HORROR DISCO
ホラーディスコ

// PRIVACY

Privacy policy

Last updated: June 6, 2026

horrordisco.com is a music and software site operated by Horror Disco. The site collects as little as practical for ordinary browsing. Most public pages stay visible without an account. Fan accounts may be used for account-only features such as image browsing, music downloads, passkeys, and recovery. First-party drop pages may require an email address to deliver a drop and required drop-related messages. Paid checkout and subscription billing are not active on this site right now.

What we collect

  • Fan accounts. If you create an account, we store account identifiers such as email address, internal username, password credential data when password sign-in is used, linked social login provider IDs, passkeys, session records, verification state, account terms acceptance evidence, and account metadata needed to keep the account working.
  • Account email. A completed account needs a verified email address. If a social login provider does not share one, we ask you to add and verify an email before account-only features work.
  • Optional phone verification. Phone verification is optional. If you add a phone number for account recovery, we send a one-time code and record whether the number was verified. This is separate from SMS marketing consent.
  • Drop contact data. A first-party drop page may ask for an email address so Horror Disco can deliver the drop, send required drop-related messages, and keep a consent record. A phone number is optional and is only used when a separate mobile messaging consent is active.
  • Consent choices. Drop forms keep separate choices for drop notifications, release email marketing, offer email marketing, SMS marketing, and ads measurement. The site-level ad measurement banner keeps a separate browser/session proof record for anonymous measurement choices. Consent, unsubscribe, STOP, suppression, and deletion events may be retained as compliance evidence.
  • Meta measurement. If you opt in, the site may use Meta Pixel and Conversions API for site and drop-page measurement and ad optimization. Browser Pixel loading, Meta cookies, and server-side Conversions API events run only after ads measurement consent. CAPI is not used as a consent bypass.
  • No paid checkout is active. The current site does not collect payment details. Future payment providers will be named before a checkout or supporter subscription flow goes live.
  • Technical state. Strictly necessary preferences such as light or dark mode may be kept in localStorage on your device. Drop consent state may be stored in a cookie so optional tracking does not load before consent.
  • Server logs. Our hosting provider (Cloudflare) keeps standard request logs for abuse prevention. These contain IP address, user agent, requested URL, and timestamp. We don't access these for any purpose other than diagnosing outages.

Embedded third-party content

The release pages link out to third-party music platforms (Apple Music, Spotify, Tidal, Deezer, Beatport, etc.) and the macOS App Store. Horror Disco may record that you clicked an outbound link on a first-party page. Streams, purchases, accounts, cookies, or payments after that click are controlled by the destination service and its own privacy policy.

Email contact

If you email info@horrordisco.com, the message and your address are stored in the operator's mailbox so we can reply. Emailing us is not consent to join a newsletter, drop list, or SMS marketing list.

Email and SMS marketing

Release email marketing, offer email marketing, and SMS marketing require separate opt-in choices. Email unsubscribe and SMS STOP requests are handled separately because they apply to different channels. SMS message frequency may vary and message or data rates may apply. See the Mobile Terms for mobile messaging details.

Processors and transfers

The site uses Cloudflare for hosting, Workers, R2, and D1. If optional fan accounts are enabled, account data is stored in a dedicated Cloudflare D1 identity database and linked to commerce/contact records only where needed for recovery, downloads, privacy requests, or audit. Transactional account email may be sent through Resend, and optional phone verification may use Twilio Verify. Social login providers such as Google, Apple, Facebook, Microsoft, LINE, Kakao, Naver, or WeChat receive and return only the OAuth data needed for the login you choose. If optional ads measurement is enabled by consent, Meta receives Pixel/CAPI event data, which may include hashed email or phone values for contact-backed events, browser event IDs, IP address, user agent, page URL, and platform-click metadata. Future email, SMS, and merchant-of-record providers will be named before they are used for live sending or paid checkout.

Your rights (GDPR)

Under the GDPR you can request access to, correction of, or deletion of any personal data we hold about you. Send a request to info@horrordisco.com. For the current public site this may include email correspondence, drop contact records, consent/suppression history, outbound-click records, and provider logs. When fan accounts are enabled, this may also include account records, social provider links, and phone verification state and account terms acceptance evidence. Some consent, suppression, security, and accounting records may need to be retained where legally required.

Signed-in fan accounts can request a data export from the account page. They can also submit a contact and commerce deletion request for review. That request is separate from deleting the sign-in account: contact, consent, messaging, provider, purchase, subscription, tax, refund, chargeback, fraud, compliance, and legal-claim records are reviewed and deleted, anonymized, suppressed, or retained according to the lawful basis that applies. You can also use info@horrordisco.com if you cannot sign in.

Hosting

The website runs on Cloudflare Workers + Cloudflare R2. Cloudflare Workers D1 may be used for first-party drop and commerce records. Cloudflare is a US-headquartered company; international transfer terms and safeguards are handled through the applicable Cloudflare account and data-processing terms.

Changes

We'll update this page before any material change to the data we collect, including production account activation, new checkout providers, paid subscriptions, additional marketing platforms, or materially different tracking. To withdraw ads-measurement consent, use the controls on the Cookie Policy page or contact info@horrordisco.com.

← Legal index