← Back to Tempo

Legal

Privacy Policy

Last updated: March 18, 2026

1. Data Controller

Tempo Music Studio ("Tempo", "we", "us") is the data controller responsible for your personal data. We are registered in Sweden and operate in accordance with the EU General Data Protection Regulation (GDPR) and Swedish supplementary data protection legislation.

Contact: privacy@tempodigital.org

2. What Data We Collect

We collect the following categories of personal data:

CategoryExamplesLegal Basis
Identity & contactName, email addressContract performance
Order dataService type, notes, reference links, uploaded file namesContract performance
Payment dataTransaction ID, amount, currency (processed by Stripe)Contract performance
Technical dataIP address, browser type, device infoLegitimate interest
Usage dataPages visited, time on siteConsent (analytics cookies)

3. How We Use Your Data

  • To process and deliver your mixing, mastering, or bundle order
  • To communicate with you about your project and revisions
  • To process payments securely via Stripe
  • To improve our website and services
  • To comply with legal obligations (e.g. accounting, tax)

4. Payment Processing

All payments are processed by Stripe, Inc. We never store your full credit card number, CVV, or bank details on our servers. Stripe is a PCI DSS Level 1 certified payment processor. For details on how Stripe handles your data, see Stripe's Privacy Policy.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of recipients:

  • Stripe — payment processing
  • Microsoft Azure — cloud hosting and storage
  • Vercel — website hosting

All processors are bound by data processing agreements and operate within the EU/EEA or under adequate safeguards (EU Standard Contractual Clauses).

6. International Transfers

Some of our service providers (e.g. Stripe, Vercel) may process data outside the EU/EEA. In such cases, we rely on EU Standard Contractual Clauses or adequacy decisions to ensure your data is protected.

7. Data Retention

  • Order and contact data: retained for 36 months after project completion, or longer if required by Swedish accounting law (Bokföringslagen, 7 years for financial records)
  • Audio files: deleted within 90 days after delivery unless you request extended archiving
  • Analytics data: anonymised after 26 months

8. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@tempodigital.org. We respond within 30 days.

9. Cookies

We use cookies for authentication and optional analytics. For details, see our Cookie Policy.

10. Supervisory Authority

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

IMY
Box 8114, 104 20 Stockholm
www.imy.se

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. The "last updated" date at the top reflects the latest revision.