Skip to main content
BTRadio DJ

Privacy Policy

Last updated: March 9, 2026

1. Introduction

Triologic LLC, doing business as BonnyTone Radio, operates the website bonnytone.com ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

We collect information that you provide directly and information collected automatically:

Account Information

  • Email address (required for account creation)
  • Display name (optional)

Passwords

Passwords are hashed using Argon2id before storage. We never store passwords in plaintext and cannot retrieve your original password.

Session Data

  • IP address
  • User agent (browser and device information)
  • Login timestamps

Audit Logs

All authentication events (login, logout, password changes, MFA enrollment) are logged for security purposes.

Login Attempt Tracking

We record login attempts including the email used, IP address, outcome (success/failure), and timestamp to detect and prevent unauthorized access.

3. Cookies & Local Storage

We use the following cookies to operate the Service:

CookieDurationPurpose
access_token10 minutesJWT authentication
refresh_token30 daysSession continuity
session_id30 daysSession identification

We also store your theme preference (dark/light mode) in localStorage. This data stays on your device and is never transmitted to our servers.

4. How We Use Your Information

  • Authenticate your identity and manage your account
  • Maintain account security and detect unauthorized access
  • Send transactional emails (verification, password reset, login alerts)
  • Improve and maintain the Service

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Consent — You voluntarily create an account and provide your information
  • Contract — Processing necessary to provide the Service you requested
  • Legitimate Interest — Security monitoring, fraud prevention, and service improvement

6. Third-Party Services

  • Postmark — Email delivery service for transactional emails (verification, password reset, login alerts). See their privacy policy.
  • AzuraCast — Self-hosted radio automation software running on our own server. No data is shared externally.
  • Google Fonts — Loaded via next/font at build time. No cookies are set and no tracking occurs at runtime.

We do not use any advertising networks, analytics services, or third-party tracking tools.

7. Data Retention

  • Sessions: 30 days
  • Audit logs: 90 days
  • Login attempts: 30 days
  • Account data: retained until you request deletion

8. Your Rights (GDPR)

If you are in the EEA, you have the following rights regarding your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

You also have the right to lodge a complaint with your local data protection supervisory authority. To exercise any of these rights, contact us at bonnytonemusic@gmail.com.

9. Your Rights (US)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information.

Florida residents have similar rights under applicable Florida privacy law. To exercise your rights, contact us at bonnytonemusic@gmail.com.

10. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 16, you may only use the Service with the consent of a parent or guardian. If we learn we have collected personal information from a child under 13, we will delete that information promptly.

11. International Data Transfers

Our server is hosted in the United States (OVHcloud VPS). If you are accessing the Service from outside the US, your data will be transferred to and processed in the United States. The legal basis for this transfer is your consent and, where applicable, standard contractual clauses.

12. Security Measures

We implement the following security measures to protect your data:

  • Argon2id password hashing
  • Encrypted MFA secrets
  • HttpOnly and Secure cookie flags
  • CSRF protection
  • Rate limiting on authentication endpoints
  • Comprehensive audit logging

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. If we make material changes, we will notify registered users via email.

14. Contact

If you have any questions about this Privacy Policy, please reach out through our contact page.