Privacy Policy

Last updated: June 27, 2026

1. Who We Are

HEADY.FM (“we,” “us,” or “our”) is an internet radio station independently operated by Johan Moreno (dba HEADY.FM). This Privacy Policy explains how we handle information when you visit heady.fm (“the Site”). Your use of the Site is also governed by our Terms of Service. For privacy requests, contact us at compliance@heady.fm.

2. Data We Collect

We collect information in two ways: information you provide directly, and information collected automatically.

a) Analytics Data

We use analytics tools to collect anonymous usage data by default, including:

  • Pages visited and time spent on each page
  • Referring website or search query
  • General geographic region (country/city — not precise location)
  • Device type, browser, and operating system
  • Session and engagement metrics

Analytics tools do not collect your name, email address, or any information that directly identifies you. You can opt out of analytics tracking at any time using the Cookie Preferences option in the site footer.

b) Account Information

If you create an account, we collect your email address and any profile information you provide (display name, avatar). This is stored securely via Supabase and is used solely to provide account features (saved songs, comments, preferences).

c) Functional Data

We use browser localStorage to remember your consent decision and audio player preferences. No cookies are used for this; no data is sent to any server.

3. Why We Collect It

  • Analytics: To understand how listeners use the site so we can improve the listening experience, fix bugs, and prioritize features.
  • Account features: To save your song library, post comments, and personalize your experience.
  • Functional preferences: To remember your audio and display settings across visits.

4. Marketing Pixels & Consent Mode

We use an opt-out model for analytics tracking. Analytics cookies are active by default when you visit the site. When you first visit, a non-blocking notice informs you that tracking is active and provides the option to opt out.

We collect analytics data only — we do not use trackers for advertising, remarketing, or user profiling. Ad storage, ad user data, and ad personalization signals are always denied. You can opt out of analytics tracking at any time via Cookie Preferences.

5. Your Rights — CCPA & CIPA

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Invasion of Privacy Act (CIPA):

  • Right to Know: You can request details about the personal information we collect and how it is used.
  • Right to Delete: You can request deletion of personal information we hold about you.
  • Right to Opt-Out of Sale: We do not sell personal information.
  • Right to Non-Discrimination: Opting out of tracking does not affect your access to HEADY.FM.

To exercise these rights, email compliance@heady.fm.

6. How to Opt Out

You have several options to opt out of analytics tracking:

  • Cookie Preferences: Use the Cookie Preferences button in the site footer to change your decision at any time.
  • Browser settings: Block third-party cookies in your browser settings (note: this may affect other site functionality).

7. Data Retention

Analytics data is retained for 14 months by default, after which it is automatically deleted. Account data is retained as long as your account is active. You can request deletion at any time by emailing compliance@heady.fm.

8. Service Providers We Use

We use trusted third-party services to operate the Site. Each provider only receives the data needed to perform its function and is contractually bound to handle it consistently with this policy.

  • Vercel — site hosting, deployment, and performance analytics.
  • Supabase — account, profile, and saved-song storage.
  • Google Analytics — aggregate traffic analytics (you can opt out via Cookie Preferences).
  • Sanity — content management for HEADYZINE articles and editorial content.
  • Payment processors — donations are processed by third-party payment providers under their own terms and privacy policies. We do not store full payment card details.

9. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information — including encryption in transit (HTTPS), encrypted storage at our service providers, and access controls on internal systems. No method of transmission or storage is 100% secure; you use the Site at your own risk. If we become aware of a security incident affecting your information, we will notify you and applicable regulators as required by law.

10. Children's Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact compliance@heady.fm and we will delete it.

11. International Users

The Site is operated from the United States. If you access it from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

If you are in the European Economic Area, the United Kingdom, or another region with comparable privacy rights, you may have additional rights, including the right to access, correct, port, or erase your personal information, and to object to or restrict its processing. To exercise these rights, email compliance@heady.fm.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be noted by updating the “Last updated” date at the top of this page.

13. Contact

For privacy-related questions or requests, contact: compliance@heady.fm