SauceGate

Privacy Policy

Effective date: 25 March 2026

Last updated: 25 March 2026

1. Data Controller

Imie i nazwisko
Poland

Contact email: legal@saucegate.pro
For privacy-related inquiries, please contact: privacy@saucegate.pro

2. Data We Collect

Creators

  • email address
  • display name
  • authentication data processed via Supabase Auth

Visitors

When a visitor interacts with a Gate, we may process:

  • a randomly generated anonymous visitor identifier (visitorId)
  • event timestamps
  • temporary SoundCloud access token (stored encrypted in HTTP-only cookies, maximum 10 minutes)

The visitorId:

  • is randomly generated
  • does not contain personally identifiable information
  • is not linked to email, account data, or SoundCloud profile data
  • is not used for cross-site tracking
  • is used solely to maintain analytics integrity and prevent duplicate event counting

We do not store IP addresses, user-agent strings, or device fingerprints in our application database.

Hosting providers may temporarily process IP addresses and technical request logs for security and infrastructure monitoring purposes.

3. Analytics

SauceGate uses internal analytics mechanisms to measure:

  • gate visits
  • unlock attempts
  • successful completions

The anonymous visitorId and event timestamps are used exclusively to:

  • prevent duplicate counting
  • ensure accurate statistics
  • prevent abuse

Where third-party analytics tools are used, non-essential analytics cookies are activated only after user consent where required by law.

4. Legal Basis (GDPR)

We process personal data based on:

  • performance of a contract (account creation and service operation)
  • legitimate interest (service security, analytics integrity, abuse prevention, and infrastructure stability)
  • user consent (for optional analytics cookies where applicable)

5. Data Retention

  • Creator account data: until deleted by the user
  • Anonymous visitorId and related event timestamps: retained for up to 90 days
  • Temporary SoundCloud tokens: maximum 10 minutes
  • Security logs maintained by hosting providers: retained according to provider policies

6. Data Sharing

We may share data with service providers such as:

  • Supabase (EU - Ireland)
  • Vercel (EU - Dublin)
  • Resend (email delivery)
  • Analytics providers (if enabled)
  • SoundCloud (OAuth integration)

We do not sell personal data.

7. International Transfers

Data is stored within the European Union.

If data is transferred outside the EU by third-party providers, appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms apply.

8. Your Rights

You have the right to:

  • access your data
  • correct inaccurate data
  • request deletion
  • object to processing
  • restrict processing
  • data portability
  • withdraw consent (where processing is based on consent)
  • lodge a complaint with your local data protection authority

To exercise your rights, contact: privacy@saucegate.pro

9. Automated Decision-Making

SauceGate does not engage in automated decision-making or profiling.

10. Security

We implement encrypted authentication flows, secure EU-based hosting, and encrypted temporary token storage.

11. Changes

This Privacy Policy may be updated periodically. The "Last updated" date reflects changes.

Related legal pages