Privacy Policy

Last updated: November 25, 2025

1. Controller and Contact

The controller responsible for data processing in connection with ID within the meaning of the EU General Data Protection Regulation (GDPR) is:

Modular UG
Skalitzer Strasse 52
10997 Berlin
Deutschland
Represented by: Lorenz Aschoff

Email: privacy@id.audio

If you have any questions about this Privacy Policy or how we process your data, you can contact us at the email address above.

2. Data We Collect

We only collect the data that is necessary to operate ID, improve the product, and fulfill our legal obligations.

2.1 Account Data

We process:

• Email address
• Display name or artist name
• Password hash or authentication tokens (handled by our auth providers)
• Linked accounts (e.g. Sign in with Apple)

2.2 Content and Audio Data

We process:

• Metadata about uploaded audio (track titles, artists, labels, timestamps)
• Audio files and media you upload
• Artwork and project notes

Audio files are stored encrypted at rest (e.g. via Supabase Storage).

2.3 Usage and Device Data

We may collect:

• Device type, OS version, app version
• Log data (timestamps, feature usage, crash logs)
• Playback and interaction analytics in aggregated or pseudonymized form

2.4 Support and Communication Data

Includes:

• Email address
• Message content
• Attachments
• Related metadata

2.5 Payment and App Store Data

If purchases occur through app stores, we receive limited billing information (e.g. product purchased, subscription state). We do not store full payment details.

3. Purposes and Legal Bases

We process your data based on:

• Contract performance (Art. 6(1)(b) GDPR) — operating ID, managing accounts, storing and sharing audio.
• Legitimate interests (Art. 6(1)(f) GDPR) — improving stability, preventing misuse, aggregated analytics.
• Legal obligations (Art. 6(1)(c) GDPR).
• Consent (Art. 6(1)(a) GDPR) for optional analytics or marketing communications.

4. Cookies & Local Storage

Used for:

• Keeping you signed in
• Storing preferences
• Offline caching

If non-essential cookies are introduced later, consent will be requested.

5. Recipients and International Transfers

We share data only with service providers necessary to operate ID.

5.1 Processors

Examples:

• Cloud hosting and databases
• Authentication
• Logging and analytics
• Support email tools

5.2 Third Countries

If providers are outside the EU/EEA, we rely on:

• Adequacy decisions, or
• Standard Contractual Clauses with additional safeguards

6. Retention

We retain data only as long as required:

• Account data while the account is active
• Audio and metadata until you delete them or your account
• Logs for limited durations
• Legal records per statutory retention periods

Account deletion generally leads to deletion/anonymization within 30 days.

7. Your Rights under GDPR

Including:

• Right of access
• Rectification
• Erasure
• Restriction
• Data portability
• Objection
• Withdraw consent

You may contact: privacy@id.audio

You can also complain to your local supervisory authority.

8. Account Deletion & Export

You can request deletion or export by contacting privacy@id.audio. Deletion will remove or anonymize data within 30 days (unless retention obligations apply).

9. Security

We use technical and organizational measures such as:

• Encryption at rest
• Access controls
• System monitoring

No system is fully secure — report suspicious activity to support@id.audio.

10. Changes to This Policy

We may update this Policy. Material changes will be communicated. Continued use constitutes acceptance.

11. Contact

privacy@id.audio