PRIVACY POLICY

Last updated: May 15, 2026

Who we are

Badger is a music discovery tool operated by Greenlight Collective. It is a self-hosted service that helps users explore and discover music available on publicly accessible music platforms.

What we collect

We collect and store the following data when you use Badger:

—Account data: Email address, hashed password (managed by Supabase Auth).

—Profile: Username, optional public music profile URL, optional bio.

—Sessions & saved items: Named sessions you create, and the items you save to them (title, artist, URL, price).

—Feedback: Any bug reports or feature requests you submit via the feedback form.

—Browser storage: Several keys in your browser's localStorage to remember your active session, filter preferences, and tutorial progress. These are listed in the Cookies & Browser Storage section below.

Information from publicly accessible pages

Badger provides music discovery and filtering features by processing limited information from publicly accessible music-related web pages. When you submit a URL, the service reads publicly available page information to identify related music items.

This processing is limited to publicly accessible content. We store only public item identifiers and item URLs — not personal details such as real names, email addresses, or payment information. Temporarily stored data is subject to automatic expiry (see Data Retention below). We do not use third-party account credentials to access private content, and we do not intentionally access private accounts or non-public information from third-party services.

If you have linked an optional public music profile URL in your profile, we may process your publicly listed collection to enable account-specific filtering features. This data is stored only for your account and is deleted when you delete your account or remove your linked profile URL.

If you believe that publicly accessible information relating to you has been processed by this service and you would like it removed, please contact us at the address below.

Legal basis for processing

—Contract performance (Art. 6(1)(b)): Account data, sessions, and saved items — necessary to provide the service you signed up for.

—Legitimate interest (Art. 6(1)(f)): Limited, temporary processing of publicly accessible page information for music discovery purposes. The information processed is already publicly available, is stored in minimised form, and is subject to automatic expiry.

Data retention

—Temporary page data: Retained only as long as reasonably necessary for the service to function, and subject to automatic expiry.

—Linked collection data: Stored until you delete your account or remove your linked profile URL.

—Account data: Stored until you delete your account.

What we do not do

We want to be clear about what Badger does not do:

—No sale of personal information: We do not sell, rent, or trade personal information to any third party.

—No private account access: We do not access private accounts, non-public content, or payment information on any third-party service.

—No tracking or advertising: We do not use third-party analytics, advertising networks, or tracking technologies.

Cookies & browser storage

We use one authentication cookie set by Supabase to keep you logged in. It is strictly necessary and cannot be declined without logging you out.

We also use your browser's localStorage to store:

—digger_active_session_id / _cache: Your current session.

—digger_hide_owned: Whether the "hide owned" filter is enabled.

—digger_strategy / digger_exclude_source: Your last-used search strategy preferences.

—badger_tutorial_*: Tutorial progress (whether you've completed onboarding).

—badger_cookie_consent: Your cookie/storage consent choice.

All localStorage keys are prefixed digger_ or badger_ and are cleared when you sign out or delete your account.

No third-party cookies or tracking scripts are used.

Your rights

Under applicable data protection law, you may have the following rights:

—Access (Art. 15): Download all your data from the Profile page using the "Download my data" button.

—Erasure (Art. 17): Delete your account and all associated data from the Profile page using the "Delete account" button. Deletion is immediate and irreversible.

—Rectification (Art. 16): Update your username, linked profile URL, or bio at any time from the Profile page.

—Objection (Art. 21): To object to processing of your data under legitimate interest, contact us at the address below. We will assess your objection and respond promptly.

—Removal of public-page information: If publicly accessible information relating to you has been processed by this service and you would like it removed, contact us. We will take reasonable steps to address your request.

Third-party services

If you sign up or log in with Google, your authentication is handled by Google's OAuth service. Google receives your email address and basic profile info during sign-in. See Google's Privacy Policy for details.

Data storage & transfers

Badger is entirely self-hosted. We do not use managed cloud database services. All data is stored on infrastructure we control. No external CDNs, fonts, or tracking scripts are loaded — your browser only connects to this server.

Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit, hashed passwords, and row-level access controls. If you become aware of a potential security issue, please contact us promptly.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the service. Continued use of Badger after changes take effect constitutes acceptance of the updated policy.

Contact

For any privacy-related questions, to exercise your rights, or to request removal of information, email us at [email protected].