GroovePilot

Legal

Privacy Policy

Last updated: May 8, 2026

1. Who We Are

GroovePilot is operated by Juan David Guerrero Castro, an individual entrepreneur (persona natural) based in Colombia. References to "GroovePilot," "we," "us," or "our" in this policy refer to this entity.

Contact: hello@groovepilot.co

2. What Data We Collect

Account data

When you create an account we collect your email address and an optional display name. Authentication is handled by Supabase Auth — we never store your password in plain text.

Audio data

When you upload a WAV file for analysis, the file is transferred to Amazon S3 (temporary storage), processed entirely in memory by our analysis engine, and deleted from S3 immediately after analysis completes. We do not retain any audio files.

Mix analysis data

We store the numerical features extracted from your audio (loudness, dynamics, spectral data) and the resulting Mix Score and findings. This data is associated with your account so you can review past analyses.

Usage data

We collect anonymised product analytics (which features you use, how often, session duration) via PostHog. User identifiers are hashed with a daily-rotating salt before storage — we cannot link analytics data to a specific person after 24 hours.

Payment data

Payments are processed by LemonSqueezy. We never see or store your card details. We receive only the plan type and renewal status from LemonSqueezy.

3. How We Use Your Data

  • To provide and improve the GroovePilot service
  • To enforce plan limits (Free / Pro / Studio)
  • To send transactional emails (account confirmation, billing receipts) via Resend
  • To analyse aggregate usage patterns and improve the product

We do not sell your data to third parties. We do not use your audio or mix data to train AI models.

4. Data Retention

  • Audio files: deleted immediately after analysis (never persisted beyond the processing pipeline)
  • Analysis results: retained while your account is active; deleted within 30 days of account deletion
  • Chat messages: retained while your account is active; deleted with the account
  • Analytics events: anonymised and retained for up to 12 months

5. Third-Party Services

GroovePilot uses the following sub-processors:

  • Amazon Web Services (AWS) — compute (EC2), temporary file storage (S3), AI inference (Amazon Bedrock / Claude)
  • Supabase — authentication and database hosting
  • LemonSqueezy — payment processing and subscription management
  • Resend — transactional email delivery
  • PostHog — anonymised product analytics
  • Cloudflare — CDN and DDoS protection

6. Your Rights

You may at any time:

  • Request a copy of the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Opt out of anonymised analytics from your account settings

To exercise these rights, email hello@groovepilot.co. We will respond within 15 business days.

7. Security

All data is transmitted over HTTPS/TLS. Database access is restricted to authenticated backend services. We do not log email addresses in full (masked as j***@example.com in server logs). API keys are never logged.

8. Children

GroovePilot is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us and we will delete it immediately.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

Privacy Policy — GroovePilot