Rebounce

Rebounce Privacy Policy

Effective date: August 9, 2025

Welcome to Rebounce — a version-aware collaboration workspace for music creators. This Privacy Policy explains what information we collect, how we use it, when we share it, and the rights you have. We aim to keep it clear, practical, and transparent.

“We”, “us”, and “our” refer to Rebounce. “You” refers to any user of our web or mobile apps. By using Rebounce, you agree to this Policy.

1) Introduction

Rebounce helps artists, engineers, and teams upload bounces (versions), leave timestamped feedback, and manage project assets. We process some information to operate the service, keep your account secure, and improve the product. We are committed to privacy by design and minimizing personal data.

Roles & responsibilities: For “account-level” data (e.g., your login, billing, and support), Rebounce acts as an independent data controller. For “workspace/track content” (e.g., audio files, comments, versions) belonging to a workspace, Rebounce acts as a data processor on behalf of the workspace owner (the controller). Workspace owners control who can access their content and can invite or remove collaborators.

2) Information We Collect

We collect only what we need to provide Rebounce:

  • Account Data: name, email, password (stored with modern hashing such as bcrypt/Argon2), and optional profile picture.
  • Workspace & Track Data: uploads (audio files, stems, artwork), comments (including timestamps), metadata, and version history. This may include AI-generated summaries derived from comments.
  • Payment Data: subscription and billing details processed by our payment provider (e.g., Stripe). We do not store full card numbers on Rebounce servers.
  • Usage Logs & Analytics: IP address, browser/device information, timestamps, app events, and privacy-friendly aggregated analytics to help diagnose issues and improve performance.
  • Email Preferences & Notification Settings: your choices for receiving activity updates, security alerts, and marketing (if any).

Optional communications data: If you contact support, we may store your messages and the metadata needed to troubleshoot.

Cookies & local storage: We use strictly necessary cookies for authentication and security, plus functional storage to remember preferences. We avoid invasive tracking and stick to aggregated analytics where possible.

3) How We Use Information

  • Operate the platform (authentication, workspace/track storage, commenting, versioning, AI summaries, and features you request).
  • Send essential communications (account/security notices, invitations, activity notifications you opt into).
  • Provide support and improve Rebounce (debugging, performance, analytics, user research with aggregated or de-identified data).
  • Billing & subscription management (via our payment processor).
  • Legal & safety (detect abuse, enforce terms, comply with law).

Legal bases (GDPR): (i) contract performance (running Rebounce and delivering features), (ii) legitimate interests (improving and securing the service), (iii) consent (where required, e.g., marketing emails), and (iv) legal obligations.

4) How We Share Information

We do not sell your personal information.

  • Within your workspace: Your content is visible to people with access according to the roles you or the workspace owner assign (e.g., workspace members vs. track collaborators).
  • Service providers (processors): We use trusted vendors who only process data on our instructions, including:
    • Cloud hosting & storage (e.g., AWS/GCP)
    • Payment processing (e.g., Stripe)
    • Email delivery (e.g., Postmark/SendGrid)
    • Privacy-friendly analytics
    • Customer support tooling (if used)
    These providers are bound by confidentiality and data protection obligations.
  • Legal reasons: We may disclose information if required by law or to protect rights, property, or safety.
  • Business transfers: If we undergo a merger, acquisition, or asset sale, your data may be transferred under this Policy’s protections.

5) Data Security

  • Encryption: TLS in transit; AES‑256 at rest for stored content where applicable.
  • Account protection: Passwords stored using modern hashing (e.g., bcrypt/Argon2). Consider using a strong, unique password and enabling any additional security options we may offer.
  • Access controls: Least-privilege access for personnel. Limited employee access to user content strictly for support/troubleshooting and only when necessary.
  • Monitoring & hardening: We monitor for abuse and maintain standard security practices aligned with reputable cloud infrastructure.

No method of transmission or storage is 100% secure. We work continuously to protect your data and to promptly address vulnerabilities.

6) Data Retention

  • Account data: retained while your account is active and for a reasonable period after closure (e.g., up to 24 months) for support, fraud prevention, and legal compliance, unless you request earlier deletion.
  • Workspace & track content: retained until the workspace owner or authorized user deletes it. Version retention: Rebounce preserves version history unless you remove versions or configure retention. Soft‑deleted items may remain in limited-access backups for up to ~35 days.
  • Payment records: retained as required by tax and accounting laws.
  • Usage logs: typically retained for up to 12 months, then aggregated or deleted.
  • Backups: rolling backups are kept for disaster recovery and are automatically purged on rotation (usually within ~35 days).

7) Your Rights

If you are in the EEA/UK (GDPR): you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to processing (including for legitimate interests)

If you are a California resident (CCPA/CPRA): you have the right to:

  • Know the categories of personal information we collect and the purposes of use
  • Access and delete personal information (subject to legal exceptions)
  • Correct inaccurate personal information
  • Opt out of “selling” or “sharing” personal information (we do not sell your data)
  • Limit use of sensitive personal information (we do not use sensitive PI for inferring characteristics)
  • Non‑discrimination for exercising your rights

To exercise any rights, or to request an export of your personal data, contact [email protected]. We may need to verify your identity. For CCPA requests, you may use an authorized agent in accordance with California law.

8) International Data Transfers

We may process and store data on servers located outside your country (e.g., within the EEA and in other regions, depending on your chosen infrastructure). When transferring personal data from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), and implement supplementary technical and organizational measures as needed.

9) Workspace Ownership, Sharing & Your Choices

  • Workspace owners control access to content within their workspace (e.g., artists, tracks, versions, comments) and can invite people as workspace members or track collaborators with specific roles.
  • Track collaborators only see tracks explicitly shared with them and cannot access other workspace content.
  • Email preferences: You can manage which activity and marketing emails you receive. Essential service and security emails will still be sent.

10) Children’s Privacy

Rebounce is not directed to children. We do not knowingly collect personal data from individuals under 16 in the EEA/UK (or under 13 elsewhere). If you believe a child has provided us data, please contact us so we can take appropriate action.

11) Additional Information for Transparency

  • Security notifications: We may notify you about important security or privacy changes via email or in‑app messages.
  • AI features: If you enable features like AI-generated comment summaries, we may process relevant workspace content to generate results. We do not use your content to train third‑party foundation models unless explicitly stated and consented to.
  • Aggregated/de‑identified data: We may use aggregated or de‑identified information to understand usage trends; this data cannot reasonably identify you.

12) Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated effective date and, if changes are material, we will provide additional notice (e.g., in‑app or by email).

13) Contact Us

If you have questions, requests, or complaints about this Policy or your personal data, please email: [email protected].

When contacting us, please include enough information for us to verify your identity and locate your account or workspace. We respond to legitimate requests within the timeframes required by applicable laws.

Note: This policy is designed to be friendly yet professional. It does not constitute legal advice. Workspace owners should ensure their own compliance and provide necessary notices to collaborators they invite.