Privacy Policy

Who We Are

BeatTaste ("we", "us", "our") operates the BeatTaste platform — a curated beat discovery service. We are the data controller responsible for the personal information you provide to us.

This Privacy Policy applies to all visitors and registered users of the platform, including those who browse without an account, create a free account, or interact with any part of our service.

If you have any questions about how your data is handled, please contact us at privacy@beattaste.com.

What Data We Collect

When you create an account or use account features, we collect:

• Email address — used for authentication and, where you opt in, product updates
• Username / display name — shown in your account profile
• Password — stored in hashed, encrypted form; we never store your plaintext password
• Profile information — any optional details you choose to add to your account
• User-generated content — text drafts (lyrics, notes, ideas) and playlist names you create and save on the platform

When you visit or use BeatTaste, we automatically receive certain technical data:

• IP address — used for security, abuse prevention, and approximate geolocation (country/region level only)
• Device and browser information — browser type, operating system, screen resolution, language settings
• Usage data — pages visited, beats played, filters used, time spent on the platform
• Referral source — how you arrived at BeatTaste (e.g. search engine, direct link)

For registered users, we additionally log:

• Liked beats — the list of beats you have added to your likes
• Downloaded beats — a record of which beats you have downloaded, used for abuse prevention and your personal download history
• Playlists — names, descriptions, and beat contents of playlists you create
• Feed preferences — genre and style preferences you set to personalize your beat feed
• Session data — authentication tokens and session identifiers

How We Use Your Data

We use the information we collect for the following purposes:

• Creating and managing your account
• Authenticating your identity when you log in
• Storing your likes, playlists, drafts, and preferences
• Enabling beat downloads for registered users
• Personalizing your beat feed and recommendations

• Analyzing which beats, genres, and filters are most used
• Understanding how users navigate the platform to improve UX
• Identifying and fixing technical bugs and performance issues

• Detecting and preventing unauthorized access, scraping, and bot activity
• Monitoring for violations of our Terms & Conditions
• Preventing download abuse and enforcing per-account limits
• Investigating reports of content or copyright violations

• Sending transactional emails (e.g. account verification, password reset)
• Sending product updates or announcements — only if you have explicitly opted in

Legal Basis for Processing

Where applicable law requires a legal basis for processing your personal data (e.g. under GDPR), we rely on the following:

• Contract performance — processing necessary to provide the service you signed up for (account management, downloads, playlists, drafts)
• Legitimate interests — processing for security, fraud prevention, platform analytics, and service improvement, where these interests are not overridden by your rights
• Consent — for optional communications such as product newsletters, where you have explicitly opted in. You may withdraw consent at any time
• Legal obligation — where we are required by law to process or retain data (e.g. responding to valid legal requests)

Data We Do Not Collect

To be explicit about our minimal-data approach, BeatTaste does not collect or process:

• Payment or financial data — BeatTaste does not process any payments. All purchases and licensing happen on external third-party marketplaces. We have no access to your payment information
• Social media profile data — we do not offer social login and do not pull any data from social platforms
• Sensitive personal data — including racial or ethnic origin, religious beliefs, health data, sexual orientation, biometric data, or political opinions
• Location beyond country/region — we do not collect precise GPS or fine-grained location data
• Third-party behavioral data — we do not purchase or receive data about you from data brokers or external sources
• Advertising identifiers — we run no ads and build no advertising profiles
• AI training data — your drafts, playlists, and activity are never used to train machine learning models

Third-Party Services

BeatTaste is built on Supabase, which provides our database, authentication, and file storage infrastructure. Your account data, likes, playlists, and drafts are stored on Supabase servers. Supabase processes data in accordance with its own Privacy Policy and acts as a data processor on our behalf.

When you click through to a producer's page on an external marketplace (such as BeatStars or Airbit), you leave BeatTaste. We do not transmit your personal data to those platforms when you click a link. However, those platforms will collect their own data about your visit under their own privacy policies. We encourage you to review them before transacting.

