Last updated: 23 June 2026

Privacy Policy

⚠️ Template — replace every [bracketed] value and have a professional review this before you launch. This is not legal advice.

This policy explains how [Legal entity name] ("beltergate", "we"), [address], contact privacy@beltergate.com, handles personal data. We are the data controller for account data, and a processor acting on behalf of gate owners for the fan emails they collect.

What we collect

Account (gate owners): email address and a hashed (PBKDF2) password. Optionally your SoundCloud profile URL. If you subscribe, a Stripe customer id.
Uploaded files: the audio you upload for each gate (stored in Cloudflare R2).
Fans who unlock a gate: a one-way hash of their numeric SoundCloud user id (for one-download-per-user), and — only if the gate asks for it and the fan provides it — their email address plus the capture timestamp, IP and country as a record of consent. We do not create fan accounts or store fan passwords.
Aggregate analytics: per-gate counts (views, downloads, conversion, country). No cross-site tracking.

Why, and the legal basis (GDPR Art. 6)

To provide the service and your gates — performance of a contract.
Security, anti-fraud and rate-limiting — legitimate interests.
Fan email collection and any marketing email — consent, given by the fan on the gate.
Billing — contract / legal obligation (tax records).

Cookies

We use a single strictly-necessary cookie to keep you logged in (bg_session). We set no advertising or cross-site tracking cookies, and our analytics are first-party and aggregate. Under ePrivacy rules, a strictly-necessary cookie does not require consent.

Who we share data with (processors)

Cloudflare — hosting, KV storage, R2 file storage.
Stripe — subscription payments (we never see card numbers).
[Email provider, e.g. Resend / Cloudflare Email] — sending transactional/opt-in email, if enabled.

Some processors are outside the EEA; transfers rely on Standard Contractual Clauses or equivalent safeguards.

Retention

Account data is kept until you delete your account. Captured fan emails are kept until the gate owner deletes the gate or the email, or the fan asks for erasure. Aggregate analytics are kept up to 60 days of daily detail.

Your rights

You can access, export, correct, or delete your data. Account owners can export all their data and delete their account (which erases their gates, files and captured emails) from the dashboard. Fans can ask the relevant gate owner, or contact us at privacy@beltergate.com. You may also complain to your local Data Protection Authority (in the Netherlands, the Autoriteit Persoonsgegevens).

Changes & contact

We'll post changes here with a new date. Questions: privacy@beltergate.com.