Note: This is a non-binding English translation provided for convenience. The German version available at stagelog.app/privacy?lang=de is the legally binding text.
Paul Grohmann
Uhlandstraße 167
10719 Berlin
Germany
Email: hello@stagelog.app
stagelog is a web application for documenting and rating visits to theatre, opera, ballet and musical performances. We process personal data only to the extent necessary to provide our services. Processing is carried out on the basis of the General Data Protection Regulation (GDPR).
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
When you visit our website, the following data is automatically recorded by the hosting provider:
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the provision and security of the website)
stagelog is designed as a public platform for theatre, opera, ballet and musical enthusiasts. The following content you create is by default visible to all signed-in users:
The following content is only visible to you and your friends:
The following content is visible only to you:
You can delete your own content (visits, ratings, reviews) at any time or delete your account entirely (see Section 9).
Legal basis: Article 6(1)(b) GDPR (performance of a contract — providing the platform's core functionality)
stagelog uses only strictly necessary cookies for authentication and session management. These cookies are required for the use of the app and cannot be disabled. No tracking or advertising cookies are used.
Legal basis: Article 6(1)(f) GDPR (legitimate interest)
Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Each time the website is accessed, connection data (e.g. IP address) is automatically transmitted to Vercel's servers.
Vercel is certified under the EU-U.S. Data Privacy Framework.
Further information: vercel.com/legal/privacy-policy
We use Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992, to store user data and provide authentication. The database is located in the EU region (Ireland). Stored data includes: account data, profile information, visits, ratings, reviews, friendships and other user-generated content.
Further information: supabase.com/privacy
We use Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA, to send transactional emails (registration confirmation, password reset). Your email address is transmitted to Resend for this purpose.
Resend Inc. is certified under the EU-U.S. Data Privacy Framework.
Further information: resend.com/legal/privacy-policy
We use Mapbox Inc., 740 15th Street NW, Suite 500, Washington, DC 20005, USA, to display venues on interactive maps. When the map is loaded, your IP address and (for CDN regionalisation) an approximate location are transmitted to Mapbox. Mapbox telemetry is fully disabled in Stagelog. No location or usage data is sent from Stagelog to Mapbox beyond the connection metadata that is technically required to deliver the map tiles.
Mapbox is certified under the EU-U.S. Data Privacy Framework.
Further information: mapbox.com/legal/privacy
Profile pictures are stored using Supabase Storage. Images are resized client-side to 400x400 pixels and compressed in WebP format prior to upload.
If you have enabled push notifications in the mobile app, we use the Apple Push Notification Service (APNS, operated by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) for iOS devices and Firebase Cloud Messaging (FCM, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Android devices for delivery. For this purpose an anonymous push notification token from your device is transmitted to our servers and stored linked to your account. You can disable push notifications at any time in your device's system settings.
Apple Inc. is certified under the EU-U.S. Data Privacy Framework. Google LLC is also certified under the EU-U.S. Data Privacy Framework.
Legal basis: Article 6(1)(a) GDPR (consent through activation in app permissions)
Further information:
Personal data is disclosed to third parties only within the scope of the services described in Section 5. We do not sell data to third parties.
Some of the processors we use are based in the United States (Vercel, Mapbox, Apple, Google, Resend). These companies are certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. The database (Supabase) is located in the EU region of Ireland.
Your data is stored for as long as your account exists. If you delete your account, all personal data will be deleted within 30 days. Server logs collected automatically are deleted after 30 days.
Under the GDPR you have the following rights:
To exercise your rights, please contact: hello@stagelog.app
You also have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Alt-Moabit 59-61
10555 Berlin
We implement technical and organisational security measures to protect your data against loss, destruction, manipulation and unauthorised access. Data transmission is encrypted via HTTPS/TLS. Passwords are stored as hashes.
We maintain profiles on the following platforms:
When you visit our social media profiles, the respective platform operators process your data in accordance with their privacy policies. We have no influence over this data processing.
We reserve the right to update this Privacy Policy as necessary, for example in the event of changes to our services or to the legal framework. The current version is available at all times at stagelog.app/privacy.
Last updated: May 2026