Privacy Policy

Privacy Policy

This Privacy Policy explains how Finaural handles personal data when you use Finaural, Finaural Studio, the website, documentation, account features, billing, API access, and related support or communication channels.

1. Controller and contact

Finaural is the controller for the personal data described in this policy unless a separate agreement says otherwise. Finaural is represented by Aras Yadegari, Im Zollhafen 18, 50678 Cologne, Germany. For privacy requests or questions, use the contact form or the privacy contact method provided in the product.

2. Data we process

We process account and contact data, authentication data, workspace membership and role data, billing and plan data, API key metadata, support messages, product communications, security logs, device and browser information, IP address, locale and preference data, usage events, and Studio project data. Studio project data can include uploaded, recorded, imported, generated, rendered, exported, or delivered media; project files; prompts; generation settings; asset metadata; markers; comments; approvals; versions; revisions; delivery outputs; and related technical metadata.

3. Why we process data

We use personal data to provide accounts, authentication, workspaces, Studio projects, uploads, recording, generation, collaboration, export, delivery, billing, support, security, abuse prevention, service reliability, legal compliance, and product administration. We may use privacy-aware usage events and aggregated or de-identified information to understand reliability and improve Studio. We do not sell personal data.

4. Legal bases

Where the GDPR applies, we process data when it is necessary to perform a contract with you, to take pre-contractual steps at your request, to comply with legal obligations, to protect legitimate interests such as security and service reliability, to protect vital interests where applicable, or with your consent where consent is required. You may withdraw consent at any time without affecting processing that occurred before withdrawal.

5. Studio content, prompts, and generated assets

You keep the rights you have in your project content. We process Studio content, prompts, settings, and generated outputs to provide the requested workflow, preserve project state, create previews and derivatives, support collaboration, render or export results, provide support, secure the service, and comply with law. We do not use private project media, prompts, or outputs to train general-purpose or third-party models unless you explicitly opt in, make the material available for that purpose, or a separate agreement allows it.

6. Retention

Retention follows the owner level and use of the data. Account, workspace, project, asset, prompt, export, collaboration, usage, and billing records are kept while needed to provide Studio, preserve active projects, maintain legal or accounting records, resolve disputes, enforce agreements, secure the service, or comply with law. Project media and generated assets remain available while retained in active projects, workspaces, archives, packages, or delivery outputs. Temporary upload chunks, processing copies, caches, previews, proxies, thumbnails, waveform peaks, failed-job artifacts, and other derivatives are kept only as long as operationally needed and may be deleted or regenerated. When you delete assets, projects, or account data, we delete or anonymize the relevant data unless retention is required for backups, audit logs, billing, legal obligations, security, dispute handling, or legitimate business records.

7. Cookies, local storage, and analytics

We use necessary cookies and local storage for locale, session, security, and account functionality. Locale and currency preferences may be stored in a cookie or local storage. Analytics, where used, should be privacy-aware and may be cookieless or self-hosted. You can clear browser storage or manage available settings, but disabling necessary storage may affect sign-in, localization, or Studio functionality.

8. Processors, service providers, and transfers

We may share data with processors and service providers that help operate Studio, including hosting, storage, authentication, billing, payment, email, analytics, security, customer support, and infrastructure providers. They may process data only under appropriate contractual obligations. If data is transferred outside the European Economic Area, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

9. Security

We use technical and organizational measures designed to protect personal data, including access controls, encryption in transit where appropriate, credential safeguards, logging redaction, and operational monitoring. No online service is completely secure, so you should protect account credentials, API keys, local devices, and shared project access.

10. Your rights and controls

Where applicable, you may request access, correction, deletion, restriction, objection, portability, withdrawal of consent, and information about processing. You may also lodge a complaint with a supervisory authority. Data controls may allow you to manage usage event sharing, export account or project data, review asset retention, delete assets, or request account deletion. Where self-service controls are not available, contact us.

11. Children

Finaural Studio is intended for professional and production use. Do not use the service if you are not old enough to enter into a binding agreement or to use online services in your jurisdiction unless a parent, guardian, school, employer, or authorized organization manages the account and lawful use.

12. Changes to this policy

We may update this policy when our services, processing, legal obligations, or contact details change. Material changes will be communicated through an appropriate product, website, account, or email notice where required. The updated version applies from the stated effective date.

Use of Finaural Studio requires trust in how project and account data are handled. This policy is intended to make that handling clear and to keep public privacy copy aligned with Studio data controls and retention behavior.

Last updated: