Back to home

Privacy Policy

The German version at beatmarker.app/datenschutz is the legally binding reference. This English translation is for convenience.

1. Controller

The controller under the GDPR for the processing on this platform is:

We have not appointed a Data Protection Officer because the conditions of Art. 37 GDPR are not met. Please direct any data-protection requests to the email above.

2. Data we process, and why

a) Providing the website

Every request creates a technical server log with: IP address, date and time, requested URL, HTTP status, bytes transferred, referrer, user agent.
Purpose: operating the website, IT security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).

b) Registration and account

When you sign up we process: email address, display name, password (stored as a hash only), registration timestamp.
Purpose: authentication, providing the platform features.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).

c) Uploaded audio files and annotations

When you upload audio (rough mixes, bounces) we store the files, their metadata (file name, duration, BPM, version label, cover art), and markers, voice notes, and comments left by you or your reviewers. Files are stored on a server located in Austria and are accessible only to you and the people you explicitly share with (share links).
Purpose: providing the core feature (collaborative audio review).
Legal basis: Art. 6(1)(b) GDPR.

d) Voice-note transcription

Voice notes recorded by you or your reviewers are transmitted to OpenAI, L.L.C. (USA) for automatic text transcription (Whisper API). According to OpenAI's API Data Usage Policies, audio submitted via the API is not used to train models and is deleted within at most 30 days.
Purpose: automatic transcription of voice notes.
Legal basis: Art. 6(1)(b) GDPR.
Third-country transfer: see section 4.

e) Payment processing (Stripe)

When you take out a paid subscription, the payment data required is processed directly by Stripe Payments Europe, Ltd. (Ireland) and Stripe, Inc. (USA). Card numbers and banking data never reach our servers — they go directly to Stripe. We only receive the transaction confirmation and a customer ID.
Purpose: processing the subscription.
Legal basis: Art. 6(1)(b) GDPR.
Stripe privacy policy: stripe.com/privacy.

f) Contacting us

If you contact us by email, your details (email address, content) are stored to handle the request.
Legal basis: Art. 6(1)(b) or (f) GDPR.

3. Recipients and processors

We disclose personal data only where necessary to perform the contract, where required by law, or where you have explicitly consented. The following processors are engaged under Art. 28 GDPR:

4. International data transfers

When you use features that involve OpenAI (USA) or Stripe (also USA), personal data is transferred to a third country outside the EU/EEA. Both providers are certified under the EU-U.S. Data Privacy Framework; in addition we have entered into the Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR where the certification does not already cover this.

5. Retention periods

6. Cookies, local storage & similar

Beat Marker uses no tracking cookies, no web-analytics tool (no Google Analytics, Matomo, Plausible, etc.), and no advertising pixels. Only strictly necessary storage is used:

Strictly necessary storage of this kind does not require consent under § 165(3) of the Austrian Telecommunications Act 2021. There is therefore no cookie banner.

7. Your rights

You have the following rights, which you can exercise at any time by emailing contact@beatmarker.app:

8. Changes to this policy

We may update this policy when the legal framework or our processing activities change. The current version is always available at beatmarker.app/privacy.