Privacy Policy

RemixTrack (“RemixTrack”, “we”) is a digital watermarking platform for music pools and distributors. In accordance with the EU General Data Protection Regulation (GDPR) 2016/679, we are the data controller for the personal data described in this policy.

Contact: support@remixtrack.app

• Account data — name, email address and hashed password when you register.
• Organisation data — organisation name, unique identifier and subscribed plan details.
• Billing data — billing address, VAT/tax number and payment method. Card details are not stored by RemixTrack; they are handled exclusively by Stripe, Inc. (see section 5).
• Usage data — API logs, downloads, watermark events and metadata of uploaded files, necessary to provide the service.
• Technical data — IP addresses, browser information and server logs, retained for security and fraud prevention purposes.

We process your data for the following purposes and legal bases (Art. 6 GDPR):

• Performance of a contract (Art. 6.1.b) — providing the digital watermarking service, processing payments and issuing invoices.
• Legal obligation (Art. 6.1.c) — retention of accounting and tax records as required by applicable law.
• Legitimate interest (Art. 6.1.f) — platform security, fraud detection, unauthorised access prevention and sending transactional communications (account verification, payment receipts, leak alerts).
• Consent (Art. 6.1.a) — non-essential cookies. See our Cookie Policy.

We do not sell your data to third parties or use it for advertising purposes.

Protecting your data is a core part of RemixTrack's design, not an afterthought. We apply technical and organisational measures appropriate to the level of risk:

• Encryption in transit — all connections are made over HTTPS/TLS. Unencrypted traffic is rejected.
• Encryption at rest — audio files and database records are stored encrypted. Decryption keys are managed by our hosting providers under their own security certifications.
• Access control — internal access to production data follows the principle of least privilege. No employee has standing access to payment card data (handled entirely by Stripe).
• Audit logs — all download, watermark and API events are timestamped and logged. These logs are the basis of our leak detection capability and are treated as sensitive data.
• Multi-factor authentication (MFA)— available to all users and configurable as mandatory by each organisation's administrators.

In the event of a security breach that poses a risk to your rights, we will notify the competent supervisory authority within 72 hours and affected users without undue delay, in accordance with Arts. 33 and 34 of the GDPR.

Stripe acts as an independent data controller for payment data. By subscribing, you also accept Stripe's Privacy Policy ↗.

Account and usage data are retained while your account is active and for 2 additional years to meet legal obligations. Billing and accounting records are retained for 5 years in accordance with applicable commercial and tax law. You may request deletion of your data at any time (see section 8).

Some of our sub-processors (Vercel, Cloudflare, Sentry) are located outside the European Economic Area. All international transfers are covered by Standard Contractual Clauses approved by the European Commission or equivalent adequacy mechanisms, in accordance with Chapter V of the GDPR.

As a data subject, you have the right to:

• Access — know what personal data we process about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — request deletion of your data, subject to legal retention obligations.
• Restriction — restrict processing of your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Not to be subject to automated decisions with significant effects, pursuant to Art. 22 GDPR.

To exercise any of these rights, email us at support@remixtrack.app. We respond within 30 calendar days.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.

We use strictly necessary cookies to maintain your active session. For analytics and performance cookies, see our Cookie Policy.

We may update this policy to reflect changes to the service or applicable regulations. Material changes will be communicated by email at least 14 days in advance. Continued use of the service after that date constitutes acceptance of the updated policy.