Privacy Policy

Last updated: June 6, 2026

This Privacy Policy explains how TrackStemLab ("we", "us", "our") collects, uses, shares, and protects personal data when you use our website and audio stem-separation service (the "Service"). We are committed to processing your data lawfully and transparently.

1. Who we are (Data Controller)

The data controller responsible for your personal data is Aleksei Cheshkov, an individual entrepreneur registered in Georgia (registration number 145855232), with the principal place of business at Georgia, Kobuleti region, village Kveda Kvirike, 1st street, N 3, apartment N45.

For any privacy question or to exercise your rights, contact us at privacy@trackstemlab.com.

2. Data we collect

• Account data: email address and a hashed password (for email sign-up), or your Google account identifier, email, name and profile picture (for Google sign-in).
• Audio content: the audio files you upload and the separated stems we generate from them.
• Usage data: records of your separation jobs, minute balance, and limits.
• Technical data: IP address and request metadata, used for security and rate limiting.

3. How we use your data and legal bases (GDPR Art. 6)

• To provide the Service (account creation, processing your audio, delivering stems) — performance of a contract (Art. 6(1)(b)).
• To secure the Service (rate limiting, abuse prevention) — legitimate interests (Art. 6(1)(f)).
• To send transactional emails (email verification, password reset) — performance of a contract / legitimate interests.
• To comply with legal obligations where applicable — Art. 6(1)(c).

We do not use your audio content to train AI models, and we do not sell it.

4. Data retention

• Uploaded files and generated stems are automatically deleted from storage approximately 2 days after processing.
• Account data is kept while your account is active. When you delete your account, your account data and associated jobs are removed.
• Some minimal logs may be retained for a limited period for security and legal compliance.

5. Sub-processors and international transfers

We rely on the following service providers, which may process data outside your country (including in the United States). Where required, such transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses (SCC):

• Google (Google Identity Services) — authentication, if you sign in with Google.
• Cloudflare R2 — storage of uploaded files and generated stems.
• RunPod — GPU compute that performs the audio separation.
• Resend — delivery of transactional emails.

6. Your rights under the GDPR

If you are in the European Economic Area, you have the right to:

• access your personal data (Art. 15);
• rectify inaccurate data (Art. 16);
• erase your data (Art. 17) — you can delete your account at any time from your account page;
• restrict or object to processing (Art. 18, 21);
• data portability (Art. 20);
• withdraw consent where processing is based on consent.

To exercise these rights, contact privacy@trackstemlab.com. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. Your rights under the CCPA/CPRA (California)

California residents have the right to know what personal information we collect and how it is used, to request deletion of their personal information, and to not be discriminated against for exercising these rights. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. To make a request, contact privacy@trackstemlab.com.

8. Cookies and local storage

We do not use advertising or analytics cookies. We store authentication tokens in your browser's localStorage so you stay signed in; these are strictly necessary for the Service to function. If you sign in with Google, the Google Identity Services script is loaded from Google's servers.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

10. Security

We use industry-standard measures to protect your data, including password hashing, encrypted transport (HTTPS), and access controls. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the latest revision. Material changes will be communicated through the Service.