1. Introduction

Jammeet values your privacy and is committed to protecting the personal data you entrust to us. This Privacy Policy explains which data we collect, the purposes for which we use it, the legal bases, how long we retain it, with whom we share it and what rights you have regarding your data. By using the platform you consent to the collection and processing of data in accordance with this Privacy Policy.

2. What Data We Collect

2.1. Data you provide to us directly.

• first and last name;
• email address;
• phone number (if you provide it);
• address (if required for services);
• username and password;
• profile information and biography/description of the musician or band;
• content you publish (photos, videos, descriptions, messages etc.);
• payment and billing data (if you use paid services) — note: card details are processed by payment providers, Jammeet does not store the full card number unless explicitly stated and secured.

2.2. Data collected automatically.

• IP address, device types, browser type and operating system;
• service usage data (access logs, visited pages, time of visits);
• data from cookies and web analytics

2.3. Facebook / Meta Login

• When you sign in with Facebook, Jammeet collects the Meta user ID and the primary email address returned by Facebook Login.
• We use this information solely to create and authenticate your Jammeet account and to map returning users to their account.

2.4. Other categories

• communications with support;
• data other users post about you (e.g., in comments, reviews);
• data necessary to fulfill legal obligations (e.g., accounting records).

3. Purposes and Legal Basis for Processing

We process your data for the following purposes, with the indicated legal basis:

• Registration and management of user account — performance of a contract (art. 6(1)(b) GDPR) and necessary processing to provide the service;
• Delivery and improvement of the service (platform functionality, profile display, responding to messages) — performance of a contract / legitimate interest (art.6(1)(b) and (f));
• Communication with users (notifications, responses to inquiries) — performance of a contract or consent for marketing messages;
• Marketing and promotional messages (newsletter, offers) — user consent (art. 6(1)(a)); the user may unsubscribe at any time;
• Analytics and improvement of the platform — Jammeet's legitimate interest (art.6(1)(f)) and/or consent for certain analytic cookies;
• Security, fraud prevention and compliance with the law — legitimate interest and/or legal obligation (art.6(1)(c)/(f));
• Payment processing — performance of a contract and processing by authorized payment processors;
• Archiving for accounting and legal obligations — legal obligation (art.6(1)(c)).

4. Who Has Access to Your Data / With Whom We Share Data

We share and allow access to data on a limited basis, only for the purposes set out in this Privacy Policy and according to the principle of least privilege.

• Internally: authorized Jammeet employees (support, administration) in accordance with the need-to-know principle;
• Processors: hosting providers, email and newsletter services, payment processors, analytics and security service providers (a list of main processors should be included);
• Third parties: publicly posted content may be visible to other users and third parties;
• Legal obligations: competent authorities or third parties when we are legally obliged to provide data;
• Data transfer in business changes: in case of sale or merger of the business, user data may be transferred to a third party as part of the transaction (with notification to users).

Platform Data (Facebook / Meta): We store Meta user IDs and primary email addresses returned by Facebook Login. These are stored in our database for authentication and account mapping. Processors that process Platform Data:

• DigitalOcean — hosting and database storage (droplet region: Frankfurt/fra1; control plane and backups may be accessed from other locations).
• Resend — transactional email delivery; processes email addresses for message delivery (sending region: Ireland/eu-west-1; account metadata may be stored/processed in the United States).

We do not share Meta Platform Data with other third parties except where required by law, or as described above. If we forward Platform Data to analytics, monitoring, or anti-fraud providers, we will list them here and in our Data Processing Agreements.

Before sharing with processors Jammeet will conclude appropriate data processing agreements and ensure adequate data protection.

5. Transfers Outside the European Economic Area (EEA)

Service providers we use may process data in countries outside the EEA. In such cases Jammeet ensures an adequate level of protection (e.g., standard contractual clauses, adequacy decisions or other legally accepted measures). If you have questions about international transfers, contact us at [email protected].

6. Data Retention Periods

We retain data as long as necessary to achieve the purpose for which they were collected, unless the law requires or permits a longer period. Examples of recommended periods:

• Account and profile data: while the account is active + a reasonable period after account closure for security and potential legal claims (recommendation: 1–3 years);
• Transactional and accounting data: in accordance with legal obligations (e.g., retention for tax/accounting records — depending on local laws);
• Logs and metric data: typically 6–24 months depending on purpose (security, analytics);
• Data for marketing notifications: while you have given consent or until you unsubscribe;
• Content you publish: until you delete it manually in Edit Profile Dashboard or until Jammeet removes content in accordance with the Terms of Use.

If you want deletion of data before the retention period expires, you can request deletion (see section 'Your Rights') or manually delete it in Edit Profile Dashboard. Note: in some cases Jammeet is legally required to retain certain data longer.

7. Your Rights (under the GDPR)

You have the following rights regarding your personal data. To exercise your rights send a request to [email protected]. We will respond in accordance with applicable statutory deadlines.

• Right to access the data we process about you;
• Right to rectification of inaccurate or incomplete data;
• Right to erasure ('right to be forgotten') within the limits of the law;
• Right to restriction of processing in certain circumstances;
• Right to data portability (where applicable);
• Right to object to processing based on legitimate interest or for direct marketing;
• Right to withdraw consent (if processing was based on consent);
• Right to lodge a complaint with a supervisory authority (in Croatia: AZOP).

The response period is usually one month; it may be extended by an additional two months in complex cases with notice.

8. Cookies

Jammeet uses cookies and similar technologies for basic website functionality, analytics and content personalization. On first visit we display cookie information and request consent for cookies that are not strictly necessary.

9. Data Security

We take reasonable technical and organizational measures to protect personal data from unauthorized access, loss, misuse or alteration. Examples of measures include encryption during transfer (TLS/HTTPS), access restrictions to data, security procedures and regular system checks. Despite measures taken, no system is completely secure — therefore we ask you to be careful when sharing sensitive data.

10. Changes to the Privacy Policy

We may periodically update this Policy. If we introduce significant changes, we will notify you by a prominent notice on the website or by email. The date of the last revision is indicated at the top of the document.

11. Contact and Exercising Rights

For questions about this Policy or to exercise your rights contact us:

• E-mail: [email protected];
• If you are not satisfied with how we process your data, you have the right to file a complaint with the competent data protection authority (in Croatia: AZOP).

12. Additional Notes

This document serves as the Privacy Policy for the Jammeet platform. Specific campaigns, competitions or integrations with third-party services may have additional specific consent provisions; in such cases we will notify you separately. Jammeet does not sell your personal data to third parties for marketing purposes without your explicit consent.