Legal

Privacy Policy

Last Modified: 21. February 2026

We are committed to protecting your personal information and ensuring transparency in how we collect and use it. This Privacy Policy applies to all users of the Spotcast platform, including talent, clients, and visitors to our website.

1. Data Controller

Spotcast OG Johannes Balog & Stefanie Koch Mannswörther Straße 57/3/8 2320 Mannswörth, Austria Email: privacy@spotcast.com

2. Data We Collect

2.1 Personal Information

We collect the following categories of personal data:

Account Information:

  • Full name
  • Email address
  • Phone number
  • Profile picture
  • Professional biography
  • Social media links
  • Payment information (processed by Stripe)

Booking Information:

  • Event details (date, time, location, type)
  • Client contact information
  • Booking requirements and preferences
  • Communication history

Website Usage:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referral sources

2.2 Automatically Collected Data

  • Cookies and similar technologies (see Section 8)
  • Analytics data (Google Analytics, only with your consent)
  • Security logs
  • Performance metrics

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary for booking services, payment processing, and platform functionality
  • Legitimate Interest (Art. 6(1)(f)): Security, platform improvement, fraud prevention, and AI-powered features (search, content assistance)
  • Consent (Art. 6(1)(a)): Analytics cookies (Google Analytics), marketing communications
  • Legal Obligation (Art. 6(1)(c)): Tax compliance, record keeping, and regulatory requirements

4. Purpose of Data Collection

We use your information for the following purposes:

Platform Operations:

  • Account creation and management
  • Booking facilitation and coordination
  • Payment processing and financial transactions
  • Communication between talent and clients

Service Improvement:

  • AI-powered search and content assistance (via OpenAI)
  • Platform security and fraud prevention
  • Customer support

Marketing (with consent):

  • Newsletter and promotional communications
  • Platform updates and announcements

5. Third-Party Services and Data Sharing

We use the following third-party services that may process your data:

5.1 Essential Services

Supabase (Database & Authentication)

  • Purpose: Secure data storage, user authentication, and API services
  • Data processed: All personal information, account data, booking information
  • Legal basis: Contract performance, legitimate interest
  • Privacy policy: https://supabase.com/privacy

Stripe (Payment Processing)

  • Purpose: Payment processing, subscription management, talent payouts via Stripe Connect
  • Data processed: Payment information, transaction details, billing addresses
  • Legal basis: Contract performance, legal obligation
  • Privacy policy: https://stripe.com/privacy

Cloudflare (Hosting, CDN & Security)

  • Purpose: Application hosting, content delivery, DDoS protection, bot protection (Turnstile)
  • Data processed: IP addresses, request logs, security events
  • Legal basis: Legitimate interest (security, infrastructure)
  • Privacy policy: https://www.cloudflare.com/privacy/

OpenAI (AI Features)

  • Purpose: Talent search (semantic matching), search suggestions, content writing assistance, and offering generation
  • Data processed: Search queries, talent profile data (name, profession, description, offerings), and user-authored text submitted for AI assistance
  • Legal basis: Legitimate interest (platform functionality), contract performance
  • Privacy policy: https://openai.com/privacy

5.2 Analytics and Marketing

Google Analytics

Brevo (Email Communications)

  • Purpose: Transactional and marketing email delivery, newsletter management
  • Data processed: Email addresses, communication preferences
  • Legal basis: Contract performance (transactional emails), consent (marketing emails)
  • Privacy policy: https://www.brevo.com/legal/privacypolicy/

5.3 Data Transfers

Some of our service providers may transfer data outside the EU/EEA. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)

6. Data Retention

We retain your personal data for the following periods:

Account Data: Until account deletion or 3 years of inactivity Booking Data: 7 years (legal requirement for business records under Austrian law — § 132 BAO) Analytics Data: 14 months Marketing Data: Until consent withdrawal Security Logs: 12 months

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Right of Access (Art. 15): Request copies of your personal data Right to Rectification (Art. 16): Correct inaccurate or incomplete data Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten") Right to Restrict Processing (Art. 18): Limit how we use your data Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format Right to Object (Art. 21): Object to processing based on legitimate interests Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

7.1 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@spotcast.com
  • Response time: Within 30 days (may be extended to 60 days for complex requests)

7.2 Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde Barichgasse 40-42 1030 Vienna, Austria Website: https://www.dsb.gv.at

8. Cookies and Tracking Technologies

8.1 Essential Cookies (Required)

These cookies are necessary for platform functionality and cannot be disabled:

CookiePurposeDuration
sb-*-auth-tokenSupabase authentication sessionSession
i18n_localeLanguage preference (en/de)1 year
Cloudflare cookies (__cf_bm, __cfruid)Bot protection and securitySession

We also use browser local storage for functional purposes such as storing your analytics consent preference.

8.2 Analytics Cookies (Optional — Consent Required)

Google Analytics cookies are only set after you give explicit consent via our consent dialog:

CookiePurposeDuration
_gaDistinguishes users2 years
_ga_*Maintains session state2 years

How consent works: When you first visit the platform, a dialog asks whether you accept analytics. You can choose "That's ok" to enable Google Analytics, or "Opt Out" to decline. You can change your preference at any time via the link in the website footer. Google Analytics is not loaded until you consent. Your preference is stored locally in your browser.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical Measures:

  • Encryption in transit (TLS) and at rest
  • Regular security updates
  • Access controls and authentication
  • Network security monitoring

Organizational Measures:

  • Limited access to personal data on a need-to-know basis
  • Regular security reviews
  • Incident response procedures

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it immediately.

11. International Data Transfers

Some of our service providers are located outside the EU/EEA (notably OpenAI and Cloudflare in the USA). We ensure adequate protection through Standard Contractual Clauses (SCCs) and applicable adequacy decisions.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or platform notification. The updated policy will be effective upon posting.

13. Contact Information

For any questions about this Privacy Policy or our data practices:

Email: privacy@spotcast.com

General Support

Email: support@spotcast.com