Privacy policy

Effective May 10, 2026

northsound.fm is an editorial music discovery site operated by Northsound LLC (Ohio). This policy describes what we collect, why, and what you can do about it. We've tried to keep it short and specific to what we actually do — no boilerplate listing things that don't apply.

Short version

  • • We collect newsletter signups (only if you sign up), session cookies, and server logs that include your IP address.
  • • We don't sell your data. We don't run ads with tracking. We don't have any login system for visitors.
  • • Third-party services we use: Buttondown (newsletter), Cloudflare (CDN + bot protection), Laravel Cloud (hosting), Laravel Nightwatch (performance telemetry), Spotify Web API (catalog data, no user data sent).
  • • If you live in California or the EU, you have specific rights described below.

What we collect

Newsletter (only if you sign up)

If you subscribe to the newsletter, we collect the email address you submit. Subscriptions are handled by Buttondown; your email is stored on their service under their privacy policy. We use it only to send the curated weekly list you signed up for. You can unsubscribe from any email at any time — the link is in every issue.

Cookies

When you visit the site, the following cookies may be set:

  • Session cookies (northsoundfm-session, XSRF-TOKEN) — required for security and to remember your filter preferences across pages. Expire after 2 hours.
  • Visitor ID (ss_vid) — anonymous identifier used to distinguish unique visitors for traffic analysis. No personal data attached. Expires after 1 year.
  • Cloudflare bot management (__cf_bm) — set by Cloudflare to detect automated traffic. Required for site availability. See Cloudflare's privacy policy.

No third-party advertising or behavioral-tracking cookies are set. We do not use Google Analytics, Facebook Pixel, or similar tracking scripts.

Server logs

Our hosting provider (Laravel Cloud) and our error-monitoring service (Laravel Nightwatch) log standard request information: timestamp, URL requested, IP address, user agent, response code. This data is used to debug problems, monitor performance, and detect abuse. Logs are retained for up to 30 days and then deleted.

How we use it

  • Newsletter: to send the curated weekly issue you signed up for.
  • Cookies + session data: to keep the site functional and secure, and to count unique visitors so we know whether the site is being used.
  • Server logs: to debug errors, monitor performance, and detect abusive traffic patterns.

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

Third-party services we use

The following services handle parts of our infrastructure. Each has its own privacy policy:

  • Cloudflare — content delivery, DDoS protection, bot mitigation. Sees every request (including your IP).
  • Laravel Cloud — hosting + database. Stores access logs.
  • Laravel Nightwatch — performance monitoring. Sees request metadata + sampled query patterns.
  • Buttondown — newsletter delivery. Stores subscriber emails.
  • Spotify Web API — used server-to-server for catalog data (album covers, new releases). No visitor data is sent to Spotify.
  • MusicBrainz, Wikidata, Wikimedia Commons, Cover Art Archive — public catalog data sources. We fetch from them; they do not see visitor data.

Your rights

If you live in California (CCPA / CPRA)

You have the right to request a copy of the personal information we hold about you, to request its deletion, and to opt out of any sale or sharing of that information (we don't sell or share, so this rights' practical effect is nil here). Send requests to hello@northsound.fm. We respond within 45 days as required.

If you live in the EU / UK (GDPR / UK GDPR)

You have the right to access your data, correct it, delete it, restrict its processing, object to processing, and to data portability. The legal bases we rely on are: (a) consent (newsletter signup), and (b) legitimate interest (security logs, basic visitor analytics). Send requests to hello@northsound.fm. We respond within 30 days.

Everyone

You can unsubscribe from the newsletter at any time using the link in every issue. You can block or delete cookies in your browser settings — note that doing so may break some site functionality (session-based features, security).

How long we keep data

  • Newsletter email: until you unsubscribe or request deletion.
  • Server logs: up to 30 days, then deleted.
  • Performance telemetry: up to 90 days (Laravel Nightwatch default).
  • Cookies: as listed in the cookies section above.

Security

All traffic to the site is encrypted (HTTPS / TLS). Data at rest with our infrastructure providers (Laravel Cloud, Buttondown, Cloudflare) is encrypted per their own security practices. No system is perfectly secure; if we become aware of a breach affecting your personal information, we'll notify you and the relevant regulators as required by law.

Children

northsound.fm is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we've inadvertently received such information, contact us at hello@northsound.fm and we'll delete it.

Changes to this policy

If we materially change how we collect or use information, we'll update this page and revise the "Effective" date at the top. Significant changes (e.g. adding user accounts, adding new third-party data sharing) will also be announced in the newsletter so subscribers see the update.

Contact

Privacy questions, data requests, or anything related to this policy:

Email: hello@northsound.fm Mailing: Northsound LLC, 515 Oxford St., Napoleon, OH 43545, USA