This Privacy Policy explains what personal data Wavloops (operated by VITRUVE STUDIO, SIREN 884 465 089) collects, how it is used, and the rights you have under the European General Data Protection Regulation (GDPR).
1. Data we collect
From producers (account holders)
- Email address — for sign-in and notifications.
- Profile — display name, optional handle, optional avatar.
- Content — beats, cover art, server settings, contact lists, comments, descriptions you upload or write.
- Usage data — pages visited, session timestamps, IP address, browser user-agent (used to detect abuse).
- Billing — when you upgrade, Stripe collects card details and shares with us a customer ID, last 4 digits, brand, country and billing email. We never see or store full card numbers.
From artists (server visitors)
- Email address — for sign-in to private servers.
- Optional social profile — when an access request is required by a private server.
- Listening signal — which beats are played, liked, and at what time, for analytics shown to the producer.
2. How we use it
- To operate the Service (sign-in, content delivery, analytics);
- To process payments and prevent fraud (Stripe);
- To send transactional emails (sign-in links, billing receipts, critical security notices). We do not send marketing emails without a clear opt-in;
- To improve the Service: aggregate, non-personal usage trends inform product decisions.
3. Legal basis
We process personal data on the basis of (a) contract — to provide the Service you signed up for; (b) legitimate interest — to secure the platform and prevent abuse; and (c) consent — for any optional feature that requires it (e.g. marketing email opt-in).
4. Sub-processors
We rely on the following providers, each bound by a data-processing agreement:
- Supabase — database + file storage + auth (EU region).
- Vercel — application hosting, CDN, edge functions (region: EU/US depending on the request).
- Stripe — payment processing (Ireland + US for fraud detection).
- Resend — transactional email delivery (US).
5. Data retention
- Active accounts: data is kept as long as your account is open.
- Closed accounts: content (beats, servers, contacts, analytics) is deleted within thirty (30) days. Billing records are kept for ten (10) years for accounting law compliance.
- Server logs: kept for ninety (90) days for incident-response purposes, then purged.
6. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your account and personal data;
- Receive a copy of your data in a portable format;
- Object to or restrict certain processing activities (where applicable);
- Lodge a complaint with the CNIL (the French data-protection authority) at cnil.fr.
To exercise any of these rights, email contact@wavloops.co from the address linked to your account. We respond within thirty (30) days.
7. International transfers
Some sub-processors operate outside the European Economic Area. When data is transferred, we rely on the Standard Contractual Clauses approved by the European Commission as a transfer mechanism.
8. Children
Wavloops is not intended for children under 16. We do not knowingly collect data from anyone below that age. If you believe a minor has opened an account, write to contact@wavloops.co and we will remove it.
9. Cookies
See the dedicated Cookie Policy for the complete list and your control over them.
10. Changes to this policy
Material changes will be announced by email or a prominent in-app notice at least seven (7) days before they take effect.
11. Contact
Privacy questions: contact@wavloops.co.