MixReview.App

Privacy Policy

Version 1.0 · Last Updated: Feb 24, 2026

1. Controller

Arne SchumannKyffhäuserstrasse 1610781 BerlinGermanyEmail: mail(at)arneschumann.music

The above person is the controller within the meaning of the General Data Protection Regulation (GDPR) with regard to personal data processed through THE SERVICE.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors of the website
  • Registered users (THE CREATOR)
  • Invited authorized users (THE CUSTOMER)

It explains how personal data is processed when accessing and using THE SERVICE.

3. Categories of Personal Data

Depending on use, the following data may be processed:

  • Name
  • Email address
  • Account credentials
  • IP address
  • Login timestamps
  • Session identifiers
  • Project access logs
  • Communication data
  • Billing information (if applicable)
  • Technical log data
  • Error reports

Audio files uploaded by users may contain personal data if included by the uploader.

4. Purposes and Legal Basis

4.1 Account Registration and Access

Purpose:

  • Account creation
  • Authentication
  • Access management
  • Project collaboration

Legal basis:

  • Art. 6(1)(b) GDPR (contract performance) for THE CREATOR
  • Art. 6(1)(f) GDPR (legitimate interest in secure access management) for authorized users

4.2 Hosting and Infrastructure

THE SERVICE uses third-party infrastructure providers, including:

  • Cloudflare (content delivery and infrastructure services)
  • Supabase (authentication and database services)

These providers process data on behalf of THE SERVICE PROVIDER.

Legal basis:

  • Art. 6(1)(b) GDPR
  • Art. 6(1)(f) GDPR

4.3 Transactional Emails (Resend)

Transactional emails (e.g., login links, account notifications) are sent via Resend.

Processed data may include:

  • Email address
  • Email content
  • Technical delivery metadata

Legal basis:

  • Art. 6(1)(b) GDPR
  • Art. 6(1)(f) GDPR

4.4 Payment Processing

Subscription payments may be processed via external providers such as Stripe. Payment data is processed directly by the respective payment provider. THE SERVICE PROVIDER does not store full payment card details.

The payment provider acts as an independent controller.

Legal basis:

  • Art. 6(1)(b) GDPR

4.5 Error Monitoring and System Security

THE SERVICE may use error tracking and monitoring tools to ensure system stability and security. Such tools may process:

  • IP address
  • Device and browser information
  • Error logs
  • Technical usage context

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation)

Error monitoring is used solely for technical diagnostics.

5. Cookies

THE SERVICE uses technically necessary cookies for:

  • Secure authentication
  • Session management
  • Protection against unauthorized access

These cookies are required for the operation of the platform and do not require consent.

No marketing or tracking cookies are used.

6. Data Retention

Personal data is retained:

  • For the duration of the contractual relationship
  • Until account deletion
  • As required by statutory retention obligations

After termination, certain data may be retained for legal compliance or security purposes before deletion.

7. Data Sharing

Personal data may be shared with:

  • Hosting and infrastructure providers (Cloudflare, Supabase)
  • Email delivery providers (Resend)
  • Payment providers (e.g., Stripe)
  • Error monitoring providers

All providers are carefully selected and contractually bound where required by law.

Personal data is not sold.

8. International Data Transfers

Some service providers may process data outside the European Economic Area (EEA). In such cases, data transfers are based on:

  • Adequacy decisions of the European Commission, or
  • Standard Contractual Clauses (SCCs), or
  • Other legally recognized safeguards

9. Data Subject Rights

You have the right to:

  • Access your personal data
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Object to processing

You have the right to lodge a complaint with a supervisory authority.

10. Security Measures

Appropriate technical and organizational measures are implemented to protect personal data against:

  • Unauthorized access
  • Loss
  • Alteration
  • Disclosure

However, no internet-based system can be guaranteed to be completely secure.

11. Processing on Behalf of Creators

Where THE CREATOR uploads or manages personal data within projects, THE SERVICE PROVIDER may act as a processor within the meaning of Art. 28 GDPR.

In such cases, a separate Data Processing Agreement (DPA) governs the relationship between THE CREATOR and THE SERVICE PROVIDER.

12. Changes to This Policy

This Privacy Policy may be updated from time to time. The current version is always available on the website.