Legal

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your data.

Last updated: April 1, 2026

1. Who We Are

Andrew Cherry Music ("we", "our", or "us") is a professional music mixing and mastering service based in Portugal. We provide mixing, mastering, consultation, and feedback services to musicians worldwide.

Contact Information:

Email: [email protected]

Website: andrewcherrymusic.com

Location: Portugal

2. What Data We Collect

Personal Information You Provide

  • Account: Name, email when you create an account
  • Services: Project details, audio files, preferences
  • Payments: Billing details via Stripe (we don't store card data)
  • Communications: Messages and correspondence
  • Files: Audio stems and materials uploaded for services

Automatically Collected Data

  • Usage: Pages visited, time spent, navigation patterns
  • Device: Browser type, OS, anonymized IP address
  • Analytics: Aggregated statistics (with consent only)

3. How We Use Your Data

Service Delivery (Legal Basis: Contract Performance)

  • Process and deliver services
  • Manage projects and communications
  • Handle payments
  • Provide support

Website Functionality (Legal Basis: Legitimate Interest)

  • Ensure security and prevent fraud
  • Improve performance and UX
  • Remember preferences

Analytics and Improvements (Legal Basis: Consent)

  • Analyze usage to improve services (with consent)
  • Understand valuable content
  • Optimize performance

Legal Compliance (Legal Basis: Legal Obligation)

  • Tax and accounting compliance
  • Legal requests
  • Fraud prevention

4. Cookies and Tracking

We use cookies responsibly

We only use analytics cookies with your explicit consent. You can change your cookie preferences at any time.

Necessary Cookies (Always Active)

Session, cart, security, consent preferences. Cannot be disabled.

Analytics Cookies (Requires Consent)

Google Analytics (anonymized, with consent). Page views, performance metrics.

5. Data Sharing and Third Parties

We never sell your personal data. We only share data with trusted service providers who help us deliver our services:

Payment Processing

Stripe processes payments securely (PCI DSS compliant).

File Storage

Google Drive stores project files with encryption and access controls.

Email Services

Self-hosted Postal email server for all communications.

Website Analytics

Google Analytics (with consent) for anonymized usage data.

6. Your Rights Under GDPR

As an individual in the European Economic Area, you have the following rights:

Right of Access

Request a copy of your data

Right to Rectification

Correct inaccurate data

Right to Erasure

Request deletion

Right to Restrict Processing

Limit processing

Right to Data Portability

Export your data

Right to Object

Object to processing

Contact [email protected] to exercise any right. Response within 30 days.

7. Data Security and Retention

  • SSL/TLS encryption for all data
  • Secure file storage with access controls
  • Regular security updates and monitoring
  • Limited data access on need-to-know basis

Data Retention

Account: While active + 7 years (tax/legal)

Files: 2 years after project completion

Payments: 7 years (accounting)

Analytics: 26 months (anonymized)

8. International Data Transfers

Based in Portugal (EU). Some providers process data outside the EU:

  • Google: EU-US Data Privacy Framework
  • Stripe: Standard Contractual Clauses

9. Children's Privacy

Not intended for under-16s. Contact us if a child has provided personal data.

10. Changes to This Policy

We may update this policy. Significant changes will be communicated via email.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: [email protected]

Response time: within 48 hours