Privacy Policy

Last updated: April 1, 2026

1. Data Controller

SiliconIslands AB, registered in Sweden, is the data controller for personal data processed through PlaceProfile.us. For venue data you submit, you are the data controller and we act as data processor (see our Data Processing Agreement).

2. What Data We Collect

Account Information

• Name, email address, and password (hashed)
• Billing information processed by Stripe (we do not store card numbers)

Venue Data

• Venue name, type, location, description, and opening hours
• Playlist metadata (track titles, artist names, audio features)
• Atmospheric profile data derived from music analysis

Bot Visit Analytics

• AI crawler identifiers (user-agent strings)
• Visit timestamps and frequency
• SHA-256 hashed IP addresses only — we never store raw IP addresses

3. What We Do NOT Collect

• Raw IP addresses of visitors (SHA-256 hashed only)
• Personal data of your venue's customers
• Browsing behavior, tracking cookies, or advertising identifiers
• Audio files — only metadata is processed

4. Legal Basis for Processing

We process personal data based on:

• Contract performance: Account and venue data necessary to provide the Service
• Legitimate interest: Bot visit analytics to demonstrate Service value
• Legal obligation: Billing records as required by Swedish tax law

5. Data Sharing

We do not sell, rent, or share personal data with third parties for advertising or marketing purposes. Data is shared only with:

• Stripe: Payment processing
• Infrastructure providers: Hosting and CDN services necessary to operate the Service

Venue profile data is published on permanent URLs specifically for AI crawlers to index — this is the core purpose of the Service.

6. Data Retention

Account data is retained while your account is active. Upon account deletion, personal data is removed within 30 days. Billing records are retained for 7 years as required by Swedish accounting law. Anonymized analytics may be retained indefinitely.

7. Your Rights (GDPR)

As a data subject under EU/EEA law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Data portability: Receive your data in a structured, machine-readable format
• Restriction: Restrict processing of your personal data
• Objection: Object to processing based on legitimate interest

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. International Transfers

Data is primarily processed within the EU/EEA. If data is transferred outside the EEA, we ensure adequate protections through Standard Contractual Clauses or equivalent mechanisms.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit and at rest, access controls, and regular security reviews.

10. Changes to This Policy

We will notify you of material changes via email at least 30 days before they take effect.

11. Supervisory Authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.

12. Contact

SiliconIslands AB
Sweden
Email: [email protected]