1. Who We Are
Andrew Cherry Music ("we", "our", or "us") is a professional music mixing and mastering service based in Portugal. We provide mixing, mastering, consultation, and feedback services to musicians worldwide.
2. What Data We Collect
Personal Information You Provide
- Account Information: Name, email address when you create an account
- Service Requests: Project details, audio files, communication preferences
- Payment Information: Billing details processed securely through Stripe (we don't store payment data)
- Communications: Messages, feedback, and correspondence with us
- Project Files: Audio files, stems, and related materials uploaded for our services
Automatically Collected Data
- Website Usage: Pages visited, time spent, clicks, and navigation patterns
- Device Information: Browser type, operating system, IP address (anonymized)
- Analytics Data: Aggregated usage statistics (only with your consent)
3. How We Use Your Data
Service Delivery (Legal Basis: Contract Performance)
- Process and deliver mixing, mastering, and consultation services
- Manage your projects and communications
- Handle payments and billing
- Provide customer support
Website Functionality (Legal Basis: Legitimate Interest)
- Ensure website security and prevent fraud
- Improve website performance and user experience
- Remember your preferences and settings
Analytics and Improvements (Legal Basis: Consent)
- Analyze website usage to improve our services (only with your consent)
- Understand which content is most valuable to visitors
- Optimize our website performance
Legal Compliance (Legal Basis: Legal Obligation)
- Comply with tax and accounting requirements
- Respond to legal requests and court orders
- Prevent fraud and ensure platform security
4. Cookies and Tracking
We use cookies responsibly
We only use analytics cookies with your explicit consent. You can change your cookie preferences at any time.
Types of Cookies
Necessary Cookies (Always Active)
Essential for website functionality, security, and your account access. Cannot be disabled.
- Session management and authentication
- Shopping cart functionality
- Security and fraud prevention
- Cookie consent preferences
Analytics Cookies (Requires Consent)
Help us understand how visitors use our website to improve the user experience.
- Google Analytics (anonymized IP addresses)
- Page views and user journey tracking
- Performance metrics and error reporting
5. Data Sharing and Third Parties
We never sell your personal data. We only share data with trusted service providers who help us deliver our services:
Payment Processing
Stripe processes payments securely. They have their own privacy policy and comply with PCI DSS standards.
File Storage
Google Drive stores project files securely. Access is restricted and files are protected with encryption.
Email Services
We use our own email server (Postal) hosted in our controlled environment for project communications.
Website Analytics
Google Analytics (only with your consent) helps us understand website usage with anonymized data.
6. Your Rights Under GDPR
As an individual in the European Economic Area, you have the following rights:
Right of Access
Request a copy of all personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing
Request limitation of how we process your data
Right to Data Portability
Request your data in a machine-readable format
Right to Object
Object to processing based on legitimate interests
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
7. Data Security and Retention
Security Measures
- SSL/TLS encryption for all data transmission
- Secure file storage with access controls
- Regular security updates and monitoring
- Limited access to personal data on a need-to-know basis
- Regular backups with encryption
Data Retention
Account Data: Retained while your account is active, plus 7 years for tax/legal requirements
Project Files: Retained for 2 years after project completion (or as agreed contractually)
Payment Records: Retained for 7 years for tax and accounting purposes
Website Analytics: Anonymized data retained for 26 months (Google Analytics default)
Communications: Retained for 3 years for business and legal purposes
8. International Data Transfers
We are based in Portugal (EU). Some service providers may process data outside the EU:
- Google (Analytics, Drive): Complies with EU-US Data Privacy Framework
- Stripe (Payments): Uses Standard Contractual Clauses for EU data protection
All international transfers are protected by appropriate safeguards as required by GDPR.
9. Children's Privacy
Our services are not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will:
- Update the "last updated" date at the top of this policy
- Notify you by email if the changes significantly affect your rights
- For significant changes, we may seek your renewed consent
We encourage you to review this policy periodically to stay informed about how we protect your data.
Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us:
Email: [email protected]
Website: andrewcherrymusic.com
Response Time: We aim to respond within 48 hours