SINK.
LoginSign Up

Privacy Policy

Last updated: April 30, 2026

1. Who We Are

SINK ("we", "us", "our") operates the SINK platform, a curated internet radio service. This Privacy Policy explains what personal data we collect, why we use it, how long we keep it, and how you can exercise your rights.

2. Information We Collect

We collect the following categories of data:

  • Account data — email address, display name, role, timezone preference, password hash if you set a password, OAuth provider identifiers when you sign in with Google, Apple, or Facebook, account timestamps, and avatar references.
  • Player preferences — volume, normalization setting, last station snapshot, and preference update time so playback can resume across sessions and devices.
  • Media data — avatar metadata and object-storage keys for user-owned profile images.
  • Session data — session records, client category, device label, issued, last-used, expiry, and revocation timestamps. We do not store raw IP addresses or raw user-agent strings in session records.
  • Signed-out browse data — local player and interface state stored in the browser before sign-in.
  • Subscription data — internal access plan, subscription status, and relevant trial or period timestamps. Payment processing is not active yet.
  • Audit and security data — records of sensitive account, privacy, admin, and editorial actions such as export, deletion authorization, password changes, role changes, station moderation, and privileged user-list reads.
  • Operational data — route paths, timestamps, request metadata such as IP address, diagnostic logs, and performance metrics needed to secure and operate the Service.

3. How We Use Your Data

  • To provide the Service, including authentication, profile display, player continuity, station playback, and account settings.
  • To allow signed-out browsing before registration and keep player preferences on this device.
  • To secure accounts, detect abuse, investigate incidents, and keep evidence of sensitive privacy and administrative actions.
  • To track internal subscription/access status for account features once the plan model is finalized.
  • To operate, debug, and improve reliability of the Service using operational logs and performance monitoring.
  • To comply with legal obligations and respond to data subject requests.

We do not send marketing or product-update email unless a consent or communication preference model is available.

4. Legal Bases

We process account, authentication, playback, and subscription data because it is necessary to provide the Service you request. We process security, audit, and operational data based on our legitimate interests in protecting the Service and users. If payment processing is added later, related billing records will be documented before launch.

5. Payments

Payment processing is not active yet. Before paid subscriptions launch, we will document the selected payment provider, processing purpose, data categories, retention, and user rights in this policy and the processor register.

6. Data Sharing and Processors

We do not sell your personal data. We share data only with:

  • Google Cloud — production hosting, database, object storage, logs, DNS, and infrastructure monitoring.
  • Microsoft Azure — staging hosting, database, object storage, logs, and infrastructure monitoring.
  • Google, Apple, and Facebook — OAuth sign-in when you choose one of those providers.
  • New Relic — optional browser and service performance monitoring. Browser monitoring is configured without New Relic cookies.
  • Email provider — transactional email such as password reset and account/security messages when email delivery is enabled.
  • Authorities or legal advisers — when required by law or necessary to protect legal rights, users, or the Service.

7. Data Retention

  • Account, profile, player preference, session, subscription, and user-owned avatar rows are kept while your account is active.
  • When you delete your account, SINK revokes refresh sessions, deletes user-owned avatar blobs and media rows, deletes your account row, and database cascades remove account-owned rows such as subscriptions and password reset tokens.
  • Audit events keep action, time, and compact metadata needed for security and compliance evidence, but direct actor and target user references are redacted when your account is deleted.
  • Operational logs and monitoring data are retained only for bounded security, reliability, and incident-response purposes.
  • Signed-out browser state stays on this device until browser storage is cleared.
  • Payment records are not created by SINK while payment processing is inactive.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. Authenticated users can download an account export and request account deletion from Settings. Deletion requires recent password re-authentication. You can also contact us at privacy@sink.fm.

9. Cookies and Browser Storage

We use strictly necessary cookies for session management and authentication during OAuth sign-in. We do not use advertising cookies. Browser monitoring remains cookie-free unless a consent model is introduced. The web app also uses localStorage and sessionStorage for user-owned player state, metadata cache state, theme/preferences, signed-out browsing state, and short-lived interface state. After successful account deletion, the app clears user-owned browser storage.

10. Security

We use encrypted connections, access controls, refresh-token rotation, rate limits, audit events for sensitive actions, and operational monitoring to protect your data. We do not intentionally log passwords, raw tokens, authorization headers, cookies, request bodies, signed object-storage URLs, or full stream URLs with query strings. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. International Transfers

We may process data in the regions where our infrastructure and providers operate. When personal data is transferred internationally, we rely on appropriate contractual, technical, and organizational safeguards.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service. Continued use after changes constitutes acceptance of the updated policy.

13. Contact

Questions or requests regarding this Privacy Policy should be sent to privacy@sink.fm.

We use a small preference cookie to remember whether analytics cookies are allowed on this device. Read the cookie policy

Product

  • Pricing
  • Releases

Company

  • About
  • Careers
  • Contact
  • Press

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Refunds
  • Accessibility

© 2026 SINK FM. All rights reserved.

Status