Privacy Policy

Last updated: February 2026

1. Who we are

Earshots.io is a music supervision collaboration tool. This policy explains what personal data we collect, why we collect it, and your rights in relation to it.

2. What we collect

• Account information: your email address when you create an account or sign in.
• Uploaded files: video and audio files you upload to create projects. These are stored on your behalf and not analysed.
• Project data: project names, notes, comments, approvals, and settings you create within the Service.
• Usage data: anonymous play counts per project. IP addresses are one-way hashed immediately on receipt and the original is never stored.
• Session data: authentication tokens stored in your browser to keep you signed in.

3. How we store your data

• Database: project records and account data are stored using Supabase (PostgreSQL), hosted in the EU.
• Files: uploaded audio and video files are stored in Amazon S3 (AWS).
• Both providers operate under their own security and compliance programmes (SOC 2, ISO 27001).

4. Legal basis for processing

We process your data on the basis of:

• Contract performance — to provide the Service you have signed up for.
• Legitimate interests — to maintain the security and reliability of the Service.
• Consent — for cookies, where required.

5. Who we share data with

We do not sell your personal data. We share it only with:

• Infrastructure sub-processors (Supabase, Amazon Web Services) who process data strictly on our behalf.
• Law enforcement or regulatory bodies where legally required.

6. Cookies and local storage

We use browser cookies and local storage for authentication and session management only. We do not use tracking, analytics, or advertising cookies. You can decline cookies via the consent banner, though this will prevent you from staying signed in.

7. Data retention

Your data is retained for as long as your account is active. Projects not accessed for 90 days may be removed after prior email notification. You can delete individual projects at any time from your dashboard, which permanently removes associated files from our storage.

8. Your rights

Under UK GDPR and equivalent legislation you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data and account.
• Request a portable copy of your data.
• Object to or restrict processing in certain circumstances.

To exercise these rights, email hello@earshots.io. We will respond within 30 days.

9. Security

All data is transmitted over HTTPS. Files are stored in private S3 buckets. Access to project data is controlled by row-level security. We use authentication tokens with limited lifetimes.

10. Changes to this policy

We may update this policy periodically. We will notify registered users of material changes by email. The date at the top of this page indicates when it was last revised.

11. Contact

Privacy enquiries: hello@earshots.io