Privacy Policy

We keep what we collect to the minimum needed to run the service.

• Account information. When you sign in with Google we receive your email address, your Google account ID, and (where you have made it available to Google) your display name and profile picture. We do not see or store your Google password.
• Role. If you are an operator or admin we store a role flag against your account so the back-office knows what to show you.
• Operator audio. When an operator broadcasts from /admin/stream, the audio captured from the selected microphone or line-in input is streamed live to listeners. We do not record this audio or retain it after the broadcast ends.
• Listening activity. When you play a feed, your browser connects directly to our streaming server. Standard server logs may record IP address, approximate timing, user agent and the stream you connected to, for the purpose of operating, securing, and troubleshooting the service.
• Cookies and local storage. We use cookies and browser storage that are strictly necessary to keep you signed in and to remember your feed selection. We do not use advertising or cross-site tracking cookies.

• Internet. Required to load events and play live audio.
• Microphone. Requested only if you sign in as an operator and open the in-browser streamer to broadcast. Listeners are never prompted for the microphone.

• To authenticate you and give you access to the events you can view.
• To deliver live audio feeds you choose to listen to.
• To let operators broadcast and manage events from the back-office.
• To keep the service secure, prevent abuse, and diagnose problems.
• To comply with legal obligations.

We do not sell your personal information, and we do not use it for advertising or profiling.

We share data only with the service providers that make RefMic work, and only to the extent needed:

• Google. Provides Sign-In. Google’s use of your data is governed by Google’s privacy policy.
• Supabase. Hosts our authentication, database and image storage. Account data and event metadata are stored there.
• Vercel. Hosts the RefMic web application.
• Streaming server (OvenMediaEngine). Runs on a server we operate and forwards live audio between operators and listeners.

We may disclose information if required by law or to protect the rights, property or safety of RefMic, our users or others.

We keep your account information for as long as your account exists. Live audio is not recorded. Server logs are retained for a short period for operational and security purposes and then discarded. Event metadata you create as an operator is retained until you or another administrator deletes it.

• Access and correction. Contact us at privacy@refmic.live to request a copy of the personal data we hold about you, or to correct it.
• Deletion. You can request deletion of your account and associated data by emailing privacy@refmic.live. We will action the request within 30 days unless we are required to retain specific information by law.
• Sign-out. You can sign out at any time from the menu in the header.

Connections to RefMic use HTTPS / WSS. Authentication is handled by Supabase Auth using Google OAuth. Database access is protected by row-level security so users can only read what they are entitled to read. No system is perfectly secure, but we work to protect your data with reasonable technical and organisational measures.

RefMic is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

RefMic is operated using cloud providers that may process data in countries other than your own. Where required, our providers use recognised safeguards for international data transfers.

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If the changes are material we will take reasonable steps to notify you.

Questions about this policy or about your data? Email privacy@refmic.live.