Legal

Privacy Policy

Last updated: March 2026 · SoundIn Limited · SC850719 · Registered with the ICO

Who We Are

SoundIn Limited (SC850719), registered in Scotland, is the data controller for account and usage data collected through the Holocron platform. For venue operational data entered by you and your team - including incident logs, attendance records, and revenue data - SoundIn Limited acts as a data processor on your behalf. You remain the data controller for that information. We are registered with the Information Commissioner's Office (ICO) and operate in full compliance with the UK Data Protection Act 2018 and UK GDPR.

What We Collect

Account data

Name, username, email address, hashed password

Venue operational data

Attendance records, incident logs, ticket and revenue data, social metrics - entered by you and your team

Usage data

Page views, session logs, feature interactions - used to improve the platform

Why We Process It

Contract

To deliver the platform and fulfil our service obligations to you.

Legitimate Interests

Security monitoring, fraud prevention, and platform improvement.

Legal Obligation

Where required by law or regulatory authority.

Consent

For optional communications. You can withdraw consent at any time.

How It's Stored

All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Data is stored exclusively in UK/EU data centres on infrastructure certified to ISO 27001. Schema-per-tenant isolation means your venue's data - including incident logs and compliance records - is held in a dedicated database schema, structurally separated from all other customers at the infrastructure level. This is an architectural separation, not a row-level filter.

Data Retention

Active accountRetained for the duration of the contract plus 30 days

Trial dataDeleted 30 days after trial expiry

Backup retention90 days

Your Rights

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your personal data, subject to legal obligations.

Portability

Receive your data in a structured, machine-readable format.

Restriction

Ask us to limit how we process your data in certain circumstances.

Objection

Object to processing based on legitimate interests.

Third-Party Processors

SupabaseDatabase infrastructure and hosting

StripePayment processing and billing

VercelApplication hosting and edge functions

PostHogProduct analytics (EU region - no data sold to third parties)

SentryError tracking and performance monitoring

We do not share your data with advertisers, data brokers, or marketing platforms. We do not sell data.

Cookies & Analytics

We use httpOnly session cookies for authentication. These are invalidated immediately on logout and expire automatically after 24 hours of inactivity.

We use PostHog for product analytics to understand how the platform is used and to improve the experience. PostHog sets first-party cookies for session tracking and user identification across visits. All analytics data is processed and stored in the EU (PostHog EU region). We do not use advertising cookies and no analytics data is sold to third parties.

We also use Sentry for error tracking, which may set cookies for session replay and performance monitoring. This data is used solely for debugging and improving platform reliability.

Contact & Complaints

To exercise your rights or ask any questions about how we process data, contact us at privacy@holocron.scot. We aim to respond within 5 business days and are required to do so within 30 days under UK GDPR. If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.