DJ Crate is a personal vinyl library service. To run your account we store your email, preferences (interface and email language, time zone), plan and credit ledger history. Sign-in uses a one-time email code; passwords are not used or stored. Codes are stored only as hashes and expire in 10 minutes. Mobile clients use device tokens: you can see connected devices in your account and revoke any of them in one click. Your IP address and browser signature are stored as hashes only, solely for abuse protection.
Your library is private. Record conditions, storage locations, notes, ratings, tags, crates, mood marks, label print history and your BPM/key overrides are visible only to you and are never shown to other users. Only release cards (artist, title, tracklist) are shared, just like the shop catalog. If you manually add a release that is missing from the base, its card (without any of your private fields) becomes searchable by other users.
Audio preview files you upload are private: they live in a closed bucket, only your account can access them, they are never published to the shared catalog and are not used for training or analysis outside your library. You can delete your file at any moment — it is removed from storage as well. Record photos you upload for cards you created become part of the shared release card and are visible to other users. You are responsible for the rights to the content you upload.
When you connect Discogs we receive an access token to your Discogs account and store it encrypted. The token is used only to read your collection and wantlist on your request or on a daily schedule. We never modify anything in your Discogs account. You can disconnect and delete the token in account settings. Import CSV files are processed and not retained; price columns are discarded.
The QR code on a label opens a public record passport: it shows only shared release card data (cover, tracklist, BPM/key) and an indicative Discogs price. Your notes, storage locations and other private fields never appear on the passport. A public collection profile exists only if you enable it yourself in settings; by default your collection is closed.
Technical cookies are required for the sign-in session. The site runs Yandex.Metrika and Google Analytics counters under those providers' policies; private library sections collect only aggregated technical metrics without the contents of your records. Offline mode keeps a copy of your library locally on your device (IndexedDB) — this data never leaves the device and is cleared on sign-out or when you clear browser data.
Data is stored on OroShop servers. Database and log access is limited to service operators and used only for support and operations; sign-in codes, tokens and private field contents never reach the logs. Database backups are created automatically for disaster recovery.
You can request an export or full deletion of your data via the official OroShop contacts (see the Contacts page). Account deletion removes your private library fields, crates, imports, uploaded audio files, tokens and the Discogs connection. Shared release cards you created stay in the catalog without any link to you. We will update this policy as the service evolves and date each new version.