Privacy Policy

Last updated: 2026-05-03 · Lock-A-Tone · EU

This page explains what personal data Lock-A-Tone ("we") collects when you use lockatone.com, why we collect it, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. What We Collect

• Email address — when you complete a purchase (so we can deliver your download link) or subscribe to the new-sounds digest.
• Payment metadata — Stripe collects your card details directly; we only see the order amount, country, last four digits and a Stripe payment / session id. We never see or store your full card number.
• Anonymous visitor cookie (lt_anon) — a single first-party cookie that holds a random opaque id so we can remember your favorites, votes and (later) your referral credit without an account.
• Server logs — standard request logs (URL, status code, IP address, user-agent, timestamp) kept for at most 30 days for abuse prevention and debugging.

We do not use third-party analytics, ad networks, fingerprinting libraries, or social-media tracking pixels.

2. Why We Collect It

• Order fulfilment — your email is used solely to deliver your download links and any post-purchase support correspondence (legal basis: contract).
• Digest subscription — only when you opt in via the sidebar form, with one-click unsubscribe in every email (legal basis: consent).
• Functional cookie — to remember your favorites/votes across visits without an account (legal basis: legitimate interest, GDPR-exempt under ePrivacy as strictly necessary for the requested functionality).
• Abuse prevention — to rate-limit and block malicious traffic (legal basis: legitimate interest).

3. Processors We Use

• Stripe, Inc. — payment processing. stripe.com/privacy
• Resend (Drift, Inc.) — transactional email delivery (download links, digest). resend.com/legal/privacy-policy
• Supabase, Inc. — database and file hosting. supabase.com/privacy
• Replit, Inc. — application hosting. replit.com/site/privacy

Each processor receives only the minimum data necessary to provide its service and is contractually bound to process it on our behalf.

4. Retention

• Order records (email, sounds purchased, Stripe id) are kept for as long as we are legally required to keep transaction records (typically 7 years for VAT/accounting).
• Digest subscriber records are kept until you unsubscribe; unsubscribed records are kept for a short suppression period to honour your opt-out and then deleted.
• Server logs are kept for at most 30 days.
• The anonymous lt_anon cookie expires 12 months after your last visit.

5. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict, or port your personal data, and the right to object to processing based on legitimate interests. To exercise any of these rights — or to lodge a complaint — email support@lock-a-tone.com. We will respond within 30 days. You may also lodge a complaint with your local data-protection authority.

6. Cookies

We set exactly one first-party cookie, lt_anon, used solely to identify your browser to the favorites / votes / referral subsystems. It contains an opaque random id, no personal data, and expires after 12 months of inactivity. We do not use any third-party tracking cookies, so no consent banner is required under ePrivacy.

7. Contact

Privacy questions? Email support@lock-a-tone.com.