Legal

Privacy Policy

Last updated: March 5, 2026

1. Scope

This Privacy Policy explains how DJ Reception processes personal data across our public website at dj.rs and our application at app.dj.rs, including booking, communication, billing, integrations, and support workflows.

  • Website (dj.rs): marketing pages, blog, waitlist form, contact form, and consent controls.
  • Application (app.dj.rs): authenticated workspace, booking workflows, customer communication workflows, integrations, and billing operations.
  • Shared operations: security, support, legal compliance, and service reliability.

2. Controller and processor roles

For account management, authentication, billing, security, and platform operations, DJ Reception acts as a controller. For customer data entered and managed by tenant businesses in the application workspace, DJ Reception generally acts as a processor on behalf of that tenant business, and the tenant business acts as the controller for that data.

3. Data we collect

  • Website data on dj.rs: waitlist email submissions, contact request details (name, email, company, topic, message), consent preference records, consent audit events, and basic technical metadata such as IP address and user-agent for form and consent events.
  • Website analytics data on dj.rs: page and event usage data through Google Analytics and Microsoft Clarity only after analytics consent where required.
  • Application account and identity data on app.dj.rs: user ID from identity provider, name/display name, email, role, tenant membership, and profile attributes.
  • Application booking and customer data on app.dj.rs: booking details, customer-provided contact details, assignment and status data, and booking channel metadata.
  • Application communication data on app.dj.rs: messaging payloads, message text, conversation state, notification events, and consent status where messaging channels are used.
  • Application billing and integration data on app.dj.rs: billing account metadata, subscription lifecycle records, Stripe customer and event references, and integration credential/token material for configured integrations.
  • Security and operations data on both: service logs, telemetry, error diagnostics, and security event records.

4. How we use data and legal bases

  • Provide and secure the service: contract performance and legitimate interests (security and abuse prevention).
  • Run bookings, reminders, and communication workflows in app.dj.rs: contract performance and legitimate interests.
  • Handle subscription billing and payment events in app.dj.rs: contract performance and legal obligations where applicable.
  • Run waitlist and contact handling on dj.rs: legitimate interests and pre-contract communications.
  • Measure and improve website performance on dj.rs: consent where required for analytics tooling.
  • Operate support and incident response: legitimate interests and contract performance.

5. Processing by platform

  • Google Analytics and Microsoft Clarity: used on dj.rs for marketing website analytics, subject to consent controls.
  • Waitlist and contact workflows: run on dj.rs and are used to respond to signup interest and support/sales inquiries.
  • Stripe billing, subscription workflows, and billing webhooks: used on app.dj.rs as part of application billing and subscription handling.
  • Authentication, booking operations, messaging integrations, and customer workflow data: handled on app.dj.rs.
  • Consent state and audit records: stored for website consent decisions and compliance logs on dj.rs infrastructure.
  • Security and reliability telemetry: used across both platform surfaces.

6. Cookies, local storage, and tracking

On dj.rs we use essential cookies for core site and admin session behavior, and we use local storage to remember analytics consent preferences. Analytics and diagnostic scripts are loaded only after consent where required. You can manage these controls through Cookie settings and our Cookie Policy.

7. Sharing and processors

We use service providers that process data on our behalf. Depending on platform surface and enabled features, processors may include identity providers, hosting and cloud tooling, analytics providers for dj.rs, and application processors such as Stripe, Twilio, Postmark, Google, Meta, and OpenAI for app.dj.rs features.

8. Retention

We retain personal data for as long as needed to provide services, maintain operational and security history, meet legal obligations, and resolve disputes. Retention periods differ by dataset and feature, and some operational records are cleaned using configured retention jobs.

9. Security

We use access controls, authentication and authorization safeguards, webhook signature validation for supported providers, protected secret/token handling, HTTPS transport protections, and operational monitoring controls designed to reduce security risk. No method of transmission or storage is completely secure.

10. International transfers

Some processors may process data outside your home jurisdiction. Where required, we use contractual and legal transfer mechanisms intended to provide appropriate safeguards.

11. Your rights

Depending on applicable law, you may have rights to access, correct, export, erase, restrict, object, or withdraw consent for certain processing. Submit requests through the contact form. For end-customer data controlled by a tenant business in app.dj.rs, requests should generally be directed to that tenant first.

12. Children

Our services are designed for business use and are not intended for children. Do not submit children’s personal data unless you have an appropriate lawful basis and required permissions.

13. Changes to this policy

We may update this policy from time to time. Material changes will be published with an updated date on this page.

14. Contact and tenant responsibilities

Privacy questions and requests can be submitted through the contact form.

Tenant businesses using app.dj.rs are responsible for providing legally required customer notices, obtaining required messaging consents, handling customer rights requests for data they control, and configuring integrations in compliance with applicable law.