rezzy.one

Privacy Policy

Last updated: 11 February 2026

Rezzy.One (“we”, “us”, or “our”) is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and share your information when you use our website at rezzy.one and related services (the “Service”).

We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Rezzy.One is a UK-based platform for DJs, artists, event organisers, and music brands. For the purposes of data protection law, we are the data controller responsible for your personal data.

Contact: [email protected]

What Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, and password (or Google OAuth credentials) when you create an account
  • Profile information: performer name, handle, biography, genres, profile images, gallery images, social media links, and booking rate — provided voluntarily when you create an act profile
  • Event information: event names, descriptions, dates, locations, ticket prices, and images you upload when creating events
  • Brand information: brand names, descriptions, and images you upload when creating brands
  • Chat messages: messages you send through our in-platform chat feature, including message content, timestamps, and reactions
  • Usage data: pages visited, features used, browser type, device information, and IP address — collected automatically via cookies and analytics

How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To display your public profile, act pages, events, and brand pages to other users
  • To facilitate event invitations and brand collaboration requests
  • To send you notifications about invites, messages, and platform updates
  • To provide in-platform real-time chat functionality
  • To send transactional emails (e.g. invite notifications, email confirmation)
  • To improve and develop the Service
  • To detect, prevent, and address security issues

Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: processing necessary to provide the Service you signed up for (account management, profiles, events, chat)
  • Consent: where you have given explicit consent (e.g. optional analytics cookies)
  • Legitimate interest: improving the Service, preventing fraud, and ensuring platform security

Who We Share Your Data With

We do not sell your personal data. We share data with the following third parties only as necessary to provide the Service:

  • Supabase: database hosting and authentication (servers in the EU)
  • Cloudflare: CDN, image storage (R2), and DDoS protection
  • Vercel: website hosting and deployment
  • Amazon SES: transactional email delivery
  • Google: OAuth sign-in (if you choose to sign in with Google)
  • Umami: privacy-focused website analytics (no personal data collected)

All third-party processors are bound by data processing agreements and process data only on our instructions.

Publicly Visible Data

Certain data you provide is displayed publicly on the platform by design. This includes: public act profiles (performer name, bio, genres, images, social links), public event listings (event name, date, location, images), and brand pages. You control the visibility of your act profile via the public/private toggle in your settings.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Chat messages and event data may be retained in anonymised form for platform integrity.

Your Rights

Under UK GDPR, you have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure: ask us to delete your personal data
  • Restriction: ask us to restrict processing of your data in certain circumstances
  • Data portability: receive your data in a structured, commonly used format
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, email [email protected]. We will respond within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including: encrypted connections (HTTPS), secure password hashing, row-level security on database access, regular security reviews, and access controls limiting who can view your data.

International Data Transfers

Some of our third-party service providers are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including adequacy decisions and standard contractual clauses approved by the ICO.

Children's Privacy

Our Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child under 18 has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk.

Contact Us

If you have any questions about this privacy policy or our data practices, contact us at:

Email: [email protected]
Address: Rezzy.One, Folkestone, Kent, United Kingdom

Privacy Policy - Rezzy | Your Data Protection & Privacy Rights | Rezzy.One