JAYWhat a Drama!DE

Privacy Policy

Last updated: December 2025

1. Data Controller

The party responsible for data processing on this website is:

Till Weidemüller
Von-Luck-Straße 7
14129 Berlin
Deutschland

Email: hey@watch-jay.de

2. Data We Collect

We collect and process the following personal data:

Newsletter Registration:

  • Email address
  • IP address (for security and GDPR compliance)
  • Consent timestamp
  • Source information (campaign source)
  • Browser and device information (User-Agent)

Account Data (upon registration):

  • Email address
  • Password (stored encrypted)
  • Registration date

Usage Data (video playback):

  • Playback progress (seconds per episode)
  • Completed episodes
  • Recently watched episodes
  • Playback timestamps

Payment Data (for purchases):

  • Payment information is processed exclusively through Stripe
  • We do not store complete credit card data
  • Purchase history (episodes purchased, date, amount)
  • Stripe Payment ID (for refunds)

Interaction Data (Shoppable Products):

  • Clicks on product overlays
  • Product interaction timestamps
  • Affiliate link visits (no purchase data from external shops)

Technical Data (automatic):

  • IP address (for video streaming and security)
  • Browser type and version
  • Operating system
  • Device type (mobile, tablet, desktop)
  • Screen resolution
  • Referrer URL

3. Purpose of Data Processing

We process your data for the following purposes:

  • Newsletter and Marketing: Sending information about JAY, confirming your registration (double opt-in), analyzing our marketing campaigns
  • Platform Provision: Video streaming, playback progress, episode management
  • Account Management: Registration, login, password recovery
  • Payment Processing: Purchase of premium episodes via Stripe
  • Personalization: "Continue watching" feature, recommendations
  • Product Recommendations: Display of shoppable products during playback
  • Analysis and Improvement: Platform optimization, error analysis
  • Security: Protection against abuse, fraud, and cyber attacks
  • Legal Obligations: Compliance with legal requirements

4. Legal Basis (GDPR)

The processing of your data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): Newsletter registration, marketing emails, cookies (where not technically necessary), tracking pixels
  • Art. 6(1)(b) GDPR (Contract Performance): Provision of video platform, playback progress, payment processing
  • Art. 6(1)(f) GDPR (Legitimate Interest): Security, abuse prevention, platform usage analysis

You can withdraw your consent at any time, e.g., by unsubscribing from the newsletter or via the cookie settings.

5. Data Sharing with Third Parties

We only share your data with the following trusted third-party providers:

Supabase (Authentication and Database):

  • Purpose: Account management, data storage, newsletter management
  • Location: EU (Frankfurt, Germany)
  • GDPR compliant
  • Supabase Privacy Policy

Email Service Provider:

  • Purpose: Sending confirmation emails and newsletters
  • GDPR compliant

Stripe (Payment Processing):

  • Purpose: Secure credit card payment for premium episodes
  • Location: USA (with EU data protection guarantees)
  • PCI-DSS Level 1 certified
  • Stripe Privacy Policy

Cloudflare Stream (Video Hosting):

Vercel (Hosting):

  • Purpose: Web hosting of the platform
  • Location: Global (with EU servers)
  • GDPR compliant
  • Vercel Privacy Policy

Affiliate Partners (Shoppable Products):

  • When clicking on product links, you will be redirected to external shops
  • The privacy policies of the respective shops apply there
  • We do not transfer personal data (only anonymized referrer IDs)

Important: We never sell or rent your data to third parties for marketing purposes. All service providers are contractually obligated to comply with GDPR.

