Privacy Policy
Last updated: April 17, 2026
1. Who we are
beatsheaven ("we", "us", "our") operates beatsheaven.com. This policy explains what personal data we collect, how we use it, and your rights under Canadian law (PIPEDA, PIPA) with equivalent protections for EU/UK (GDPR) and Indian (DPDP) data subjects where applicable.
2. Data we collect
- Account data: name, email, country, producer handle.
- Payment data: processed by Stripe; we store transaction references only.
- Content: beats, cover art, descriptions, license templates you configure.
- Usage data: plays, purchases, logins, IP, user-agent, device type.
- Support communications you send us.
3. How we use it
To operate the Service, process payments, issue licenses, pay producers, personalize browsing, prevent fraud, comply with legal obligations (including tax reporting), and — with your consent — send marketing emails.
4. Legal bases
We process your data under: performance of the contract (our Terms), legal obligation (tax, DMCA), legitimate interest (fraud prevention, analytics), and consent (marketing communications you can withdraw any time).
5. Third-party processors
Clerk (authentication), Stripe (payments), Cloudflare R2 (file storage), Resend (email), Neon (database hosting), Vercel (application hosting), Sentry (error monitoring). Each is bound by its own privacy policy and by data-processing agreements we maintain.
6. International transfers
Data may be processed in countries other than yours. Where data leaves India or the EEA we rely on Standard Contractual Clauses and provider-level certifications to maintain equivalent protections.
7. Data retention
Account data: while your account is active plus 3 years for tax and dispute defense. Order records: 7 years (statutory tax retention). Uploaded content: until you delete it. Preview audio analytics: aggregated after 12 months.
8. Your rights
Access, correction, deletion, portability, restriction, objection, and — where applicable — the right to withdraw consent or lodge a complaint with a supervisory authority. Email privacy@beatsheaven.com; we respond within 30 days.
9. Cookies and tracking
We use strictly necessary cookies for sessions and checkout, plus privacy-respecting analytics (Plausible or equivalent). We do not use third-party advertising cookies.
10. Security
TLS 1.3 in transit, encryption at rest, least-privilege access to production data, rotating secrets, rate limiting, and periodic penetration testing. No system is perfectly secure; we will notify affected users and regulators within 72 hours of any breach with material impact.
11. Children
The Service is not directed at children under 18. We do not knowingly collect their data. If you believe a minor has created an account, contact privacy@beatsheaven.com for prompt removal.
12. Changes
Material changes will be notified by email and in-app 30 days in advance. The "Last updated" date at the top of this page always reflects the current version.
13. Contact
Data Protection Officer: privacy@beatsheaven.com. Postal: beatsheaven, Canada (operator address available on verified request).