Back to home

Privacy Policy

Last updated: 14 April 2026

BeatMatch.studio ("BeatMatch", "we", "us") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

1. Who we are

BeatMatch.studio is an online audio-mixing service that lets independent artists combine an acapella with a beat. We act as the data controller for the personal data we process about you. You can contact us at contact@beatmatch.studio.

2. Data we collect

We collect the following categories of data:

  • Account data — the email address and password hash you use to register. Passwords are stored only as bcrypt hashes; we never store your password in plaintext.
  • Audio uploads — the beat and acapella files you upload to the service, along with the finished mixes we produce for you. Audio is stored in secure cloud storage (Cloudflare R2) in a bucket scoped to your user ID.
  • Mix history — metadata about each mix (filenames, detected BPM, your custom mix name, tokens used, timestamps).
  • Payment data — when you buy tokens we use Stripe as our payment processor. We receive a Stripe payment ID and the amount paid; we do not receive or store your card details.
  • Technical data — IP address, browser type, device identifiers, and basic analytics collected to operate and improve the service.

3. How we use your data

We process your personal data on the following legal bases:

  • Contract — to provide the mixing service you signed up for: authenticating your account, processing your uploads, running the mix, storing your mix history, and enabling downloads.
  • Legal obligation — to keep records of token purchases for tax and accounting purposes.
  • Legitimate interests — to secure the service against abuse, investigate technical issues, and improve product performance. You can object to this processing at any time.
  • Consent — for non-essential analytics cookies, which you can accept or decline via the cookie banner on first visit.

4. Cookies

BeatMatch uses two categories of cookies:

  • Essential cookies — required to keep you logged in. These cannot be disabled without breaking the service.
  • Analytics cookies — used to understand how the app is used and where to improve it. You can accept or decline these via the cookie banner. Your choice is stored locally and can be changed at any time by clearing your browser storage.

5. Third-party processors

We share your data with the following sub-processors, each of which has its own Data Processing Agreement with us:

  • Cloudflare R2 — audio storage
  • Stripe — payment processing
  • Fly.io — backend application hosting, managed Postgres database
  • Fly.io — frontend application hosting

Some of these processors operate outside the UK/EEA. Where that is the case, transfers are covered by Standard Contractual Clauses or equivalent safeguards.

6. Data retention

Account data and mix history are kept for as long as your account is active. If you delete your account, we will delete your audio files and mix history within 30 days, except where we must retain records for legal or accounting purposes (for example, a Stripe payment record we must keep for seven years for tax compliance).

7. Your rights

Under UK/EU GDPR you have the right to:

  • access a copy of the personal data we hold about you;
  • have inaccurate data rectified;
  • have your data erased (the "right to be forgotten");
  • restrict or object to our processing of your data;
  • data portability — receive your data in a machine-readable format;
  • withdraw consent at any time where we rely on consent as the legal basis;
  • lodge a complaint with your local data-protection authority (in the UK, the Information Commissioner's Office).

To exercise any of these rights, email contact@beatmatch.studio. We will respond within one month.

8. Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS), JWT authentication, per-user storage scoping, and row-level security on the database. No system is perfectly secure — if you become aware of a vulnerability please email us at contact@beatmatch.studio.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email to registered users. Continued use of the service after a change constitutes acceptance of the updated policy.

10. Contact

Questions or requests about this policy should be sent to contact@beatmatch.studio.