This policy applies to artyphonic.com, the Artyphonic studio app, the private client Rooms we host on a studio's behalf, and the free producer tools. Artyphonic is operated by SCARABYTE DIGITAL S.R.L.(“Artyphonic”, “we”, “us”), a company registered in Romania. For privacy questions, contact privacy@artyphonic.com.
1. Who we are
Artyphonic is a private client studio for mix and master engineers: one Room per client for versions, timestamped notes, approvals and direct payment, plus a set of free, in-browser producer tools. The data controller for the matters described in this policy is:
SCARABYTE DIGITAL S.R.L.
Str. Nerva Traian Nr. 27-33, Birou Nr. 6, Scara B, Etaj 1, Sector 3, Bucharest, Romania
CUI: 52002403 · Reg. Com.: J2025044033007 · EUID: ROONRC.J2025044033007
Contact: privacy@artyphonic.com
2. What we collect
- Account data — your name, email, a securely hashed password, and an optional profile photo.
- Studio content — Rooms, projects, audio and other files you upload, version history, comments and approvals, and the client contacts (name, email, notes) you add.
- Client Room data — when your client opens a Room link, the name they type on their notes, the comments they leave, their listening activity, and the email they enter at checkout to receive a receipt. Clients do not need an account.
- Payment data — handled by Stripe. We receive confirmation of a payment, amounts, the last digits/brand of a card and payout status; we never see or store full card numbers.
- Usage & device data — pages and features used, actions taken, approximate location from IP, browser and device type, collected through analytics (see §6).
- Referral data — if you arrive through an affiliate link, a referral identifier so we can credit the partner.
- Communications — emails and messages you send us, and our replies.
3. How & why we use it (and our legal bases)
Under the GDPR/UK GDPR we rely on the following bases:
- To provide the service — create your account, host your Rooms and files, deliver mixes to your clients, run the tools. Legal basis: performance of a contract.
- To take payment — process your subscription and route client payments through Stripe. Legal basis: contract; legal obligation (tax/accounting).
- To keep it secure & working — prevent fraud and abuse, debug, back up. Legal basis: legitimate interests; legal obligation.
- To understand and improve the product — analytics on how features are used. Legal basis: consent (where required) or legitimate interests.
- To run referrals & send updates — affiliate attribution and optional product emails. Legal basis: consent.
We do not sell your personal data, and we do not use your private audio to train AI models.
4. Who we share it with
We share data only with the service providers (“processors”) that make Artyphonic run, each under a data-processing agreement:
| Provider | What for | Where |
|---|---|---|
| Stripe | Payments, subscriptions, payouts (Stripe Connect) | US / EU |
| Cloudflare | File storage (R2), CDN, security | Global |
| Google Analytics | Website traffic analytics | US / EU |
| PostHog | Product analytics | US / EU |
| Affonso | Affiliate referral attribution | US / EU |
We also rely on infrastructure providers for application hosting and transactional email, under the same processor terms. We share your client's Room content with your studio (that is the point of the product), and we may disclose data where required by law, to protect rights and safety, or in connection with a merger or acquisition. We never sell or rent your data to advertisers.
5. Payments
Subscriptions are billed by us through Stripe. When your client pays to unlock files, the money goes to your own connected Stripe account — you are the seller and merchant of record for that transaction, and we take no cut of it. Card details are handled entirely by Stripe under its own privacy policy and PCI-DSS certification; we never receive full card numbers.
6. Cookies & analytics
We use a small number of cookies: essential ones that sign you in and remember your choices, analytics cookies (Google Analytics, PostHog), and a marketing cookie for affiliate attribution (Affonso). Everything except the essentials is opt-out: it is on by default and you can switch any category off at any time from the cookie banner or the cookie preferences panel — turning a category off stops the collection, not just deletes the cookie. See the preferences panel for the full cookie-by-cookie breakdown and durations.
7. International transfers
Some of our providers are based in the United States. Where personal data leaves the UK/EEA, the transfer is covered by appropriate safeguards — Standard Contractual Clauses and, where applicable, the EU-US/UK Data Privacy Framework.
8. How long we keep it
We keep your data for as long as your account is active and as needed to provide the service. After you close your account we delete or anonymise personal data within a reasonable period, except where we must keep records longer for legal, tax or fraud-prevention reasons (for example, payment records). You can ask us to delete your data sooner — see your rights below.
9. Your rights
Depending on where you live, you have the right to:
- Access the personal data we hold about you, and get a copy (portability).
- Correct data that is wrong or incomplete.
- Delete your data (“right to be forgotten”).
- Restrict or object to certain processing, including direct marketing.
- Withdraw consent at any time, without affecting prior processing.
California residents (CCPA/CPRA):you have the right to know, delete, and correct your personal information, and to opt out of its “sale” or “sharing”. We do not sell or share personal information as those terms are defined, and we will not discriminate against you for exercising any right.
To exercise any right, email privacy@artyphonic.com. If you are in the UK/EEA and think we have mishandled your data, you may also complain to your local supervisory authority.
10. Security
We protect your data with encryption in transit, hashed passwords, access controls, and private, signed links for audio and files. Client Room links are unguessable and can be revoked by the studio at any time. No system is perfectly secure, but we work hard to keep yours safe and will notify you and the authorities of any breach as required by law.
11. Children
Artyphonic is for professional and adult use and is not directed at children under 16. We do not knowingly collect data from children; if you believe a child has given us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy as the product evolves. We will change the date at the top and, for material changes, give you notice. Continuing to use Artyphonic after an update means you accept the revised policy.
13. Contact us
Privacy questions or requests: privacy@artyphonic.com. Anything else: hello@artyphonic.com. If you are in the UK/EEA and believe we have mishandled your data, you may also complain to your local data protection supervisory authority (in Romania, the ANSPDCP).
SCARABYTE DIGITAL S.R.L.
Str. Nerva Traian Nr. 27-33, Birou Nr. 6, Scara B, Etaj 1, Sector 3, Bucharest, Romania
CUI: 52002403 · Reg. Com.: J2025044033007 · EUID: ROONRC.J2025044033007
