Legal & Data Protection

Privacy Policy

This page explains how Gothic Codex handles personal data when you visit the site, use the music database, or contact us. We keep data collection minimal: optional accounts for enhanced features, no comments, no tracking beyond what is needed to keep the site running and to understand usage.

Last updated

06 December 2025

Jurisdiction

Switzerland (FADP) & EU GDPR (where applicable)

Scope

gothiccodex.com and related subpages

TL;DR (Plain-language summary)

We only collect data needed to run the site, keep it secure, and respond to you.
Analytics are optional and only load after you consent.
You can request access, correction, or deletion of your data at any time.
Some services process data outside Switzerland/EU with safeguards in place.

Contact for privacy

Questions or requests? Email us directly at privacy@gothiccodex.com.

Table of contents

Controller
Basic principles
Data you actively provide
Technical & server data
Cookies & local storage
Google Analytics & Tag Manager
Supabase & database access
External services
Data retention & sharing
Third-party processors
Your rights
Cookies control & opt-out
International data transfers
Children’s privacy

1. Controller

The operator responsible for data processing on this website is:

Gothic Codex
Meilen, Switzerland
Email: contact@gothiccodex.com

Gothic Codex is a non-commercial project documenting goth, industrial, darkwave and related music scenes.

2. Basic principles

We follow the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

We only process data that is necessary to:

Serve and secure the website
Understand anonymous usage patterns (if you consent to analytics)
Respond to messages you send us

We do not sell personal data. We do not run intrusive profiling or behavioural advertising.

3. Data you actively provide

User Accounts: You can optionally create an account (via email/password or social login) to save favorites, track attendance, and submit events. Your profile data is stored securely in our database.

Event Submissions: If you submit an event, the event details are public. Your user ID is linked to the submission for management purposes.

Contact: If you contact us via email, we process your message to respond.

4. Technical & server data

When you visit the site, your browser automatically sends technical information that may be stored in server logs, such as:

IP address (anonymised where possible)
Approximate region (country / city)
Browser type, operating system, device type
Visited pages and files
Date and time of access

This data is used for stability, security (e.g. detecting abuse) and troubleshooting. The legal basis is our legitimate interest in running a secure and functional website.

5. Data retention & sharing

We retain data only for as long as needed for the purposes below or required by law.

Data type	Purpose	Retention period
Server logs	Security, stability, troubleshooting	Up to 30 days, then deleted or anonymised
Analytics events (consented)	Understand site usage	Up to 14 months (GA4 default settings)
Account data	Provide login & saved features	Until you delete your account
Event submissions	Publish event information	Until event ends + 12 months
Support emails	Respond to requests	Up to 12 months after resolution

We do not sell personal data. Data is shared only with service providers required to operate the website (hosting, analytics, database, metadata, GeoIP).

6. Third-party processors

Vercel (Hosting & CDN): Hosts and delivers the website.
Google Analytics & Tag Manager: Optional analytics after consent.
Supabase: Database hosting and authentication.
Spotify API: Artist metadata and imagery.
GeoIP service: Regional legal routing (Impressum).

7. Your rights

Depending on the applicable law (Swiss FADP and/or GDPR), you may have the following rights:

Right of access (to know what data is processed)
Right to rectification (correction)
Right to erasure (deletion)
Right to restriction of processing
Right to object to certain processing based on legitimate interests
Right to data portability (where applicable)
Right to withdraw consent at any time
Right to lodge a complaint with a data protection authority

To exercise these rights, contact privacy@gothiccodex.com. We may ask for proof of identity.

8. International data transfers

Some processors (such as Google) may process data outside Switzerland/EU, including in the United States. Where this occurs, we rely on recognised safeguards such as standard contractual clauses and vendor security measures to protect your data.

9. Children’s privacy

Gothic Codex is intended for a general audience and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us and we will delete it.

Cookies & local storage

Gothic Codex keeps cookies and similar technologies to a minimum.

Essential storage (always used):

A localStorage entry to remember whether you accepted or declined analytics cookies (gc_cookie_consent).

This is required so the cookie banner does not appear on every page and to respect your choice. The legal basis is our legitimate interest in providing a usable website.

Analytics cookies (optional):

These are only set if you click “Accept” in the cookie banner. Without consent, no analytics cookies are created.

Google Analytics & Tag Manager

We use Google Analytics 4, implemented via Google Tag Manager, to understand how visitors use Gothic Codex (for example which pages are most viewed, from which countries traffic comes, and which features are popular).

Analytics is only loaded if you have explicitly accepted analytics via the cookie banner. If you decline, Google Analytics and Tag Manager are not loaded.

We use IP anonymisation and do not use Google Analytics data for personalised ads.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be processed by other Google entities (including in the USA). For details, see Google’s privacy policy: https://policies.google.com/privacy .

Supabase & database access

The Gothic Codex artist database is hosted on Supabase. When you browse the Music database, your browser sends read-only requests to the Supabase REST API to load public artist data (for example band names, genres, countries and links).

The Gothic Codex database is hosted on Supabase (Frankfurt/EU region). Public data (artists, events) is loaded via REST API.

Authentication: If you log in, Supabase Auth handles your credentials securely. We do not see your password.

External Services (Metadata, GeoIP)

Spotify (Metadata): We use the Spotify API to fetch artist images and popularity data. No user data is sent to Spotify unless you explicitly connect your account (if available).

GeoIP: Used to display local legal info (Impressum). IP addresses are processed transiently.

Cookies control & opt-out

You can control cookies and analytics in several ways:

On the cookie banner, click “Decline” to prevent analytics from loading.
To change your choice later, clear site data for gothiccodex.com in your browser settings and reload the page to see the banner again.
Alternatively, block analytics in your browser privacy settings or use the Google Analytics opt-out add-on .

If you delete cookies or block them completely, some features (such as the cookie banner remembering your choice) may not work as intended.

This Privacy Policy may be updated from time to time, for example if we add new features or if legal requirements change. The version shown here is the currently valid version.