Privacy Policy

Last updated: May 10, 2026

1. What We Collect

  • Email address — provided when you place an order, used to deliver your mix and send order updates
  • Google account info — if you choose to verify your identity via "Sign in with Google," we receive your name and email address from Google. We use only the email to confirm ownership of your order. We do not store your Google profile picture or any other Google account data beyond what is needed for session authentication.
  • Audio files — vocals and beats you upload, stored temporarily for processing and delivery
  • Payment information — handled entirely by Stripe; we never see or store your card details
  • Usage data — basic server logs (IP address, request timestamps) for security, rate limiting, and debugging

2. How We Use Your Data

  • To process and deliver your audio mix
  • To send transactional emails (order confirmation, delivery notification, revision delivery, magic download links)
  • To verify your identity before allowing file downloads
  • To handle revisions and support requests
  • To enforce rate limits and protect against abuse
  • We do not sell, rent, or share your personal data with third parties for marketing purposes

3. Audio File Retention

  • Your uploaded files (vocals, beats) are retained for 48 hours after upload. This window allows demo customers to upgrade to a paid mix without re-uploading their files.
  • Completed mix files are stored for 48 hours after delivery. This window gives you time to listen, download, and request revisions.
  • Each approved and delivered revision resets the 48-hour window, giving you a fresh 48 hours from the revised delivery time.
  • After the retention window closes, all source files and output files for your order are permanently and automatically deleted from our cloud storage. We do not retain backups.
  • Files from unpaid or abandoned orders are deleted within 48 hours of creation.

4. Download Verification & Session Data

  • To download your files, we verify that you own the email address associated with your order.
  • Google sign-in: If you choose this option, we use NextAuth.js to authenticate with Google OAuth 2.0. Your Google session is stored as a secure, short-lived cookie. We only use your Google email to match it against your order.
  • Magic link: If you choose email verification, we generate a cryptographically signed link (HMAC-SHA256) and email it to you. The link expires after 15 minutes. No verification token is stored in our database — it is stateless.
  • Verified email status is stored in your browser's localStorage for session continuity. This data stays on your device and is not sent to our servers.

5. Subscription Billing Data

  • If you subscribe to a paid plan, we store the following billing-related data: your email address, your subscription plan and billing cycle, your Stripe customer ID, your subscription status (active, past due, canceled), period start and end dates, and a count of mixes used in the current billing period.
  • We do not store your card number, expiration date, CVC, or any other payment instrument data — Stripe holds all of this securely on their PCI-compliant infrastructure.
  • You can view, update, or cancel your subscription at any time via the Stripe-hosted billing portal accessible from your order portal.
  • If you cancel your subscription, your billing record is retained for accounting and tax purposes for up to 7 years as required by law. Other personal data (email, mix history) can be deleted on request — see Section 8.

6. Third-Party Services

  • Stripe — payment processing. Subject to Stripe's Privacy Policy
  • Google OAuth — optional identity verification for downloads. Subject to Google's Privacy Policy. Using Google sign-in is optional — email magic links work for any email address.
  • Backblaze B2 — encrypted cloud storage for audio files (US-West region)
  • SendGrid / Gmail SMTP — transactional email delivery (order confirmations, mix delivery, magic links)

7. Cookies

We use only essential cookies necessary to operate the service. If you sign in with Google, a session cookie is set by NextAuth.js. We do not use tracking, advertising, or analytics cookies.

8. Your Rights

  • You may request deletion of your personal data (email address and associated order records) at any time by emailing hello@rvsns.com.
  • Audio files are automatically deleted after the 48-hour retention window as described above — no action needed on your part.
  • If you signed in with Google, you can revoke rvsns's access at any time from your Google account's security settings.

9. Security

All data is transmitted over HTTPS. Audio files are stored with private access controls and accessed only via short-lived presigned URLs. Download verification uses cryptographically signed tokens. We apply industry-standard security practices across the service.

10. Children

rvsns is not directed at children under 13. We do not knowingly collect data from children under 13.

11. DMCA & Copyright Claims

To report copyright infringement, send a DMCA takedown notice to dmca@rvsns.com. See our full DMCA Policy for the designated agent's contact information, the required format for a valid notice, and the counter-notification process.

12. Contact

Privacy questions or data deletion requests: hello@rvsns.com