GDPR

Our Commitment

At BeatLoop, we are committed to protecting your privacy and ensuring the security of your personal data. This GDPR compliance page outlines how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR).

Data We Collect

We collect the following types of personal data:

• •Account information (email, username, password)
• •Usage data and analytics
• •Device information and cookies
• •Communication preferences
• •Analytics data via HubSpot (page views, session duration, traffic sources) — only with your consent
• •Authentication data stored in Supabase (EU-hosted)

How We Use Your Data

Your data is used for the following purposes:

• •Providing and improving our services
• •Personalizing your experience
• •Communicating with you about updates and features
• •Ensuring the security of our platform

Your Rights

Under GDPR, you have the following rights:

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments. Your data is stored securely and accessed only by authorized personnel.

Legal Basis for Processing (Art. 6 GDPR)

• •Consent (Art. 6(1)(a)): Analytics cookies (HubSpot), newsletter subscription
• •Contract (Art. 6(1)(b)): Account creation, service delivery, event ticketing
• •Legitimate Interest (Art. 6(1)(f)): Platform security, fraud prevention, service improvement

Data Retention

• •Account data: Retained while your account is active; deleted upon request
• •Analytics data: 26 months (HubSpot default retention period)
• •Authentication logs: 90 days

Third-Party Services

We use the following third-party services to operate BeatLoop:

• •HubSpot — Analytics and CRM (EU region, loaded only with consent)
• •Supabase — Database and authentication (EU-hosted)
• •Vercel — Website hosting and deployment
• •GitHub — Legal document hosting and version control