Privacy Policy
Last updated: June 12, 2026
What we collect, in plain English
We collect what we need to run the Service. Nothing more. We don't sell your data. We don't train AI models on your audio.
If you stop reading here, that's the gist.
1. Who runs this
Stempo is operated by Guilherme Bilton, an individual entrepreneur based in Brazil.
Data Protection Contact: guilhermebilton@gmail.com
2. What we collect
2.1 Account information
When you create an account: - Email address - Password (stored as a salted hash, not plaintext) - Display name (optional) - Country (optional)
2.2 Audio you upload
The audio files you upload to the Service. These are stored encrypted at rest and transmitted over HTTPS.
2.3 Usage data
Standard product analytics: - Pages and features used - Number and duration of audio jobs - Error logs (with personal data redacted)
We use [ANALYTICS TOOL — Plausible, PostHog, GA, etc.] for this. Configured to respect Do-Not-Track and privacy-friendly defaults.
2.4 Payment information
We use Paddle as our merchant of record. They collect and process payment details (card numbers, billing addresses, tax IDs). We never see your full card number. Paddle is a separate controller for that data; their privacy policy applies: https://www.paddle.com/legal/privacy
2.5 Technical data
- IP address (used for security, fraud detection, region-specific tax)
- Browser type and OS
- Device identifiers
- Cookies (see section 7)
2.6 Communications
If you email us or fill in a contact form, we keep that exchange to provide support.
3. What we don't collect
- We don't sell your data to anyone
- We don't train AI models on your uploaded audio
- We don't share your audio with third parties (except subprocessors strictly necessary to run the Service — listed in section 6)
- We don't use third-party advertising trackers
4. Why we collect it (legal bases)
Under GDPR/LGPD, we process your data on these grounds:
- Contract. To deliver the Service you signed up for.
- Legitimate interest. Security, fraud prevention, basic product analytics.
- Consent. Marketing emails (separate from transactional). You can opt out anytime.
- Legal obligation. Tax records, DMCA compliance.
5. How long we keep it
| Data type | Retention |
|---|---|
| Account data | While your account is active + 30 days after deletion |
| Audio files | Until you delete them, or 30 days after account deletion |
| Free-tool uploads (no account) | Auto-deleted within 1 hour of processing |
| Payment records | 5 years (legal requirement) |
| Error logs | 90 days |
| Email communications | 3 years |
You can request earlier deletion via the controls in the app or by emailing guilhermebilton@gmail.com.
6. Subprocessors
These third parties process some of your data on our behalf, under contract, only for the purpose of running the Service:
| Subprocessor | Purpose | Location |
|---|---|---|
| Cloudflare | CDN, DNS, DDoS protection, R2 file storage | Global |
| [Hosting provider — Fly.io / Railway] | Application hosting | US/EU |
| [Database — Neon / Supabase] | User data storage | US/EU |
| Modal / RunPod | GPU processing for stem separation | US |
| Resend | Transactional email | US |
| Paddle | Payment processing, merchant of record | US/EU |
| [Analytics — Plausible / PostHog] | Product analytics | EU/US |
| [Error tracking — Sentry] | Error monitoring | US |
We update this list when we add or change subprocessors. Material changes will be announced 30 days in advance to active accounts.
7. Cookies
We use cookies for:
- Strictly necessary: authentication, session management. Cannot be disabled.
- Functional: remembering preferences (theme, last-played track). Cookie banner asks consent.
- Analytics: measuring product usage in aggregate. Cookie banner asks consent.
We do not use advertising cookies.
You can manage cookie preferences in our cookie banner or in your browser settings.
8. Your rights
Under GDPR, LGPD, and similar laws, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Export your data in a portable format
- Object to certain processing
- Withdraw consent for any consent-based processing
- Lodge a complaint with your local data protection authority (in Brazil, ANPD; in the EU, your national DPA)
To exercise any of these rights, email guilhermebilton@gmail.com. We respond within 30 days (sometimes faster).
You can also delete your account directly from the settings page, which triggers a full data deletion within 30 days.
9. International transfers
Some of our subprocessors are based outside Brazil/EU (e.g., Cloudflare, Modal, Resend in the US).
For EU users: we use Standard Contractual Clauses (SCCs) as the legal basis for these transfers, plus supplementary measures where the recipient country lacks an adequacy decision.
For Brazilian users: same — we comply with LGPD's international transfer requirements via contractual safeguards with US-based subprocessors.
10. Security
We use:
- HTTPS (TLS 1.3) for all traffic
- Encryption at rest for audio files and database backups
- Salted password hashing (bcrypt or argon2id)
- Multi-factor authentication available on all accounts
- Limited subprocessor access, audited annually
- Incident response plan with notification within 72 hours of confirmed breach
No system is 100% secure. If we discover a breach affecting your data, we'll notify you and the relevant authority within the legally required timeframes.
11. Children
The Service is not intended for users under 13 (or under the digital consent age in your country). We don't knowingly collect personal data from children. If you believe a child has provided us with data, contact guilhermebilton@gmail.com and we'll delete it.
12. Marketing emails
We send three kinds of email:
- Transactional — receipts, password resets, processing notifications. Required to operate your account; can't be opted out of.
- Lifecycle — onboarding tips during your first 30 days. Opt-out link in every email.
- Marketing — occasional product updates. Opt-in only; opt-out link in every email.
We don't share your email with third parties for their marketing.
13. Data sales / sharing
We do not sell your personal data. Period.
We don't share your data with third parties except:
- Subprocessors listed in section 6, under contract, for the sole purpose of running the Service
- When legally required (court order, subpoena, etc.) — we challenge overbroad requests
- In a corporate event (merger, acquisition) — your data would be transferred to the new owner, and you'd be notified 30 days in advance with an option to delete first
14. Changes to this policy
We may update this policy. Material changes will be notified via email 14 days before they take effect, with a summary of what changed.
The "Last updated" date at the top reflects the most recent change.
15. Contact
- Privacy questions and data-subject requests: guilhermebilton@gmail.com
For Brazilian users specifically, you may also contact the ANPD (Autoridade Nacional de Proteção de Dados) at https://www.gov.br/anpd
For EU users, your national data protection authority — list at https://edpb.europa.eu/about-edpb/board/members_en
Notes for founder (delete before publishing)
- Confirm subprocessors list matches what you actually use
- LGPD requires a Data Protection Officer (DPO) for some controllers — confirm if applicable for your size
- Brazilian users: LGPD article 8 is the main one for consent; article 18 for rights
- EU users: GDPR Articles 13-15 (rights to information), 16-22 (other rights)
- For US users, consider CCPA disclosures specifically if you have California users — easy to add
- Update this on every subprocessor change. Stale subprocessor lists are a frequent regulatory finding