6. Tracking Technologies and Advertising Pixels

We use the following tracking technologies on our website, which are only activated with your explicit consent:

Meta Pixel (Facebook/Instagram):

  • Purpose: Measuring advertising effectiveness and enabling remarketing on Meta platforms
  • Data Collected: Page views, interactions, device information, IP address (anonymized), conversion tracking
  • Legal Basis: Consent (Art. 6(1)(a) GDPR)
  • Location: USA (with EU data protection guarantees, Data Privacy Framework)
  • Meta Privacy Policy

TikTok Pixel:

  • Purpose: Measuring advertising effectiveness and enabling remarketing for TikTok campaigns
  • Data Collected: Page views, interactions, device information, IP address, conversion tracking
  • Legal Basis: Consent (Art. 6(1)(a) GDPR)
  • Location: Singapore/USA (with EU data protection guarantees)
  • TikTok Privacy Policy

Important: These tracking pixels are only activated when you explicitly consent via the cookie banner. You can withdraw your consent at any time in the cookie settings. Upon withdrawal, no further data will be transmitted to the respective platforms.

7. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your stored data
  • Right to Rectification (Art. 16 GDPR): Correction of inaccurate data
  • Right to Erasure (Art. 17 GDPR): Deletion of your data (unless legal retention periods apply)
  • Right to Restriction (Art. 18 GDPR): Restriction of processing in certain cases
  • Right to Data Portability (Art. 20 GDPR): Export of your data in a machine-readable format
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7(3) GDPR): Withdrawal of given consents at any time

To exercise these rights, please contact us at: hey@watch-jay.de

8. Data Retention

We only store your data for as long as necessary:

  • Newsletter Data: Until unsubscription, then deleted within 30 days
  • Account Data: Until deletion of your account
  • Playback Progress: Until deleted by you or your account
  • Payment Data: 10 years (legal retention requirement for accounting)
  • Server Logs: 90 days (for security and error analysis)
  • Cookies: Up to 12 months (depending on cookie type)
  • Tracking Pixel Data: According to the policies of the respective platform (Meta, TikTok)

9. Data Security

We implement technical and organizational measures to protect your data:

  • SSL/TLS Encryption: All data transfers are encrypted (HTTPS)
  • Password Hashing: Passwords are securely hashed (Bcrypt)
  • Access Control (RLS): Users can only see their own data
  • Regular Security Audits: Review of security measures
  • Data Backup: Regular backups (encrypted)

10. Cookies and Local Storage

Our platform uses cookies and local storage:

Technically Necessary Cookies:

  • Session cookies for login status
  • Supabase auth tokens (for authentication)
  • Cookie consent preferences
  • These cookies are required for functionality and are set without consent

Marketing Cookies (only with consent):

  • Meta Pixel cookies
  • TikTok Pixel cookies
  • Enable personalized advertising and conversion tracking

Local Storage:

  • Preferences (volume, subtitle settings)
  • Caching of playback progress (in addition to database)
  • Can be deleted at any time via browser settings

You can disable cookies in your browser settings or manage your consent via the cookie banner. Please note that this may limit the functionality of the platform.

11. International Data Transfer

Some of our service providers (e.g., Stripe, Cloudflare, Vercel, Meta, TikTok) have servers outside the EU. In these cases, we ensure that:

  • Adequate data protection guarantees exist (e.g., EU Standard Contractual Clauses, Data Privacy Framework)
  • The providers operate in compliance with GDPR
  • Data transfer only occurs when technically necessary or you have consented

12. Necessity of Data Provision

The provision of personal data is partly required by law or contract, or necessary for contract conclusion:

  • Newsletter Registration: Providing your email address is voluntary. Without it, however, we cannot send you the newsletter.
  • Account Registration: Email address and password are required to create an account and use the platform.
  • Purchases: Payment data is required for purchasing premium episodes. Without it, no purchase can be completed.
  • Technical Data: IP address and browser information are automatically transmitted and are technically necessary for providing the website.

If you do not provide the required data, we cannot provide the respective services.

13. Minors

Our platform is intended for users aged 16 and over. We do not knowingly collect data from children under 16. If you believe we have inadvertently stored data from a minor, please contact us immediately.

14. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements. The current version is always available on this page. For significant changes, we will notify you by email.

15. Contact and Right to Complain

For questions about data protection or to exercise your rights, contact us at:

Email: hey@watch-jay.de

You also have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
Phone: +49 33203 356-0
Email: poststelle@lda.brandenburg.de
Website: www.lda.brandenburg.de