← Back to CrateDigVinyl

Privacy Policy

Last updated: May 2026

CrateDigVinyl ("we", "us", "our") operates the website at www.cratedigvinyl.com. This policy explains what personal data we collect, why we collect it, and how it is used. We are committed to handling your data responsibly and in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

CrateDigVinyl is a vinyl record store finder. We help music lovers discover independent record stores near them. If you have any questions about this policy or how we handle your data, contact us at cratedigvinyl@gmail.com.

2. Data We Collect

When you use the site without an account:

• Your approximate location (latitude/longitude), requested by your browser and used only to find nearby stores. We do not store your location persistently.
• Usage data collected by Google Analytics (pages visited, interactions, device type, browser, country). This data is aggregated and anonymised.
• A cookie preference flag stored in your browser's local storage.

When you create an account and sign in:

• From Google Sign-In: your name, email address, and profile photo as provided by Google.
• From Facebook Login: your name and email address as provided by Facebook/Meta.
• From Microsoft Sign-In: your name and email address as provided by Microsoft.
• Profile information you choose to provide: a display name, username handle, Instagram handle, Discogs username, and general location (e.g. city).
• Reviews you write: text, star rating, genre tags, and photos you upload for a store.
• Stores you favourite: a list of store IDs and names you save.
• Your profile photo if you choose to upload one.

3. How We Use Your Data

• To authenticate you and maintain your account session.
• To display your reviews, profile, and saved favourites within the app.
• To allow other users to see your public reviews and display name.
• To improve the service using anonymised analytics data.
• To send you no marketing emails — we do not use your email for marketing.

Our lawful basis for processing your data is contract performance (to provide the service you signed up for) and legitimate interests (to maintain security and improve the service).

4. Data Sharing

We do not sell your personal data. We do not share your personal data with third parties for advertising purposes. We use the following third-party services to operate the site:

• Google Firebase (Authentication, Firestore database, Cloud Storage) — stores your account data, reviews, favourites, and uploaded photos. Data is held in Google's EU/EEA infrastructure. Firebase Privacy
• Google Analytics — anonymised usage analytics. Google Privacy Policy
• Google Maps Platform — used to display store locations and details. Google Privacy Policy
• Meta (Facebook Login) — used only to authenticate you if you choose to sign in with Facebook. We receive your name and email from Meta for account creation only. Meta Privacy Policy
• Microsoft (Sign-In) — used only to authenticate you if you choose to sign in with Microsoft. Microsoft Privacy Policy
• Google Cloud Run — hosts the application server in the EU (London region).

5. Cookies and Local Storage

We use browser local storage to remember your cookie preference and theme setting (light/dark mode). Google Analytics sets cookies to distinguish users and sessions. We do not use advertising or tracking cookies beyond Google Analytics.

6. Your Reviews and Public Content

Reviews you write, including your display name and any photos you upload, are visible to all users of the site. If you delete a review, it is permanently removed from our database. Your username and display name are public; your email address is never shown publicly.

7. Data Retention

• Account data: retained for as long as your account is active. You may request deletion at any time.
• Reviews and photos: retained until you delete them or request account deletion.
• Analytics data: retained per Google Analytics default settings (26 months).
• Location data: not stored beyond the duration of your search session.

8. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data — you can update your profile directly in the app.
• Delete your account and all associated data.
• Object to or restrict certain processing.
• Data portability — receive your data in a structured format.

To exercise any of these rights, email us at cratedigvinyl@gmail.com. We will respond within 30 days.

9. Children

CrateDigVinyl is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Security

We use industry-standard security measures including HTTPS, Firebase security rules, and server-side session authentication. No method of transmission over the internet is 100% secure, but we take reasonable precautions to protect your data.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests:
Email: cratedigvinyl@gmail.com
Website: www.cratedigvinyl.com

---

© 2026 CrateDigVinyl. All rights reserved.