Privacy Policy & Cookie Policy

Last updated: December 2025

At spotlight.cam, we respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information in compliance with GDPR/RODO regulations.

Information We Collect

Account Information

• Registration data: Email address, username, password (encrypted), first and last name
• Profile information: Optional profile details, social media links, location (country and city)
• WSDC integration: Optional WSDC ID for auto-filling profile data from worldsdc.com

Usage Data

• Activity logs: Login history, event participation, match requests, and chat activity
• Technical data: IP address (for security and rate limiting), browser type, device information
• Analytics: Page views, feature usage, and user interactions (via Google Analytics 4, only if cookies accepted)

Communication Data

• Chat messages: Event chat and private match chat messages (stored securely)
• Contact form submissions: Name, email, subject, and message content

Cookies We Use

We use cookies and similar technologies to provide you with a better experience. Here's what cookies we use:

Essential Cookies (Always Active)

• Authentication cookies: Keep you logged in securely (JWT tokens)
• Security cookies: CSRF protection, session management
• Preference cookies: Remember your settings and choices

These cookies are necessary for the platform to function and cannot be disabled.

Analytics Cookies (Optional)

• Google Analytics 4: Helps us understand how users interact with the platform
• Usage tracking: Page views, feature usage, user flow analysis

These cookies are only activated after you accept them via the cookie consent banner.

How We Use Your Data

We use your personal data for the following purposes:

• Account management: Create and maintain your user account
• Service delivery: Provide matchmaking, chat, WebRTC file transfer, and event participation features
• Communication: Send verification emails, password reset links, and service notifications
• Security: Prevent fraud, detect abuse, enforce rate limits, and protect user accounts
• Analytics: Improve the platform based on usage patterns (only if cookies accepted)
• Legal compliance: Maintain activity logs for security audits and comply with legal obligations

Data Sharing & Third Parties

We respect your privacy. Here's what we do and don't do with your data:

We DO:

• Use AWS SES for sending transactional emails (verification, password reset)
• Use Cloudflare for CAPTCHA (Turnstile) and WebRTC TURN/STUN servers
• Use Google Analytics 4 for usage analytics (only if you accept cookies)
• Integrate with worldsdc.com to auto-fill profile data (if you provide WSDC ID)

We DON'T:

• Sell your data to third parties or advertisers
• Share your personal information with anyone without your consent (except as required by law)
• Store your videos on our servers - WebRTC transfers are peer-to-peer and end-to-end encrypted

Data Security

We implement industry-standard security measures to protect your data:

• Password encryption: Passwords are hashed using bcrypt (10 salt rounds)
• JWT authentication: Secure token-based authentication with httpOnly cookies in production
• HTTPS encryption: All data transmitted over secure HTTPS connections
• Rate limiting: Protection against brute force attacks and spam
• Account lockout: Automatic account protection after failed login attempts
• WebRTC encryption: P2P file transfers are end-to-end encrypted (DTLS/SRTP)
• Database security: Parameterized queries prevent SQL injection attacks

Your Rights (GDPR/RODO)

Under GDPR/RODO, you have the following rights:

• Right to access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Delete your account and all associated data
• Right to data portability: Export your data in a machine-readable format
• Right to object: Object to certain types of data processing
• Right to withdraw consent: Withdraw cookie consent at any time

To exercise any of these rights, please contact us.

Data Retention

• Active accounts: Data retained as long as your account is active
• Deleted accounts: Personal data permanently deleted within 30 days of account deletion
• Activity logs: Security logs retained for 90 days for audit purposes
• Chat messages: Retained as long as the match/event exists or account is active

Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or prominent notice on the platform. The "Last updated" date at the top of this page shows when the policy was last revised.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us through our contact page.

---

spotlight.cam - Dance Event Video Exchange Platform
Built with privacy and security in mind. 🔒