Privacy Policy

Version date: 29 March 2026

1. Who we are

Earshots.io is a trading name currently operating as a pre-incorporation entity. References to "Earshots.io", "we", "us", or "our" in this policy refer to the Earshots.io platform and its operators.

We operate a cloud-based audio-against-picture review platform designed for use by audio post-production professionals, music supervisors, sound houses, and their clients. Data controller contact details are available on request.

If you have any questions about this policy or how we handle your data, contact us at: privacy@earshots.io

2. Scope

This policy applies to all personal data processed through the Earshots.io platform, including data provided by organisations (B2B clients) and their end users (reviewers, composers, music supervisors, editors, and other collaborators).

We act as:

• Data Controller — in respect of account holders and billing contacts
• Data Processor — in respect of personal data uploaded or generated by our clients within projects (e.g. end-user email addresses, comments, and audio/video content)

3. What data we collect

3.1 Account and identity data

• Name and email address
• Company name and role (optional but encouraged)
• Password (stored as a hashed value — never in plain text)
• Billing information (processed by our payment provider; we do not store card details)

3.2 Project and usage data

• Audio and video files uploaded to projects
• Timestamped comments and playback annotations
• Share link activity (access events, IP addresses, timestamps)
• Platform usage data (pages visited, features used, session duration)

3.3 Technical data

• IP address and approximate geolocation
• Browser type and version
• Device type and operating system
• Cookies and session tokens (see Section 9)

3.4 Communications

• Support requests and correspondence
• Survey responses or feedback you choose to submit

4. Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

• Contract performance — to provide the Earshots.io service to account holders
• Legitimate interests — for platform security, fraud prevention, and product improvement
• Legal obligation — to comply with applicable law (e.g. tax records, law enforcement requests)
• Consent — for non-essential cookies and marketing communications, where opt-in consent is obtained

5. How we use your data

• To create and manage your account
• To deliver the platform's core features (file storage, review, sharing, comments)
• To send transactional emails (account activation, password reset, share link notifications)
• To investigate and resolve support issues
• To monitor platform security and detect abuse
• To improve the product through aggregated, anonymised analytics
• To comply with our legal obligations

We do not use your data to train AI or machine learning models. We do not sell your data to third parties.

6. Storage and infrastructure

Files uploaded to Earshots.io (audio, video, and project data) are stored using Amazon Web Services S3 object storage, with data held in AWS US-East regions. Database records (accounts, project metadata, comments) are stored in Supabase, which is hosted on infrastructure within the European Economic Area.

We have selected these providers specifically for their data residency controls and security posture.

7. Access controls and internal data handling

Access to client project data is strictly limited. The following controls are in place:

• Founders and employees of Earshots.io do not have routine access to client project content
• Database-level access is restricted to the Chief Technology Officer for operational purposes only
• Access events at infrastructure level are logged and auditable
• No client project data is shared between competing client accounts

We take our position as a platform used by competing commercial entities seriously. Our access controls are designed to ensure that no commercially sensitive information — including client lists, project timings, or creative content — is accessible to platform operators in the ordinary course of business.

8. Data sharing

We share personal data only with:

• Infrastructure providers acting as processors on our behalf (Amazon Web Services, Cloudflare, Supabase, Netlify)
• Payment processors (e.g. Stripe) for billing purposes
• Professional advisors (legal, accountancy) bound by confidentiality obligations
• Law enforcement or regulatory bodies when required by law

We do not share client data with other clients, third-party advertisers, or data brokers.

9. Cookies

We use strictly necessary cookies to maintain your session and authenticate your account. We do not use third-party advertising cookies.

Analytics cookies (where used) are first-party and anonymised. You will be presented with a cookie preference banner on first visit and can update your preferences at any time via your account settings.

10. Data retention

• Active account data is retained for the duration of your subscription plus 12 months
• Deleted project files are removed within 30 days of deletion
• Billing records are retained for 7 years as required by HMRC
• Support correspondence is retained for 3 years
• Server logs are retained for 90 days

11. Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data (subject to legal retention obligations)
• Restriction — ask us to pause processing in certain circumstances
• Portability — receive your data in a machine-readable format
• Object — to processing based on legitimate interests
• Withdraw consent — where processing is consent-based

To exercise any of these rights, email privacy@earshots.io. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. International transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or reliance on adequacy decisions where applicable.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to account holders at least 14 days before they take effect. Continued use of the platform following notification constitutes acceptance.

14. Contact

Earshots.io
Email: privacy@earshots.io
Website: earshots.io