Bugatti SoundBugatti SoundPOOL
Sign inSign up
Legal

Privacy Policy

Last updated: 2026-05-05

We respect your privacy and only process data as described in this policy.

1. Who processes your data

Data controller: the Bugatti Sound project ("we", "us"). Contact: matrix198605@gmail.com.

2. What we collect

  • Registration: email, name (if provided), hashed password, sign-up date.
  • Google sign-in: email, public name, avatar (only what Google OAuth returns). We never see your Google password.
  • Content: tracks you upload, cover art, metadata (title, artist, BPM, key, genre, description).
  • Billing: subscription details (plan, status, dates). We do NOT store card numbers — ЮKassa handles all card data.
  • Technical: IP address, browser user-agent, minimal session info to prevent account takeovers.
  • Activity: tracks previewed, tracks downloaded, moderation status of uploaded content. Used to power your Dashboard and recommendations.

3. Why we process it

  • To provide the Service (catalog, subscription, uploads).
  • To process payments and confirm Premium status (via ЮKassa).
  • To send transactional email: sign-up confirmation, password reset, upload moderation status, payment receipts (via Resend).
  • To let moderators review uploaded tracks and decide about publication.
  • To maintain security (anti-bot, anti-spam, anti-takeover).

4. Who we share data with

We never sell your data to advertisers. We use the following processors:

  • Supabase (auth, database, file storage). Servers in the EU.
  • ЮKassa (payments, YooMoney NBCO LLC, Russia). Card details and payment records live with ЮKassa per their policy.
  • Resend (email delivery). Receives your email address and message contents.
  • Vercel (frontend hosting). Sees IP and user-agent on requests.
  • Google (if you use Google Sign-in) — sees the fact that you logged in to our Service.

5. How long we keep it

  • Account and uploaded tracks — until you delete them.
  • Billing records — 6 years (tax and bookkeeping requirement).
  • Technical logs — 30 days, then auto-deleted.

6. Your rights

At any time you may:

  • Request a copy of all data we hold about you.
  • Correct inaccurate data via settings or support.
  • Delete your account (from Dashboard or by request).
  • Withdraw consent (deleting the account equals withdrawal).
  • File a complaint with your local supervisory authority (e.g. your EU DPA, or the UK ICO).

7. Cookies and analytics

We only use strictly-necessary cookies for authentication. No third-party analytics (Google Analytics, Meta Pixel, etc.) is currently installed. If we add analytics we will update this policy and request consent where required by GDPR.

8. Children

The Service is not directed to users under 16. If we discover an account belongs to a minor without parental consent, we will delete it.

9. International transfers

Data may be processed in Russia (ЮKassa, under 152-FZ), the EU (Supabase) and the USA (Vercel, Resend, Google). All processors have been vetted and are GDPR-compliant.

10. Changes to this policy

We will notify you of material changes by email and in-app at least 14 days before they take effect.

11. Contact

Privacy questions: matrix198605@gmail.com.

Terms of Service · Home