Privacy Policy

1.1 Information You Provide

• Account Information: Email address, password, artist name, profile information (bio, genres, location)
• Profile Content: Profile pictures, header images, social media links, website URLs
• Audio Content: Music files, samples, stems, and related metadata (BPM, key, tags)
• Communication: Messages you send through our platform, support requests, bug reports, feature requests, and feedback submissions
• Payment Information: Billing details processed through Stripe (we don't store full card numbers)
• Identity Verification: Government ID and selfie (deleted after verification decision)

1.2 Information Collected Automatically

• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, features used, time spent, click patterns
• Log Data: IP address, access times, error logs
• Analytics: Aggregated statistics about platform usage
• Real-Time Data: WebSocket connection status and presence indicators (e.g., online/offline status shown to collaborators)
• Spotlight Advertising Data: If you run Spotlight campaigns, we track ad impressions, clicks, and purchase attribution (with a 7-day attribution window) to measure campaign performance and calculate commissions

1.3 Information from Third Parties

• OAuth Providers: If you sign in with Google or other providers, we receive basic profile information
• Payment Processors: Transaction confirmations from Stripe
• Distribution Partners: Streaming statistics from The Orchard/streaming platforms

We use your information to:

2.1 Provide and Improve Our Service

• Create and manage your account
• Process your audio through AI features (mastering, stem splitting)
• Distribute your music to streaming platforms
• Facilitate marketplace transactions
• Enable collaboration features
• Provide customer support

2.2 Communication

• Send service-related notifications (account, orders, releases)
• Respond to your inquiries
• Send marketing communications (with your consent)

2.3 Safety and Security

• Detect and prevent fraud
• Enforce our Terms of Service
• Protect rights of users and third parties

2.4 Legal Compliance

• Comply with legal obligations (tax records, AML requirements)
• Respond to legal requests from authorities
• Protect our legal rights

Under GDPR, we process your data based on:

4.1 We Share Information With:

• Service Providers: Payment processing (Stripe), cloud hosting, email services
• Distribution Partners: The Orchard and streaming platforms (for music distribution)
• Other Users: Your public profile information, published samples, releases
• Collaborators: Project members can see your contributions and contact info

4.2 We Do NOT:

• Sell your personal information to advertisers
• Share your audio content without your consent
• Provide your data to third parties for their marketing purposes
• Use your music, samples, or audio to train AI or machine learning models
• Automatically process or analyse your uploads with AI — all AI features are opt-in only

4.3 Legal Disclosure

We may disclose information when required by law, court order, or to protect our rights, safety, or property.

5.1 Where We Store Data

Your data is stored on servers located in the European Union. We use industry-standard cloud infrastructure with appropriate security certifications.

5.2 Security Measures

• Encryption: TLS encryption for data in transit, AES-256 for sensitive data at rest
• Access Controls: Role-based access, authentication requirements
• Monitoring: Continuous security monitoring and logging
• Password Security: Passwords are cryptographically hashed (bcrypt)
• Regular Audits: Security assessments and penetration testing

5.3 Security Limitations

While we implement robust security measures, no system is completely secure. You are responsible for protecting your account credentials.

We retain data for different periods based on type and purpose:

Under GDPR, you have the following rights:

How to Exercise Your Rights

Contact us at hello@auxflare.com with your request. We will respond within 30 days. You may also access many settings directly in your account.

Complaints

You have the right to lodge a complaint with your local data protection authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet).

Identity verification is required for withdrawing earnings. Here's how we handle your documents:

8.1 What We Collect

• Government-issued ID (passport, ID card, driver's license)
• Selfie for liveness verification
• Extracted information: legal name, date of birth, nationality, document expiry

8.2 How We Process

• Explicit consent required before document upload
• Documents encrypted during upload and storage (AES-256)
• AI-assisted verification with human review when needed
• All document access is logged for audit purposes

8.3 Document Deletion

• Documents deleted immediately upon verification decision (approval or rejection)
• Maximum retention: 30 days if pending
• Only verification result is retained, NOT the documents themselves

8.4 What We Store Long-Term

• Verification status (verified/not verified)
• Verified legal name (for copyright and tax purposes)
• Country of residence and nationality
• Document expiry date (for re-verification reminders)

9.1 Types of Cookies We Use

9.2 Cookie Consent

When you first visit Auxflare, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can update your preferences at any time through your browser settings or by clearing your cookies.

9.3 Managing Cookies

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect functionality.

9.4 Third-Party Tracking

We may use third-party analytics services (e.g., for understanding usage patterns). These services have their own privacy policies.

We integrate with the following third-party services:

Each third party has its own privacy policy. We only share data necessary for the specific service. Where required by GDPR, we have entered into Data Processing Agreements (DPAs) with our sub-processors to ensure your data is handled in accordance with EU data protection standards.

Your data is primarily stored and processed within the European Economic Area (EEA).

When we transfer data outside the EEA (e.g., to third-party services), we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Binding Corporate Rules where applicable

Auxflare is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected data from someone under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at hello@auxflare.com.

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a notice on our platform
• Send an email notification for material changes

We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or your privacy rights, please contact us:

For complaints about how we handle your data, you may also contact the Danish Data Protection Agency (Datatilsynet):

• Website: www.datatilsynet.dk
• Email: dt@datatilsynet.dk