We may use privacy-focused analytics tools to understand platform usage at an aggregate level. Where we do so, we configure them to minimize personal data collection — no cross-site tracking, no fingerprinting, no advertising integration.

BeatTaste does not integrate with Google Ads, Meta Ads, or any other advertising or retargeting network. We do not share your data with any ad tech company.

We may disclose personal data to law enforcement or government authorities if required by valid legal process (court order, subpoena), or where necessary to protect the rights, property, or safety of BeatTaste, our users, or the public.

Cookies & Tracking Technologies

BeatTaste uses a limited set of cookies and browser storage technologies:

• Authentication cookies — session tokens that keep you logged in. These are strictly necessary for the service to function
• Preference storage — local browser storage to remember your player settings (volume, repeat mode) and filter preferences
• Analytics cookies — if analytics are enabled, minimal cookies to count unique visits and track broad usage patterns. No cross-site tracking

We do not use:

• Third-party advertising cookies
• Cross-site tracking pixels
• Fingerprinting technologies
• Social media tracking widgets (no Like/Share buttons that send data to Facebook, Twitter, etc.)

You can control or delete cookies through your browser settings at any time. Note that disabling authentication cookies will prevent you from staying logged in. Most other cookies can be cleared without affecting your ability to browse the catalog.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

• Account data (email, username, preferences) — retained for the lifetime of your account
• Activity data (likes, downloads, playlists, drafts) — retained until you delete them or close your account
• Usage logs (access logs, IP addresses) — retained for up to 90 days for security purposes, then deleted or anonymized
• Legal hold — data may be retained longer where required by law or where needed to resolve an active dispute

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Content you have deleted (such as drafts or playlists) is removed immediately from the interface and purged from backups on their normal rotation schedule (typically 30 days).

Data Security

We take the security of your personal data seriously. We implement the following measures:

• Encryption in transit — all communication between your browser and our servers is encrypted via HTTPS/TLS
• Encrypted passwords — passwords are hashed using industry-standard algorithms. We never store plaintext passwords
• Access controls — access to personal data is restricted to authorized personnel only, on a need-to-know basis
• Supabase Row Level Security — your private data (drafts, playlists, likes) is protected at the database level so it is only accessible to your account
• Regular security reviews — we review our data practices and technical measures on an ongoing basis

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at security@beattaste.com.

International Data Transfers

BeatTaste's infrastructure, including our database provider Supabase, may store and process data on servers located in the United States or other countries. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

Where such transfers occur, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data remains protected.

Minors

BeatTaste is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe that a child under 13 has provided us with personal data, please contact us immediately at privacy@beattaste.com and we will take steps to delete that information.

Users between the ages of 13 and 18 may use BeatTaste with parental or guardian consent, as described in our Terms & Conditions.

Your Rights

Depending on where you are located, you may have certain rights regarding your personal data. We honor these rights for all users, regardless of jurisdiction.

• Access — you can view the personal data associated with your account at any time by visiting your account settings
• Correction — you can update inaccurate or incomplete information in your account settings
• Deletion — you can delete individual content items (drafts, playlists) at any time, or request full account deletion
• Data portability — you may request a copy of the personal data we hold about you in a machine-readable format
• Opt-out of communications — you can unsubscribe from marketing emails at any time using the unsubscribe link in any email we send

If you are based in the EEA or UK, you additionally have the right to:

• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Withdraw consent at any time (without affecting the lawfulness of prior processing)
• Lodge a complaint with your local data protection authority (e.g. ICO in the UK, or your national DPA in the EU)

If you are a resident of California or another US state with applicable privacy legislation, you have the right to:

• Know what categories of personal data we collect and how we use it
• Request deletion of your personal data
• Opt out of the "sale" or "sharing" of personal data — note: BeatTaste does not sell or share personal data for advertising purposes
• Non-discrimination for exercising your privacy rights

To exercise any of the rights above, contact us at privacy@beattaste.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page.

For significant changes affecting how we process your personal data, we will notify registered users by email or through a prominent notice on the platform before the changes take effect. Your continued use of BeatTaste after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out: