Legal

Privacy Policy

Effective: June 2026 Version 1.0

Short version: We collect only what's necessary to run the app — your email for login, a user ID, and your listening history to make the app work. We do not sell your data, run advertising on your personal information, or share it with third parties beyond the service providers listed below.

1. Who We Are

Evil en Lucifer ("Platform", "we", "us") is a digital preservation project dedicated to the cultural heritage of Visual Kei music. The Platform is operated independently and is not affiliated with any major record label or music corporation.

Contact: support@evilenlucifervk.com
Website: evilenlucifervk.com

2. Information We Collect

2.1 Account Data

When you create an account, we collect:

Email address — required for registration and authentication.
User ID — a unique identifier generated at registration (UUID format). This ID is used internally to associate your data.
Hashed password — stored in encrypted form. We never see or store your plain-text password.

2.2 Usage Data

While you use the app, we record:

Listening history — tracks and albums you play, along with timestamps. Used to power playback features, listening stats, and your personal library.
App interactions — feature usage events (e.g., which screens you visit, playlist actions). Collected in aggregate and anonymized via PostHog.
Social interactions — community memberships, posts, and reactions you create within the Platform (if you use social features).

2.3 Museum Archive Compliance Record

If you access the Museum Archive (orphan works collection), we store:

The timestamp and version of the Museum Access Terms you accepted.
Account eligibility confirmation.

This record is retained for compliance and rights-management purposes as long as your account exists.

2.4 Technical Data

For error monitoring and performance, we collect:

App version, platform (Android / iOS), and general device category (phone / tablet).
Crash reports and error stack traces (via Sentry — no personal identifiers included unless you voluntarily submit a bug report).

2.5 What We Do NOT Collect

We do not collect advertising identifiers (IDFA, GAID).
We do not collect your real name, phone number, address, or payment card data.
We do not track your location.
We do not access your contacts, camera, or microphone (beyond what you explicitly permit for in-app features).
We do not use any advertising SDK or data-broker integration.

3. How We Use Your Information

Purpose	Data used	Legal basis
Authenticate your account and keep you logged in	Email, user ID, session token	Contract (service provision)
Provide playback and library features	Listening history	Contract
Comply with Museum Archive access requirements	Museum terms acceptance record	Legal obligation / legitimate interest
Improve the app (analytics)	Anonymized usage events	Legitimate interest
Detect and fix crashes	Error reports (no PII)	Legitimate interest
Respond to your support requests	Email, information you provide	Contract / legitimate interest

4. Third-Party Services

We use a limited set of trusted service providers. Each operates under its own privacy policy.

Service	Role	Data shared	Sells data?
Supabase supabase.com	Database & authentication infrastructure	Email, user ID, listening history, community data, Museum compliance record	No
PostHog posthog.com	Product analytics (anonymized behavioral events)	Anonymized user ID, event names, app version, platform	No
Sentry sentry.io	Error monitoring & crash reporting	App version, platform, stack traces. No PII unless you submit a bug report.	No
Cloudflare cloudflare.com	CDN, DNS, and delivery infrastructure	Standard network-level data (IP address for routing, processed in transit)	No
Ko-fi ko-fi.com	Voluntary external support	Donations do not unlock in-app features, content, access, or benefits within the Google Play version of the app. Ko-fi handles all payment data independently under their own privacy policy.	No

We do not use Facebook Audience Network, Google AdMob, or any other advertising network.

5. Data Storage and Security

Your data is stored on Supabase infrastructure with encryption at rest and in transit (TLS). Access is restricted to authenticated application code; no third party has unrestricted access to the database.

We apply principle-of-least-privilege access controls and conduct periodic security reviews. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

6. Data Retention

Account data: retained as long as your account is active. Deleted within 30 days of an account deletion request.
Listening history: retained for the lifetime of your account. Can be cleared on request.
Museum Archive compliance record: retained for the lifetime of your account (compliance requirement).
Crash & error logs: retained for up to 90 days by Sentry.
Analytics events: retained for up to 12 months in PostHog (anonymized).

7. Your Rights

Depending on your jurisdiction (LGPD — Brazil, GDPR — European Union, CCPA — California), you have the right to:

Access — request a copy of personal data we hold about you.
Correction — request correction of inaccurate data.
Deletion — request deletion of your account and personal data ("right to be forgotten").
Portability — receive your data in a structured, machine-readable format.
Restriction / Objection — object to or restrict certain processing activities.
Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any right, email support@evilenlucifervk.com. We will respond within 30 days. We may need to verify your identity before processing the request.

8. Museum Archive — Special Notice

The Museum Archive contains content preserved under our cultural heritage framework. Access requires you to explicitly accept the Museum Archive Terms. Your acceptance — including the timestamp and terms version — is stored as a compliance record and cannot be deleted independently of your account, as it forms part of our rights-management audit trail.

9. Children's Privacy

The Platform is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

The Museum Archive is restricted to eligible verified accounts and is enforced at the server level.

10. International Transfers

Your data may be stored and processed in the United States (Supabase, PostHog, Sentry) and other countries where these providers operate. By using the Platform, you consent to this transfer. All providers are bound by data processing agreements or operate under recognized frameworks (EU-US Data Privacy Framework or equivalent).

11. Changes to This Policy

We may update this Privacy Policy periodically. For significant changes, we will notify you within the app. Your continued use of the Platform after changes take effect constitutes acceptance of the revised policy.

The "Effective" date at the top of this document reflects the date of the most recent revision.

12. Cookies and Similar Technologies

We may use strictly necessary cookies or similar technologies to operate the website, protect sessions, prevent abuse, and maintain security. If optional analytics cookies or similar technologies are introduced in the future, they will be disclosed and controlled through an appropriate consent mechanism where required.

13. Contact

For privacy-related requests or questions:

Email: support@evilenlucifervk.com
Website: evilenlucifervk.com

For copyright and rights inquiries: copyright@evilenlucifervk.com