy. This policy explains what personal data we collect, why we collect it, how we store and protect it, and your rights under the General Data Protection Regulation (GDPR) and other applicable data-protection laws.
Data Controller
Cyrazz Digital Solutions (sole proprietorship / eenmanszaak)
KVK: 42001435 · VAT: NL005425491B66
Loolaan 41-76, 7314AD Apeldoorn, The Netherlands
Email: support@grooveguru.nl
1. Data We Collect
Account information
When you create an account we collect your email address and, optionally, a display name.
Usage data
We record search queries you perform, the sites you enable or disable, saved items, wishlist entries, collection data you add, and general interaction metrics (e.g. search count per month).
Technical data
Standard web-server logs may include your IP address, browser type, operating system, referral URL, and pages visited. These are used solely for security, diagnostics, and aggregated analytics.
Payment data
If you subscribe to a paid tier, payment processing is handled by a third-party provider (Stripe). We do not store your credit-card number or full payment details on our servers. Stripe acts as an independent data controller for payment data.
Marketing consent
If you opt in during registration, we record your consent to receive marketing communications, along with the date and time of consent.
2. Why We Collect It (Legal Bases)
We process your data for the following purposes, each with a specific legal basis under GDPR Article 6:
-
To provide and personalise the search and collection-tracking service.Contract
-
To authenticate your account and manage your subscription tier.Contract
-
To save your preferences, searches, and collection data across sessions.Contract
-
To monitor and enforce usage limits (e.g. free-tier search caps).Legitimate interest
-
To improve the platform through aggregated, anonymised analytics.Legitimate interest
-
To communicate important service updates or respond to support requests.Legitimate interest
-
To send optional marketing or feature announcements.Consent
-
To comply with legal obligations and prevent fraud or abuse.Legal obligation
3. How We Store & Protect Your Data
Your data is stored on servers located within the European Union (EU), ensuring compliance with GDPR data-residency requirements. The infrastructure uses a secure, managed cloud database with encryption at rest and in transit (TLS). Access to the database is restricted to authorised services via row-level security policies and API-key authentication.
We do not transfer your personal data outside the EU/EEA. Should this ever change, we will update this policy and ensure appropriate safeguards (e.g. Standard Contractual Clauses) are in place before any transfer occurs.
Passwords are never stored in plain text; authentication is handled via industry-standard hashing and token-based sessions.
4. Data Retention Periods
We retain personal data only as long as necessary for the purposes described in this policy:
| Data type | Retention period |
|---|---|
| Account & profile data | Until account deletion + 30 days |
| Search history & usage logs | Until account deletion (deleted immediately) |
| Collection, wishlist & saved items | Until account deletion (deleted immediately) |
| Marketing consent record | 30 days after account deletion |
| Server/security logs | 90 days (rolling) |
| Payment transaction records | 7 years (Dutch fiscal obligation, Art. 52 AWR) |
| Cookie consent preference | Browser local storage (you control) |
When you delete your account, all personal data listed above is purged according to these schedules. You can delete your account at any time from your account settings.
6. Your Rights (GDPR)
Under the GDPR and equivalent regulations, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten"). You can delete your account from Settings.
- Restriction: Ask us to restrict processing of your data in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at support@grooveguru.nl. We will respond within 30 days.
7. Contact & Complaints
If you have questions or concerns about this privacy policy or our data practices, please reach out:
Support & complaints: support@grooveguru.nl
If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). If you reside outside the Netherlands, you may also contact the supervisory authority in your country of residence.
8. Third-Party Sub-Processors
In accordance with GDPR Article 28, we use the following key sub-processors to deliver our service:
- Supabase Inc.: Cloud database and authentication (EU data region — Frankfurt, Germany).
- Stripe Inc.: Payment processing for subscriptions (certified PCI-DSS Level 1).
- Strato AG: Email hosting services (EU-based, Germany).
All sub-processors are bound by data-processing agreements that ensure GDPR-compliant handling of personal data. We will update this list if sub-processors change.
9. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes we will notify registered users by email or through a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.