Privacy Policy

Effective date: 31 March 2026

Tapelog is a music production journal. This policy explains what personal information we collect, why we collect it, who we share it with, and what rights you have over it. We've written it to be direct rather than dense.

If you have questions, email us at info@tapelog.app.

1. Who we are

Tapelog is operated by Dan Beirouty, based in Melbourne, Australia. We are the data controller for the personal information described in this policy.

2. What we collect and why

Data	Why we collect it
Email address	Account creation, login, and transactional emails (approvals, invitations, mentions)
Display name	Shown to collaborators on shared tracks
Profile photo (optional)	Shown alongside your entries in shared tracks
Track data — titles, status, genre, mood, instruments, BPM, key, notes, file paths, reference tracks	Core service: organising your music catalogue
Session notes and journal entries	Core service: recording what happened in each session
Next actions and version milestones	Core service: tracking progress on each track
Feedback messages (optional)	Improving the product; sent to our internal tools
Profile preferences — producer type, DAW	Personalising your experience

We collect only what is needed to provide the service. We do not build advertising profiles or sell your data.

3. The AI recap feature

When you use the AI Recap feature on a track, your session notes and track details for that track are sent to Anthropic to generate a summary. This only happens when you explicitly trigger it. Notes are not sent to Anthropic at any other time.

Anthropic processes this data under its own privacy policy and API terms. We send only the session notes and track title — no identifying information about you is included in that request.

4. Who we share your data with

We use the following third-party services to operate Tapelog. Each is a data processor acting on our behalf.

Service	Purpose	Location
Supabase	Database, authentication, and file storage	Data stored in Sydney, Australia (ap-southeast-2). Supabase Inc is a US company.
Resend	Transactional email delivery	United States
Anthropic	AI-generated track recaps (only when triggered by you)	United States
Unsplash	Banner images shown on the home screen. No personal data is sent.	United States
Vercel	Web hosting and delivery	United States (edge network)

We do not share your data with any other third parties, including advertisers or data brokers.

5. International data transfers

Your data is stored on Supabase infrastructure located in Sydney, Australia. Some processors listed above (Resend, Anthropic, Vercel) are based in the United States. When your data is transferred to these processors, it is subject to the legal protections in place in those jurisdictions.

If you are located in the European Economic Area or the United Kingdom, these transfers are made on the basis of standard contractual clauses or equivalent mechanisms as provided by each processor. You can request information about the specific safeguards in place by contacting us.

6. How long we keep your data

Account and catalogue data — retained for as long as your account is active. If you close your account, your data is deleted within 30 days.
Session notes and journal entries — retained indefinitely while your account is active. These are the core record of your creative practice.
Feedback screenshots — deleted automatically after 90 days.
Email logs — retained by our email provider per their own policies, typically 30–90 days.

7. Browser storage

Tapelog stores data in your browser's local storage (not cookies) for the following purposes:

Your authentication session (managed by Supabase)
The daily banner image URL and credit, cached to avoid unnecessary API requests

We do not use advertising cookies or third-party tracking scripts.

8. Your rights

Depending on your location, you may have the following rights over your personal data:

Access — you can export all your track and session data at any time using the Export (CSV) feature in the app.
Correction — you can edit your data directly in the app at any time.
Deletion — you can request deletion of your account and all associated data by emailing info@tapelog.app. We will process the request within 30 days.
Portability — your data is exportable in CSV format from the app.
Objection — you can object to certain processing by contacting us.

Residents of the European Economic Area and the United Kingdom have these rights under the GDPR. Residents of California have rights under the CCPA/CPRA. Residents of Australia have rights under the Privacy Act 1988 (Cth).

To exercise any right, email info@tapelog.app. We will respond within 30 days.

9. Security

Your data is stored in a database with row-level security enabled, meaning each user can only access their own records. Authentication is handled by Supabase Auth. Access to the service requires an approved account — Tapelog is invitation-only.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at info@tapelog.app.

10. Children

Tapelog is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected such information, please contact us and we will delete it.

11. Changes to this policy

If we make material changes to this policy, we will notify active users by email at least 14 days before the changes take effect. The effective date at the top of this page will always reflect the most recent version.

12. Contact

For privacy-related questions, requests, or complaints:

Email: info@tapelog.app
Operator: Dan Beirouty, Melbourne, Australia

If you are in Australia and are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner.

If you are in the EU or UK, you may lodge a complaint with your local data protection authority.