BrutalNoise

Privacy Policy

Last updated: March 23, 2026

1. Who We Are

Brutal Noise ("we", "us", "our") operates the website brutalnoise.net and brutalnoise.bg. We are based at Konstantin i Fruzhin 11, grad Vidin, Bulgaria. For any privacy-related questions, contact us at info@brutalnoise.net.

2. Data We Collect

Account Data

When you create an account we collect your name, email address, and a hashed password. You may optionally upload a profile picture.

Order & Shipping Data

When you place an order we collect your full name, shipping address, city, postal code, and country. We also store the order total, items, and any custom design data you attached (images, text, colours, positions).

Design Builder Data

Images and settings you create in our CD, T-Shirt, or Guitar Pick builders are uploaded to our cloud storage so we can produce your order. If you save or share a community design, the design data, your user name, and a share link are stored.

Technical Data

When you visit the site we automatically collect your IP address, browser type (user agent), and session timestamps. This data is stored as part of your authentication session and is used to keep you signed in and protect against unauthorized access.

Analytics Data

If you accept analytics cookies, we use Google Analytics 4 to collect usage data such as pages visited, time on site, and device type. We also use Google Signals, which may associate your analytics data with your Google account information if you are signed into Google and have enabled ad personalization. This data is processed by Google under their privacy policy. Analytics cookies are only loaded after you give consent. You can opt out at any time by clearing your cookie preferences or disabling ad personalization in your Google account settings.

3. How We Use Your Data

  • To create and manage your account
  • To process and fulfil your orders
  • To send order confirmation emails
  • To produce your custom designs (CDs, merch, picks)
  • To display community designs you choose to share publicly
  • To improve the site based on aggregated analytics
  • To protect against fraud and unauthorized access

4. Third-Party Services

We share data only with services that are necessary to operate the site:

  • SupabaseSupabase — hosts our database and file storage (uploaded images, designs). Data may be stored in the EU or US depending on our project region.
  • ResendResend — sends transactional emails (order confirmations). Receives the recipient email and order details.
  • StripeStripe — processes payments when card payment is used. We never store your card details; Stripe handles this under PCI-DSS compliance.
  • Google AnalyticsGoogle Analytics — collects usage data and may associate it with Google account information via Google Signals, only when you accept analytics cookies.

We do not sell your data to anyone.

5. Cookies & Local Storage

We use cookies and browser storage to run the site. For a full breakdown, see our Privacy Policy.

  • EssentialEssential — session cookie for authentication, localStorage for your cart, IndexedDB for builder cache.
  • AnalyticsAnalytics — Google Analytics cookies, loaded only with your consent.

6. Data Retention

We keep your account data for as long as your account is active. Order data is retained for accounting and legal purposes for up to 5 years after the order date. Design data is kept until you delete it or request deletion. Session data expires automatically.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time (e.g. for analytics cookies)

To exercise any of these rights, email us at info@brutalnoise.net. We will respond within 30 days.

8. Data Security

Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS. File uploads are stored in secured cloud storage. We limit access to personal data to authorized administrators only.

9. Children

Our services are not directed at anyone under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at info@brutalnoise.net or write to: Brutal Noise, Konstantin i Fruzhin 11, grad Vidin, Bulgaria.