Privacy Policy

1. Personal Data We Collect

1.1 Information You Provide

• Account details: name, email, password, verification status
• Studio information: studio names, roles, permissions
• Audio-related data: comments, approval records, timecode notes, track metadata
• Guest access details: guest names, email addresses, token usage logs
• Support enquiries: messages and attachments
• Billing details: subscription plan, VAT details, invoices (processed via our payment processor)

1.2 Automatically Collected Information

• IP addresses
• Browser and device information
• Login logs (time, location approximation, IP)
• Activity logs (actions within the platform)
• System usage statistics
• Error logs

1.3 Files and Project Content

Users may upload audio files, schedules, metadata, attachments, and other content.

We process this solely for the purpose of providing our services.

2. How We Use Personal Data

We use personal data for:

• Account creation and management
• Authentication and security, including 2FA
• Providing platform functionality, such as audio review, commenting, and track management
• Sending notifications, including email alerts and invitations
• Billing, subscription management, and VAT compliance
• Improving the Platform, debugging, and system analytics
• Legal compliance, including fraud prevention and security monitoring

We do not use your data for profiling or automated decision-making.

3. Legal Basis for Processing

Under UK GDPR, our legal bases include:

• Contractual necessity – operating your account and providing services
• Legal obligation – accounting, taxation, fraud prevention
• Legitimate interest – improving security, monitoring usage, defending legal claims
• Consent – email marketing (only where explicitly opted in)

4. Sharing Your Data

We may share data with:

• Sub-processors essential for providing the Platform (e.g., hosting, email delivery, storage providers)
• Payment processors (for billing)
• Your organisation (where your account is part of a studio or enterprise instance)
• Legal authorities where required by law or court order

We do not sell personal data.

5. International Transfers

Data may be transferred outside the UK/EEA where sub-processors operate.

Where this occurs, protections include:

• UK Adequacy Regulations
• Standard Contractual Clauses (SCCs)
• Additional safeguards where required

6. Data Retention

We retain:

• Account data while your subscription remains active
• Activity logs typically for 12–24 months
• Audio content and project files until deletion by the user or studio owner
• Backups for a limited period (usually 30–90 days) before automatic overwrite
• Legal and financial records for 6–7 years

Custom retention periods can be agreed for enterprise clients.

7. Your Rights

You have the right to:

• Access your data
• Rectify inaccurate data
• Request deletion (where applicable)
• Restrict or object to processing
• Port data to another service
• Withdraw consent for marketing
• File a complaint with the ICO (UK)

You can access, rectify, and delete your data directly within your SessionCommander account. However, we are happy to process these requests on your behalf via the contact method below if you prefer.

Requests can be made via support@sessioncommander.com.

8. Security

We employ industry-standard security measures including:

• Password hashing
• Secure storage
• Encryption in transit
• Token-based access
• Role-based access and permissions
• Audit and login logs
• Optional 2FA

No system is 100% secure, but we take every reasonable step to protect your data.

9. Cookies

The Platform uses cookies for:

• Authentication
• Session management
• Security
• User preferences

A separate Cookie Policy may be provided upon request.

10. Changes to This Policy

We may update this Policy periodically. Continued use of the Platform constitutes acceptance.

11. Contact

For questions about this Privacy Policy, please contact us:

• Email: support@sessioncommander.com
• Website: https://support.sessioncommander.com