Privacy Policy
This Privacy Policy describes how GO DJ LLC ("Go DJ," "we," "us," or "our") collects, uses, shares, and protects information when you use the Go DJ service at app.godjapp.com (the "Service"). GO DJ LLC is located at 32680 Ann Arbor Trail, Westland, Michigan, USA.
We've tried to write this in plain English. Where we use technical terms, we've tried to define them. If anything is unclear, contact us at legal@godjapp.com.
1. Summary (the short version)
- We collect the minimum personal information needed to run the Service: name, email, login credentials (via Supabase), and metadata about your activity in the Service (queue activity, credit transactions, admin actions).
- We use third-party services to run Go DJ: Supabase (database & auth), Vercel (frontend hosting), Railway (backend hosting), Stripe (payments), YouTube (music playback), Salesforce (optional CRM integration), Resend (transactional email).
- We do not sell your personal information.
- We do not collect SSNs, health data, or financial account numbers. Stripe handles all payment data; we never see your full credit card number.
- You can request deletion of your account and personal information at any time by emailing legal@godjapp.com.
The full policy below has the details.
2. Information We Collect
2.1 Information you give us
When you create an account or use the Service, we collect:
- Account info: name, email address, password (stored as a hash by our auth provider Supabase — we never see your plaintext password)
- Organization info: company name, address, billing details (provided to Stripe for payment processing)
- Configuration: credit rules, webhook configurations, plan selection, music source preferences
- Communications: support emails or feedback you send us
2.2 Information generated when you use the Service
- Usage data: songs queued, votes, credits earned and spent, admin actions, sync events
- Device & technical data: IP address, browser type, operating system, device identifiers, page views, click events, error logs (collected by our hosting providers and the Service itself for debugging and performance)
- Cookies & local storage: session tokens (issued by Supabase Auth), feature preferences. We don't use third-party advertising cookies.
2.3 Information from integrations you authorize
If you connect a third-party service (YouTube, Salesforce), we receive only the data you authorize during the OAuth flow:
- YouTube: access to play YouTube videos via the YouTube Data API Services; we do not access your YouTube account beyond playback. When you use YouTube features within the Service, Google's collection and processing of your data is governed by the Google Privacy Policy, and your use of YouTube is subject to the YouTube Terms of Service. You can revoke Go DJ's access to your Google/YouTube account at any time via Google's security settings page.
- Salesforce: the objects, fields, and records you authorize during OAuth — typically Opportunity, Lead, Contact, Account, Case, and any custom objects relevant to your credit rules. We do NOT receive your Salesforce password.
2.4 Information we do NOT collect
- We do not collect Social Security Numbers (SSNs), driver's license numbers, or government IDs
- We do not collect health information
- We do not collect financial account numbers, full credit card numbers, or bank account details (Stripe handles all of that)
- We do not collect children's information (the Service is not directed to anyone under 18)
3. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Authenticate your account and secure your data
- Process payments and manage subscriptions (via Stripe)
- Send transactional emails (account confirmations, billing receipts, support replies)
- Process credit-rule events from your CRM and update your account credits
- Detect, investigate, and prevent abuse, fraud, or violations of our Terms
- Improve the Service (analyze aggregated usage patterns, debug errors)
- Comply with legal obligations
- Communicate with you about updates, support, and (with your consent) product news
We do not use your data for advertising or sell it to advertisers.
4. Legal Bases (for users in the EU/UK)
If you're in the EU or UK, we process your personal data under these legal bases (GDPR Articles 6(1) and UK GDPR equivalents):
- Contract: to provide the Service you signed up for
- Legitimate interests: to secure, debug, and improve the Service
- Consent: for optional product news/marketing (you can withdraw at any time)
- Legal obligation: to comply with applicable laws
5. How We Share Information
We share information only as described below. We do not sell your personal information.
5.1 Service providers (sub-processors)
We share data with these third-party providers strictly to operate the Service:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication | Account info, configuration, usage data |
| Vercel | Frontend hosting | Standard web logs (IP, user agent, requests) |
| Railway | Backend hosting | Standard server logs |
| Stripe | Payment processing | Name, email, billing address, payment method (Stripe never shares full card data with us) |
| YouTube (Google) | Music playback | OAuth tokens or API key, video playback requests |
| Salesforce | Optional CRM integration | OAuth tokens, schema metadata, sync polling requests (only objects/fields you authorize) |
| Resend | Transactional email | Email address, name, message content |
These providers are contractually required to handle data in accordance with their terms and applicable law.
5.2 Within your Organization
If your account is part of an Organization (an "office" or "room" with admin and member users), other members of your Organization may see information you contribute to the shared experience: your display name, song requests, votes, credit balance, and admin actions in the audit log.
Organization admins can view member activity (credit history, queue actions, sync events) for their own Organization.
5.3 Legal and safety
We may disclose information if required by law, subpoena, court order, or government request, or to protect our rights, property, safety, or that of our users or the public.
5.4 Business transfers
If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We'll notify you (and where required, request consent) before personal information is transferred and becomes subject to a different privacy policy.
5.5 With your consent
We share other information only with your consent.
6. International Data Transfers
We are based in the United States, and our service providers (Supabase, Vercel, Railway, Stripe, etc.) may process data in the U.S. or other countries.
If you're in the EU/UK and we transfer your personal data to the U.S., we rely on Standard Contractual Clauses or other lawful transfer mechanisms required by GDPR.
7. Data Retention
We retain personal information only as long as needed to provide the Service and comply with our legal obligations:
- Account data: retained while your account is active and for up to 90 days after account deletion (to recover from accidental deletion and meet record-keeping requirements)
- Usage data: retained up to 24 months
- Billing records: retained for up to 7 years to comply with U.S. tax and accounting requirements
- Audit logs and security logs: retained up to 12 months
You can request earlier deletion by emailing legal@godjapp.com. Some data may be retained longer if required by law or to resolve disputes.
8. Your Rights and Choices
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request that we delete your personal information (subject to limitations for legal or operational reasons)
- Portability — request your data in a portable, machine-readable format
- Restriction or objection — limit or object to certain types of processing
- Withdraw consent — for processing based on consent
To exercise any of these, email us at legal@godjapp.com. We may need to verify your identity before responding. We'll respond within 30 days (or sooner where required by law).
If you're in the EU/UK, you also have the right to lodge a complaint with your data protection authority.
If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, the right to opt out of "sale" or "sharing" (we don't sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights.
9. Security
We use reasonable administrative, technical, and physical safeguards to protect your information, including:
- TLS encryption in transit
- Encryption at rest provided by Supabase, Stripe, and our other infrastructure providers
- Role-based access controls
- Regular rotation of API keys and credentials
- Security logging and monitoring
No system is 100% secure. If we become aware of a security breach affecting your personal information, we'll notify you and applicable regulators as required by law.
10. Cookies and Tracking
We use minimal cookies and local storage:
- Session tokens (set by Supabase Auth) to keep you logged in
- Preferences (e.g., theme, music source) stored in browser local storage
We do not use cross-site advertising cookies or third-party advertising trackers.
You can configure your browser to block or delete cookies, but parts of the Service may not work properly without them.
11. Children's Privacy
The Service is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children under those ages. If you believe a child has provided us with personal information, please contact us at legal@godjapp.com and we'll delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we'll notify you by email or through the Service at least thirty (30) days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact
Questions or requests regarding privacy? Contact us at:
GO DJ LLC
32680 Ann Arbor Trail
Westland, Michigan, USA
legal@godjapp.com