BeatButler Privacy Policy

1. Information We Collect

Information You Provide

• Email address - Required to create your account, deliver the service, and invite collaborators
• Nickname (optional) - Display name you set in BeatButler
• Authentication - We use AWS Cognito for authentication; we do not store passwords

Your Content

• Project files - DAW projects, audio files, samples, videos, plugin configurations, and other files you upload
• Project metadata - File names, modification dates, version history
• Comments and notes - Any notes or comments you add to projects

Automatically Collected

• Usage data - Project check-in/check-out actions, version history, access times
• Technical data - IP address, device type, operating system, app version
• Session data - Authentication cookies required for the service to function
• Website analytics - Pages visited, time on site, browser type, and approximate location on our marketing website (via Google Analytics)

2. How We Use Your Information

We use your information to:

• Provide and operate the BeatButler service
• Store and sync your projects and files
• Enable version control and project collaboration
• Process your subscription through Paddle
• Send service-related emails (password resets, important updates)
• Improve service performance and fix bugs
• Analyse website traffic and improve our marketing website

We do not:

• Sell your personal information or files to anyone
• Use your content to train artificial intelligence or machine learning models
• Share your data for third-party advertising or marketing purposes

3. How We Share Your Information

With Service Providers

With Your Collaborators

When you share a project, collaborators can access that project's files, metadata, and version history. Your email address and nickname are visible to collaborators you share projects with.

For Legal Reasons

We may disclose information if required by law, court order, or to protect our rights and user safety, including:

• Compliance with legal obligations, court orders, or government requests
• Investigating or preventing illegal activity, fraud, or security threats
• Protecting the safety of our users or the public
• Enforcing our Terms of Service

We comply with law enforcement requests in accordance with applicable laws and may report illegal content (such as CSAM) to relevant authorities.

4. Cookies and Tracking Technologies

Our marketing website (beatbutler.studio) uses:

• Essential cookies: Required for the website to function
• Analytics cookies: Google Analytics (GA4) to understand site traffic and usage patterns

Google Analytics collects anonymous data including pages visited, time on site, browser type, and approximate location. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

The BeatButler desktop application does not use cookies or third-party tracking.

Do Not Track and Global Privacy Control

We do not currently respond to Do Not Track (DNT) browser signals as there is no industry-standard implementation. We honour Global Privacy Control (GPC) signals where required by applicable law, including for California residents under CCPA/CPRA.

5. Legal Basis for Processing (GDPR)

For EU/UK users, we process your data based on:

• Contract Performance: Processing necessary to provide the service you signed up for
• Legitimate Interests: Improving service, security, preventing fraud, and analysing website traffic
• Consent: Marketing emails (you can withdraw consent anytime)
• Legal Obligation: Compliance with applicable laws

6. International Data Transfers

BeatButler is based in Victoria, Australia. We use AWS and Paddle, which may store or process data in other countries including the United States and EU.

EU/UK Data Transfers:

We ensure GDPR compliance through:

• Standard Contractual Clauses (SCCs) with service providers
• AWS and Paddle's GDPR compliance certifications
• Adequate data protection safeguards

Note: Paddle (as Merchant of Record) handles payment data under their own privacy policy and compliance frameworks.

7. Data Retention

• Active accounts: We retain your data while your account is active
• Inactive accounts: If your account is inactive for an extended period, we may notify you before taking any action regarding your data
• Deleted accounts: All data is permanently deleted within 90 days
• Backup copies: May persist in encrypted backups for up to 90 days after deletion, after which they are permanently removed
• Legal requirements: Some data (e.g., tax records, transaction history) may be retained longer as required by law

8. Your Rights

All Users

You can:

• Access your personal information
• Correct inaccurate information
• Delete your account and data
• Export your data in a portable format

We will respond to all data rights requests within 30 days (or within one month for GDPR requests). If we need more time, we will let you know.

EU/UK Users (GDPR)

You also have the right to:

• Restrict processing of your data
• Object to processing based on legitimate interests
• Data portability — receive your data in a structured, commonly used, machine-readable format
• Withdraw consent for marketing at any time
• Lodge a complaint with your local data protection authority

For EU/UK privacy enquiries, contact info@beatrepeatindustries.com.

California Users (CCPA)

You have the right to:

• Know what personal information we collect and how it's used
• Delete your personal information
• Opt-out of sale of personal information (note: we do not sell your data)
• Non-discrimination for exercising your privacy rights

To exercise any of your rights, email: info@beatrepeatindustries.com

9. Data Security

We protect your information with:

• Encryption in transit (TLS/SSL)
• Encryption at rest (AES-256 for stored files)
• AWS Cognito for secure authentication (we do not store passwords)
• Regular security reviews
• Access controls limiting employee access to personal data

While we implement strong security measures, no system is 100% secure. We encourage you to use strong, unique passwords and keep your login credentials confidential.

10. Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected users and relevant authorities:

• Australia: Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme
• EU/UK: Relevant data protection authority within 72 hours
• California: As required by California law

11. Artificial Intelligence

We do not use your content (project files, audio, video, or any other files you upload) to train artificial intelligence or machine learning models. Your creative work is yours — we store and transmit it only to provide the BeatButler service.

If we ever introduce AI-powered features in the future, we will update this policy, notify you, and obtain your consent before using any of your content for such purposes.

12. Third-Party Links

Our website and application may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

13. Children's Privacy

BeatButler is not intended for persons under 18. We do not knowingly collect information from anyone under 18.

If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with their personal information, please contact us at info@beatrepeatindustries.com.

14. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email at least 30 days before they take effect and update the "Last Updated" date above. Your continued use of BeatButler after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy questions or requests:

Complaints and Supervisory Authorities