Privacy Policy

Last updated: May 6, 2026

1. What We Collect

  • Email address — provided when you place an order, used to deliver your mix and send order updates
  • Google account info — if you choose to verify your identity via "Sign in with Google," we receive your name and email address from Google. We use only the email to confirm ownership of your order. We do not store your Google profile picture or any other Google account data beyond what is needed for session authentication.
  • Audio files — vocals and beats you upload, stored temporarily for processing and delivery
  • Payment information — handled entirely by Stripe; we never see or store your card details
  • Usage data — basic server logs (IP address, request timestamps) for security, rate limiting, and debugging

2. How We Use Your Data

  • To process and deliver your audio mix
  • To send transactional emails (order confirmation, delivery notification, revision delivery, magic download links)
  • To verify your identity before allowing file downloads
  • To handle revisions and support requests
  • To enforce rate limits and protect against abuse
  • We do not sell, rent, or share your personal data with third parties for marketing purposes

3. Audio File Retention

  • Your uploaded files (vocals, beats) are retained for 48 hours after upload. This window allows demo customers to upgrade to a paid mix without re-uploading their files.
  • Completed mix files are stored for 48 hours after delivery. This window gives you time to listen, download, and request revisions.
  • Each approved and delivered revision resets the 48-hour window, giving you a fresh 48 hours from the revised delivery time.
  • After the retention window closes, all source files and output files for your order are permanently and automatically deleted from our cloud storage. We do not retain backups.
  • Files from unpaid or abandoned orders are deleted within 48 hours of creation.

4. Download Verification & Session Data

  • To download your files, we verify that you own the email address associated with your order.
  • Google sign-in: If you choose this option, we use NextAuth.js to authenticate with Google OAuth 2.0. Your Google session is stored as a secure, short-lived cookie. We only use your Google email to match it against your order.
  • Magic link: If you choose email verification, we generate a cryptographically signed link (HMAC-SHA256) and email it to you. The link expires after 15 minutes. No verification token is stored in our database — it is stateless.
  • Verified email status is stored in your browser's localStorage for session continuity. This data stays on your device and is not sent to our servers.

5. Third-Party Services

  • Stripe — payment processing. Subject to Stripe's Privacy Policy
  • Google OAuth — optional identity verification for downloads. Subject to Google's Privacy Policy. Using Google sign-in is optional — email magic links work for any email address.
  • Backblaze B2 — encrypted cloud storage for audio files (US-West region)
  • SendGrid / Gmail SMTP — transactional email delivery (order confirmations, mix delivery, magic links)
  • YouTube / yt-dlp — if you search and select a beat via our studio tool, the beat audio is sourced from YouTube. You are responsible for ensuring you have the right to use that beat.

6. Cookies

We use only essential cookies necessary to operate the service. If you sign in with Google, a session cookie is set by NextAuth.js. We do not use tracking, advertising, or analytics cookies.

7. Your Rights

  • You may request deletion of your personal data (email address and associated order records) at any time by emailing hello@rvsns.com.
  • Audio files are automatically deleted after the 48-hour retention window as described above — no action needed on your part.
  • If you signed in with Google, you can revoke rvsns's access at any time from your Google account's security settings.

8. Security

All data is transmitted over HTTPS. Audio files are stored with private access controls and accessed only via short-lived presigned URLs. Download verification uses cryptographically signed tokens. We apply industry-standard security practices across the service.

9. Children

rvsns is not directed at children under 13. We do not knowingly collect data from children under 13.

10. DMCA & Copyright Claims

To report copyright infringement, send a DMCA takedown notice to dmca@rvsns.com. See our Terms of Service §13 for the required contents of a valid notice.

11. Contact

Privacy questions or data deletion requests: hello@rvsns.com