Privacy Policy

This Privacy Policy explains how A.T.O.H. International e.K. (“we,” “us,” or “our”) collects, uses, and shares your personal data when you use TIP-DJ (the “Service”). We are committed to protecting your privacy and being transparent about our data practices.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

We are the data controller responsible for your personal data.

Company: A.T.O.H. International e.K.

Address: Meiendorfer Rund 47, 22145 Hamburg, Germany

Email: info@tip-dj.com

Data Protection Contact: info@tip-dj.com

If you have questions about how we handle your data, contact us using the details above.

2. Data We Collect

We collect different data depending on how you use the Service.

2.1 DJ Account Holders

When you create a DJ account, we collect:

• Identity Data: Email, username, stage name
• Contact Data: Email address, phone number (optional)
• Payment Data: Stripe Connect account information (for receiving payouts)
• Profile Data: Bio
• Audio Data: Short audio samples or acoustic fingerprints collected via your device microphone while the app is active. This data is used solely to verify that a requested song has been played.
• Transaction Data: Tips received, payout history
• Technical Data: IP address, user agent, browser type
• Usage Data: Login history, session data

2.2 Users Who Send Tips

When you tip a DJ, we collect:

• Transaction Data: Tip amount, recipient, date and time, optional message
• Payment Data: Card last 4 digits and expiry (processed by Stripe, we do not store full card numbers)
• Optional Data: Your name and email (if you provide them for guest tips)
• Technical Data: IP address, user agent, browser type

2.3 Data From Other Sources

We may receive data from:

• Payment Processors: Transaction confirmations, fraud screening results, chargeback information from Stripe

3. How We Use Your Data

We use your data for specific purposes, each supported by a legal basis under GDPR.

3.1 To Provide the Service (Legal Basis: Contract)

We process your data to deliver the Service you signed up for:

• Creating and managing your account
• Processing tips and payments
• Verification of Service: Analyzing audio from your device to confirm that an “Accepted” song request was actually played.
• Sending transaction confirmations and receipts
• Facilitating payouts to DJs
• Providing customer support

3.2 To Comply with Legal Obligations (Legal Basis: Legal Obligation)

We process data when required by law:

• Tax reporting and financial record-keeping
• Responding to lawful requests from authorities

3.3 For Our Legitimate Business Interests (Legal Basis: Legitimate Interests)

We process data for purposes that benefit our business, where those interests do not override your rights. We have conducted balancing assessments for each activity below.

Fraud Prevention and Security

• Detecting and preventing fraudulent transactions
• Protecting against unauthorized account access
• Monitoring for suspicious activity patterns
• Maintaining platform security and integrity

Service Improvement and Analytics

• Analyzing how users interact with the Service
• Identifying technical issues and bugs
• Understanding feature usage to guide development
• Measuring Service performance

Business Operations

• Internal reporting and business planning
• Quality assurance and training
• Enforcing our terms and conditions
• Protecting our legal rights

Communications

• Sending service-related announcements
• Notifying you of changes to the Service or policies
• Responding to inquiries

You have the right to object to processing based on legitimate interests. See Section 8 for details.

4. Who We Share Your Data With

We share your data with the following categories of recipients:

4.1 Payment Processors

We use Stripe to process payments. They receive transaction data and payment details necessary to complete tips and payouts. Stripe acts as both:

• A data processor handling payments on our behalf
• An independent data controller for their own purposes (fraud prevention, regulatory compliance)

See their privacy policy: stripe.com/privacy

4.2 Service Providers

We work with companies that help us operate the Service:

• Hosting: Google Cloud Platform (infrastructure hosted in Belgium, EU)
• Email: IONOS (transactional emails, hosted in Germany, EU)
• Song Search: Deezer (song metadata and search)
• Audio Recognition: ACRCloud (audio fingerprinting for song detection)

These providers only process data on our instructions and under contractual protections.

4.3 Financial Institutions and Networks

To process payments, data flows through:

• Card networks (Visa, Mastercard, etc.)
• Banking partners for payouts

4.4 Regulatory and Legal

We share data when required by law:

• Tax authorities for earnings reporting
• Law enforcement in response to valid legal requests
• Regulators investigating complaints or compliance

4.5 Business Transfers

If we sell, merge, or restructure our business, your data may transfer to the new owner. We will notify you of any such change.

4.6 With Your Direction

• DJ profile information is publicly visible to users
• When you tip a DJ, they see your display name (if provided) and tip amount

5. International Transfers

Your data is primarily stored within the European Economic Area (EEA):

• Primary infrastructure: Belgium (Google Cloud Platform europe-west1)
• Email services: Germany (IONOS)

Some data may be transferred outside the EEA:

• Stripe: United States (for payment processing)

When we transfer data internationally, we use appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with an adequacy decision from the European Commission

Contact us if you want details about specific transfer safeguards.

6. How Long We Keep Your Data

We keep your data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

When you delete your account, we anonymize your personal data (removing your name, email, and contact details) rather than fully deleting it. This allows us to maintain transaction records for financial compliance while removing your personal identifiers. Transaction history is retained with anonymized sender information. Data required for legal compliance is retained for the periods above.

7. How We Protect Your Data

We implement technical and organizational measures to protect your data:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting who can view your data
• Regular security assessments and monitoring
• Employee training on data protection
• PCI-DSS compliance for payment data handling

No system is completely secure. If you believe your account has been compromised, contact us immediately.

8. Your Rights

Under GDPR, you have the following rights over your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data. You can also update most information directly in your account settings.

Right to Erasure (“Right to be Forgotten”)

You can ask us to delete your personal data. We will comply unless we need to keep it for:

• Legal obligations (tax records, AML requirements)
• Establishing or defending legal claims
• Other lawful reasons

You can delete your account at any time through your account settings.

Right to Restriction

You can ask us to limit how we use your data while we resolve a concern.

Right to Data Portability

You can request your data in a structured, machine-readable format (CSV). This applies to data you provided to us that we process based on consent or contract. You can download your data through your account settings.

Right to Object

You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.

For direct marketing, your right to object is absolute, we will always stop.

How to Exercise Your Rights

• Account settings: Access, download, correct, or delete your data directly
• Email: Contact info@tip-dj.com with your request
• Response time: We respond within one month. Complex requests may take up to three months (we will notify you).
• Verification: We may need to verify your identity before processing requests.

Right to Complain

You have the right to lodge a complaint with a supervisory authority. For the UK, this is the Information Commissioner's Office (ico.org.uk). For EU countries, contact your local data protection authority.

9. Automated Decision-Making

We use automated systems for:

Fraud Detection: Transactions may be flagged or blocked automatically by Stripe based on risk signals (unusual amounts, location mismatches, velocity patterns). You can contest decisions by contacting support.

We do not make decisions based solely on automated processing that produce legal effects or significantly affect you without human involvement, unless required for contract performance or authorized by law.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their policies before providing any data.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on the Service
• Emailing you (for significant changes)
• Updating the “Last Updated” date above

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

We aim to resolve all concerns directly. If you are not satisfied with our response, you may contact your local data protection authority.