Legal

Privacy Policy

Last updated: March 2026

1. What we collect

We collect your email address, phone number, and username when you create an account. We also collect the Spotify artist pages you interact with and the badges you mint. If you connect a payment method, Stripe processes your payment data — Circa never stores raw card numbers.

2. How we use it

Your email and phone number are used for account security and verification only. We do not send marketing emails unless you opt in. Your badge activity and profile are public by default — this is the core of the platform. Your wallet balance and transaction history are private to you.

3. Artist data

Listener counts displayed on Circa are sourced from publicly accessible Spotify artist pages — the same pages any user can visit without authentication. We do not collect or store any data from artist accounts, management, or labels. No personal data about artists is collected.

4. Sharing

We do not sell your personal data. We share data with:
  • Supabase — database and authentication infrastructure
  • Stripe — payment processing and payouts
  • Twilio — phone number verification (OTP only, not stored)
  • Pinata — IPFS metadata storage for badge records
Each of these providers has their own privacy policy governing how they handle data.

5. Blockchain records

When you mint a badge, a record is written to the Base blockchain. This is a public, permanent ledger. The record contains your wallet address, the artist identifier, the listener count at drop time, and a timestamp. This data cannot be deleted. Do not mint a badge if you do not want this information publicly and permanently recorded on-chain.

6. Data retention

You may delete your Circa account at any time from Settings. Deleting your account removes your profile, badges, and personal data from Circa's systems. On-chain records (token ownership history) are permanent and cannot be removed. Stripe retains transaction records as required by financial regulations.

7. Cookies

Circa uses session cookies for authentication only. We do not use third-party tracking cookies or advertising cookies. Analytics, if any, are aggregated and do not identify individual users.

8. Your rights

You have the right to access, correct, or delete your personal data. To request a data export or deletion, contact us at legal@circa.fm. We will respond within 30 days. Requests related to on-chain data cannot be fulfilled — see Section 5.

9. Contact

For privacy inquiries, contact us at legal@circa.fm.