Privacy & Cookies Policy, GDPR

Last updated: 13 July 2025

1. Who we are

Tone Tailor (“we”, “our”, “us”) provides an online audio-mastering application available at https://tonetailor.com. The service is owned and operated by Zygfryd Słapik and Gratai Phuangsanga, Hlonda 10E St., 02-972 Warsaw, Poland.

We are the data controller for personal data processed through this website within the meaning of the EU General Data Protection Regulation (“GDPR”).

2. Scope of this policy

This policy explains how we collect, use, disclose, and safeguard your personal data when you:

  • visit or interact with our website or mobile interfaces,
  • create a Tone Tailor account or log in,
  • upload audio to be mastered (USD 2.99 per mastered minute),
  • make a payment through Stripe, and/or
  • communicate with us by e-mail, form, or social media.

3. Personal data we collect

3.1 Data you provide directly

  • Account details —name, e-mail, password (hashed), country.
  • Audio files & project metadata —file names, length-in-minutes, genre, notes.
  • Payment details —billing address and transaction identifiers (processed by Stripe; we never see full card numbers).
  • Support communications —content of e-mails, tickets, chat messages.

3.2 Data collected automatically

  • Log data —IP address, browser type, operating system, pages viewed, referring URLs, date/time stamps.
  • Cookies & similar technologies —see § 6 below.

4. Legal bases for processing (GDPR Art. 6)

  • Contract performance—to create your account, master your audio, and deliver the finished files.
  • Legitimate interests—to ensure security, prevent fraud, and improve our service.
  • Legal obligations—to meet tax, accounting, and anti-fraud requirements.
  • Consent—for optional cookies/analytics and marketing e-mails (opt-in).

5. How we use your data

  1. Provide, operate, and maintain the Tone Tailor platform.
  2. Calculate mastering charges (USD 2.99 per minute) and process payments via Stripe.
  3. Send transactional messages (invoices, password resets, service notices).
  4. Improve audio-processing algorithms, user experience, and security.
  5. Comply with applicable laws, court orders, and enforcement requests.

6. Cookies & similar technologies

Cookies are small text files stored on your device. Some are essential for our site to work; others help us understand usage or remember preferences. We respect the ePrivacy Directive and GDPR consent rules—non-essential cookies are set only after you opt in.

NameTypePurposeLifespan
PHPSESSID Essential / First-party Maintains your session state across page requests. Until browser is closed
tt_auth Functional / First-party Keeps you logged in after you tick “remember me”. 30 days
stripe_sid, stripe_mid Essential / Third-party (Stripe) Fraud prevention and secure payment processing. 1 year
(optional-analytics) Analytics / First-party Provides aggregated site-usage statistics (set only if you consent). 13 months

Managing cookies

You can adjust cookie preferences at any time via our “Cookie Settings” banner or by configuring your browser to block or delete cookies. Essential cookies may be required for some functionality to work.

7. Payment processing via Stripe

All card payments are handled by Stripe. When you pay, your card details go directly to Stripe and are never stored on our servers. Stripe is PCI-DSS Level 1 certified and acts as a separate data controller. See Stripe’s privacy policy.

8. Data retention

  • Account data—kept until you delete your account or 5 years after your last login, whichever comes first.
  • Audio files—stored for 90 days after mastering to allow redownload; then automatically erased or anonymised.
  • Invoices & payment records—retained for 7 years to fulfil tax obligations.
  • Support e-mails—kept for 2 years for reference, unless you request earlier deletion.

9. Sharing & disclosure

We do not sell or rent your data. We share it only with:

  • Service providers (cloud hosting, e-mail, analytics) under written contracts that require the same level of protection.
  • Payment processor Stripe (see § 7).
  • Law-enforcement or regulators if required by law.
  • Successor entities in the event of a merger or acquisition, with prior notice to you.

10. International transfers

Your data may be processed outside the European Economic Area when we use global service providers (e.g., Stripe, AWS). Transfers rely on:

  • adequacy decisions (e.g., EU-U.S. Data Privacy Framework), or
  • Standard Contractual Clauses plus supplementary safeguards.

11. Security measures

  • HTTPS/TLS 1.3 encryption.
  • Salted & hashed passwords (bcrypt).
  • Least-privilege access controls.
  • Regular penetration testing & vulnerability scans.
  • Server-side encryption of stored audio files.

12. Your rights (GDPR Arts. 15-22)

You have the right to:

  1. Access your personal data.
  2. Rectify inaccurate data.
  3. Erase data (“right to be forgotten”).
  4. Restrict or object to processing.
  5. Data portability.
  6. Withdraw consent at any time (for consent-based processing).
  7. Lodge a complaint with a supervisory authority (Polish DPA – UODO).

To exercise any right, e-mail us at info@tonetailor.com.

13. Children’s privacy

Tone Tailor is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Changes to this policy

We may update this policy occasionally. Material changes will be announced on our website or by e-mail. The “Last updated” date at the top shows when the policy was last revised.

15. Contact us

Tone Tailor | Zygfryd Słapik & Gratai Phuangsanga
Hlonda 10E St., 02-972 Warsaw, Poland
info@tonetailor.com

16. Conditions of Access to the Services

  1. Service limits. Tone Tailor may set reasonable technical and commercial boundaries on the use of its platform, including but not limited to:
    • automatic deletion of uploaded and mastered audio 72 hours after delivery;
    • a maximum individual file size of 1 GB and a cap of 10 concurrent uploads per account;
    • fair-use limits on the total number of mastering jobs or API calls in any 24-hour period, as displayed on your dashboard;
    • a validity period of 12 months for any pre-purchased mastering minutes or subscription credits.
    We make no guarantee that any file, message, or other content will be preserved beyond these limits.
  2. Service changes and interruptions. We may modify, suspend, or discontinue the platform—in whole or in part—at any time, temporarily or permanently, without liability to you. We may also suspend or terminate your account, with or without notice, if we reasonably believe you have violated our Terms, this Policy, or applicable law.
  3. Use at your own risk. You acknowledge that you access Tone Tailor at your own risk and agree that:
    • the service may not meet all of your individual expectations;
    • access may be interrupted or error-prone due to maintenance, technical issues, or events beyond our control;
    • the automatic mastering output is provided “as-is” and “as-available,” and we do not warrant that it will be accurate, complete, or suitable for any particular purpose.