Privacy Policy

Last Updated: October 23, 2024

draw.audio ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website draw.audio ("the Site"). By accessing or using the Site, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We do not collect personal data such as your name, email address, or physical address unless you voluntarily provide it to us (e.g., via email communication). However, we collect certain information that may be considered personal data under applicable laws:

• IP Address: Used to identify your geographic location and to prevent abuse.
• Browser and Device Information: Type of browser, operating system, device type, unique device identifiers.

1.2 Non-Personal Information

We collect non-personal information automatically when you visit the Site:

• Usage Data: Pages viewed, time spent on pages, clickstream data, and other analytical data.

2. Legal Bases for Processing (GDPR Compliance)

We process your personal data on the following legal bases:

• Legitimate Interests: Processing is necessary for our legitimate interests in operating and improving the Site.
• Consent: Where required by law, we obtain your consent before processing your personal data.

You may withdraw your consent at any time by contacting us at randy@draw.audio. Upon withdrawal of your consent, we will remove your personal data (e.g., IP address, browser data) from our records. Please note that withdrawing consent may affect your ability to use certain features of the Site.

3. How We Use Your Information

We use the collected information for the following purposes:

• Site Improvement: To analyze usage patterns and improve the functionality and user experience of the Site.
• Prevent Abuse: To detect and prevent malicious activities such as DDoS attacks.
• Content Display: To showcase user-generated content to other users.
• Legal Obligations: To comply with applicable laws, regulations, and legal processes.

4. Disclosure of Your Information

We do not sell or share your personal data with third parties for marketing purposes. We may disclose your information only in the following circumstances:

• Service Providers: We use third-party service providers (Cloudflare and Amazon Web Services) to host the Site and ensure its functionality. These providers may have access to your personal data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.
• Legal Obligations: If required by law or in response to valid requests by public authorities (e.g., a court or a government agency).
• Protection of Rights: To protect and defend our rights, property, or safety, and that of our users or others.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Anonymized IP Addresses and Logs: Stored for up to 12 months for security and analytical purposes.
• Cookies and Local Storage Data: Stored on your device; you can manage or delete these through your browser settings.

6. Data Security

We implement reasonable security measures to protect your information:

• Secure Servers: Hosting on secure servers provided by Cloudflare and Amazon Web Services (AWS).
• Encryption: Data transmitted between your browser and the Site is protected using standard encryption protocols (HTTPS).
• Access Controls: Limiting access to personal data to authorized personnel.

Please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

7. Your Rights (GDPR Compliance)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right to Access: Request access to your personal data that we hold.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data under certain conditions.
• Right to Restrict Processing: Request limitation of our processing of your personal data under certain conditions.
• Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to the processing of your personal data under certain conditions.
• Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your personal data.

To exercise these rights, please contact us at randy@draw.audio.

Right to Lodge a Complaint

If you believe that we have processed your personal data unlawfully, you have the right to lodge a complaint with your national data protection authority in the EEA.

8. California Privacy Rights (CCPA Compliance)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected from you.
• Right to Opt-Out: We do not sell personal information; however, you have the right to direct us not to sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, please contact us at randy@draw.audio.

9. Children's Privacy (COPPA Compliance)

Our Site is accessible to users of all ages. However:

• Content Warnings: Implemented for user-generated content that may not be suitable for children.
• Parental Supervision: Recommended for minors under the age of 18.
• Users Under 16: Users under the age of 16 must have parental or guardian consent to use the Site.

10. Cookies and Tracking Technologies

10.1 Types of Cookies Used

• First-Party Cookies: We use first-party cookies placed by us to enhance user experience and analyze usage patterns. These cookies are NOT shared with or accessible to third parties.
• Anonymized Data: The data collected through cookies is anonymized or pseudonymized (e.g., truncated IP addresses), making it impossible to identify individual users.
• Purpose of Cookies: Used solely for measuring the website’s performance, improving the Site, and understanding user interaction in a way that does not create risks to user privacy.
• Essential Cookies: Necessary for the Site to function properly.

There is no cross-site data sharing.

10.2 Managing Cookies

You can manage or disable cookies through your browser settings. However, disabling cookies may affect the functionality of the Site.

11. Third-Party Services and Data Processors

We use the following third-party service providers to operate our Site:

• Cloudflare: Provides content delivery network (CDN) services and security features to protect the Site from malicious activities.
• Amazon Web Services (AWS): Provides hosting services for the Site.

These providers may have access to your personal data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose. For more information on their privacy practices, please review their privacy policies:

• Cloudflare Privacy Policy
• AWS Privacy Notice

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers are located. These countries may have data protection laws different from those of your country.

We take appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. This includes implementing the European Commission's Standard Contractual Clauses for transfers of personal information between us and our third-party service providers.

13. Data Breach Notification Procedures

In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, when required by law.

14. Data Controller Identification

draw.audio is the data controller responsible for your personal data collected via the Site.

Contact Information:

Email: randy@draw.audio

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time without prior notice, as we do not retain contact information for users. It is your responsibility to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the new Privacy Policy.

If we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this Privacy Policy.

16. Security Measures

We are committed to ensuring the security of your information. Measures we take include:

• Technical Measures: Firewalls, encryption technologies, and secure socket layer (SSL) protocols.

Please note that no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your information.

17. User Communications

If you contact us via email or other communication methods, we may keep a record of your correspondence and use your email address to respond to you.

18. Use of Aggregated Data

We may aggregate and anonymize data to analyze trends or gather demographic information. This aggregated data does not identify individual users.

19. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law principles.

21. Contact Us

If you have any questions or concerns about this Privacy Policy, or wish to exercise your rights, please contact us at:

Email: randy@draw.audio

By using the Site, you acknowledge that you have read and understand this Privacy Policy and agree to its terms.