BrutalNoise

Privacy Policy

Last updated: March 23, 2026

1. Who We Are

Brutal Noise ("we", "us", "our") operates the website brutalnoise.net and brutalnoise.bg. We are based in Bulgaria. For any privacy-related questions, contact us at info@brutalnoise.bg.

2. Data We Collect

Account Data

When you create an account we collect your name, email address, and a hashed password. You may optionally upload a profile picture.

Order & Shipping Data

When you place an order we collect your full name, shipping address, city, postal code, and country. We also store the order total, items, and any custom design data you attached (images, text, colours, positions).

Design Builder Data

Images and settings you create in our CD, T-Shirt, or Guitar Pick builders are uploaded to our cloud storage so we can produce your order. If you save or share a community design, the design data, your user name, and a share link are stored.

Technical Data

When you visit the site we automatically collect your IP address, browser type (user agent), and session timestamps. This data is stored as part of your authentication session and is used to keep you signed in and protect against unauthorized access.

Analytics Data

If you accept analytics cookies, we use Google Analytics 4 to collect usage data such as pages visited, time on site, and device type. We also use Google Signals, which may associate your analytics data with your Google account information if you are signed into Google and have enabled ad personalization. This data is processed by Google under their privacy policy. Analytics cookies are only loaded after you give consent. You can opt out at any time by clearing your cookie preferences or disabling ad personalization in your Google account settings.

Chat Data

When you use our messaging feature, we collect and store message content (text and images), conversation metadata, message timestamps, read receipts (when you last viewed a conversation), and your online/offline status while using the site. Chat images are stored in our cloud storage provider (Supabase).

3. How We Use Your Data

  • To create and manage your account
  • To process and fulfil your orders
  • To send order confirmation emails
  • To produce your custom designs (CDs, merch, picks)
  • To display community designs you choose to share publicly
  • To improve the site based on aggregated analytics
  • To protect against fraud and unauthorized access
  • Enable private messaging between registered users
  • Send email notifications when you have unread messages (after 1 hour)
  • Display your online status to other users you have conversations with

4. Third-Party Services

We share data only with services that are necessary to operate the site:

  • SupabaseSupabase — hosts our database and file storage (uploaded images, designs). Data may be stored in the EU or US depending on our project region.
  • ResendResend — sends transactional emails (order confirmations). Receives the recipient email and order details.
  • StripeStripe — processes payments when card payment is used. We never store your card details; Stripe handles this under PCI-DSS compliance.
  • Google AnalyticsGoogle Analytics — collects usage data and may associate it with Google account information via Google Signals, only when you accept analytics cookies.

We do not sell your data to anyone.

5. Cookies & Local Storage

We use cookies and browser storage to run the site. For a full breakdown, see our Privacy Policy.

  • EssentialEssential — session cookie for authentication, localStorage for your cart, IndexedDB for builder cache.
  • AnalyticsAnalytics — Google Analytics cookies, loaded only with your consent.

6. Data Retention

We keep your account data for as long as your account is active. Order data is retained for accounting and legal purposes for up to 5 years after the order date. Design data is kept until you delete it or request deletion. Session data expires automatically.

Chat data: Messages and conversation history are retained while your account is active. When you delete your account, all your messages, conversations, and related data are permanently removed.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time (e.g. for analytics cookies)

To exercise any of these rights, email us at info@brutalnoise.bg. We will respond within 30 days.

8. Data Security

Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS. File uploads are stored in secured cloud storage. We limit access to personal data to authorized administrators only.

9. Children

Our services are not directed at anyone under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at info@brutalnoise.bg.