Privacy Policy

This Privacy Policy describes how Make a Beat collects, uses, and discloses information about you. The data controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) is:

Jonas Niemann c/o IP-Management #9655 Ludwig-Erhard-Straße 18 20459 Hamburg Germany E-Mail: contact@make-a-beat.com

Our platform is hosted by Hetzner Online GmbH, Germany. The servers are located exclusively in Germany.

Server Logfiles: When you visit our website, the server automatically collects information that your browser transmits. This includes: IP address (shortened/anonymized if possible), date and time of the request, browser type and version, operating system, and referrer URL.

The legal basis for this processing is Art. 6 (1) (f) GDPR (legitimate interest in maintaining IT security and website functionality). Data is stored for 7 days and then deleted.

A. Registration via Google OAuth — We use Google Login (Alphabet Inc.). We collect your email address, name, and profile picture. Legal basis: Art. 6 (1) (b) GDPR (contract performance).

B. User Content and Database — We store your beats, metadata (BPM), and account settings in our database (PocketBase, hosted on our Hetzner servers in Germany). Legal basis: Art. 6 (1) (b) GDPR.

C. AI Interaction (AI Act Transparency) — In accordance with Art. 50 of the EU AI Act, we inform you that our platform uses Artificial Intelligence to generate and process audio. Your text prompts are processed to generate audio; we use generative models to translate text descriptions into musical frequencies. Legal basis: Art. 6 (1) (b) GDPR.

To provide AI features, we transmit specific data to providers in the USA.

ElevenLabs Inc. (Audio Generation): Text prompts are transmitted. No personal profile data is shared.

Replicate, Inc. (Stem Splitting): Audio files are processed in volatile memory (RAM) and are not permanently stored by Replicate.

International Transfer: These transfers are based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs).

Payments are handled by Lemon Squeezy, LLC, USA. As a Merchant of Record, Lemon Squeezy is the legal seller and the primary data controller for the payment process. We do not store credit card data. The transfer of purchase history to us is based on Art. 6 (1) (b) GDPR.

If you use the Contact or Feedback form on the website, your submission (name, email, message) is forwarded through our self-hosted n8n workflow automation instance, which runs on our Hetzner servers in Germany, for processing and routing to us.

Legal basis: Art. 6 (1) (a) GDPR (consent) for voluntary submissions, and Art. 6 (1) (f) GDPR (legitimate interest in responding to inquiries). Submissions are stored only as long as required to process and answer your request.

We use Resend, Inc. as our processor for transactional emails related to your account and the use of the service, such as onboarding and other account-related notifications. For this purpose, we transmit your email address and the data required to compose and deliver the relevant email to Resend.

Legal basis: Art. 6 (1) (b) GDPR where the message is necessary for account use or contract performance, and Art. 6 (1) (f) GDPR where we have a legitimate interest in reliable and secure service communication.

Resend processes data in the United States. According to Resend legal documentation, transfers may rely on the EU-U.S. Data Privacy Framework and, where applicable, additional safeguards such as Standard Contractual Clauses.

You can object to processing based on Art. 6 (1) (f) GDPR at any time by contacting contact@make-a-beat.com. We do not use this channel for separate marketing emails without an appropriate legal basis.

We use technically essential cookies and local storage (e.g. authentication tokens). Legal basis: § 25 (2) TDDDG (technical necessity). No consent-based tracking cookies (such as Google Analytics) are used.

For security reasons and to protect the transmission of confidential content (e.g. payment info, login data), this site uses SSL/TLS encryption. You can recognize an encrypted connection by the "https://" in the browser line.

If you choose to "Publish" a beat, your username, avatar, and audio will be visible to the public. Legal basis: Art. 6 (1) (a) GDPR (consent). You can withdraw this consent at any time by deleting the post.

Under the GDPR, you have the right to access (Art. 15), rectify (Art. 16), erase (Art. 17), and object to the processing (Art. 21) of your data.

To exercise these rights, contact us at contact@make-a-beat.com. You also have the right to lodge a complaint with a data protection supervisory authority.