Privacy Policy
Effective: June 26, 2026
WeavyAudio ("we", "us") is committed to protecting your personal data. This policy explains what we collect, why, and your rights under GDPR (EU) and applicable US state privacy laws.
1. Data We Collect
- Account data: business name, email address, hashed password, account status.
- Location data: name of your venue/location (as you enter it).
- Billing data: Stripe handles card details directly. We store your Stripe customer ID and subscription status only.
- Usage data: play events (track ID, timestamp, location ID) for licensing audit purposes.
- Technical data: IP address, device type, app version, for security and debugging.
2. How We Use Data
- Providing and improving the Service (contract performance).
- Processing payments and managing your subscription (contract performance).
- Generating your license certificate (contract performance).
- Maintaining play logs for licensing compliance (legitimate interest).
- Sending transactional emails — receipts, renewal reminders, service alerts (contract performance).
- Security monitoring and fraud prevention (legitimate interest).
We do not sell your personal data. We do not use your data for advertising.
3. Data Retention
Account data is retained for the duration of your subscription plus 3 years (legal/audit obligations). Play event logs are retained for 7 years. You may request deletion of your account at any time; deletion removes your personal data subject to legal retention requirements.
4. Third-Party Processors
- Stripe — payment processing. Subject to Stripe's privacy policy.
- Your MySQL server — all application data is stored on your own infrastructure.
5. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access a copy of your personal data.
- Correct inaccurate data.
- Request deletion ("right to be forgotten"), subject to legal obligations.
- Restrict or object to processing.
- Data portability (receive your data in a machine-readable format).
- Lodge a complaint with your national supervisory authority.
To exercise any right, email privacy@weavyaudio.com. We respond within 30 days.
6. Data Security
Passwords are hashed with bcrypt (cost factor 12). Data in transit is encrypted with TLS. Streaming URLs are signed and time-limited. Database access is restricted to application-layer credentials. We conduct periodic security reviews.
7. Cookies
We use only a single session cookie (HttpOnly, Secure, SameSite=Lax) for authentication. We do not use analytics, advertising, or third-party tracking cookies.
8. Children
The Service is not directed at individuals under 18. We do not knowingly collect data from minors.
9. Updates
We may update this policy. We will notify you by email at least 14 days before material changes take effect.
10. Contact
Data controller: WeavyAudio (contact privacy@weavyaudio.com).