Last updated: 25 May 2026
SonicBridge s. r. o.(“SonicBridge”, “we”, “us”) is the data controller responsible for your personal data.
This policy applies to all users of the SonicBridge platform (sonicbridge.io) and is governed by the EU General Data Protection Regulation (GDPR) and Act No. 18/2018 Coll. on the Protection of Personal Data (Slovakia).
Name, email address, password (hashed).
Legal basis: Performance of contract (Art. 6(1)(b) GDPR).
Profile photo, biography, location, genre preferences, social media links, platform links.
Legal basis: Performance of contract / Legitimate interest in providing personalised matching.
Audio files, release metadata (title, artist, ISRC, release date, artwork), submission notes.
Legal basis: Performance of contract.
Billing name, billing address, VAT number (optional). Card data is handled exclusively by Stripe — we never see or store raw card numbers. We store a record of each transaction (amount, date, Stripe session ID) for invoicing and legal retention obligations.
Legal basis: Performance of contract; Legal obligation (Slovak tax law, 10-year retention).
Log data (IP address, browser type, pages visited, timestamps), error reports, performance metrics. Vercel Analytics collects anonymised, cookieless page-view statistics — no personal identification is possible.
Legal basis: Legitimate interest in platform security and improvement.
Messages you send to us (support requests, feedback).
Legal basis: Legitimate interest.
We share your data only with the following trusted service providers, solely to operate the platform. Each is bound by GDPR-compliant data processing agreements or Standard Contractual Clauses (SCCs) for transfers outside the EU.
| Processor | Country | Purpose |
|---|---|---|
| Supabase Inc. | USA (data stored EU-West) | Database, user authentication, file storage |
| Mux, Inc. | USA | Audio and video processing and delivery |
| Stripe Payments Europe Limited | Ireland (EU) | Payment processing |
| Vercel Inc. | USA (EU edge network) | Hosting, serverless compute, anonymised analytics |
| Resend Inc. | USA | Transactional email delivery |
| Functional Software Inc. (Sentry) | USA | Error monitoring and crash reporting |
| SuperFaktúra s. r. o. | Slovakia (EU) | Invoice generation and VAT compliance |
We do not sell personal data to third parties. We do not use data brokers or advertising networks.
Some sub-processors are based in the United States. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, or on the EU-US Data Privacy Framework where applicable. Supabase stores your data in an EU-West region by default.
We use only strictly necessary cookies — specifically, session cookies set by Supabase to manage your authenticated session. No advertising, tracking, or third-party marketing cookies are used. Vercel Analytics is cookieless.
For full details, see our Cookie Policy.
Under GDPR you have the following rights. To exercise any of them, email legal@sonicbridge.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Slovak data protection authority: Úrad na ochranu osobných údajov SR, dataprotection.gov.sk.
We implement appropriate technical and organisational measures to protect your data — including encryption in transit (TLS) and at rest, access controls, row-level security on our database, and regular security reviews. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority in accordance with GDPR Article 33/34.
We may update this policy from time to time. Material changes will be communicated by email or a prominent notice on the platform at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the most recent version.
For any privacy-related questions or data subject requests, contact us at legal@sonicbridge.io.
See also: Legal notice (Imprint) · Cookie Policy