Home
Remy Cooper logo

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Remy Cooper Music ("we," "us," or "our") operates VAULT, a music organization platform. We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Dutch General Data Protection Regulation (AVG).

This Privacy Policy explains how we collect, use, process, and protect your personal data when you use the VAULT platform. By using our Service, you consent to the data practices described in this policy.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date and notify you of material changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

2. Data Controller

The data controller responsible for processing your personal data is:

Remy Cooper Music
Location: The Netherlands
Email: remy@toolkit.music

For any questions about this Privacy Policy or our data practices, please contact us using the information above.

3. Information We Collect

We collect and process the following categories of personal data:

3.1. Account Information

  • Email address (required)
  • Password (hashed and encrypted, required)
  • Name (required)
  • Username (required)
  • Profile picture/avatar (optional)
  • IPI code (optional, for music industry identification)

3.2. Content You Upload

  • Songs, tracks, and audio files
  • Artwork and images
  • Lyrics and text content
  • File attachments
  • Song metadata (title, artist, genre, tags, etc.)
  • Comments and messages

3.3. Usage Information

  • Storage usage data
  • Last login timestamp
  • Onboarding completion status
  • Feature usage patterns

3.4. Payment Information

  • Paddle customer ID
  • Subscription status and plan name
  • Billing information (processed securely by Paddle, not stored by us)

3.5. Communication Data

  • Email communication history
  • Marketing preferences (opt-in/opt-out)
  • Notification preferences

3.6. Consent Records

  • Terms of Service acceptance timestamp and version
  • Privacy Policy acceptance timestamp and version

3.7. User Search and Contact Features

  • User searchability preference (whether you allow other users to find you by name, email, or username)
  • Contact information stored by other users when they add you as a contact
  • Collaboration relationships and contact lists

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance: To provide and maintain the Service, process payments, and fulfill our contractual obligations to you
  • Consent: For marketing communications (you can withdraw consent at any time), and for processing Terms of Service and Privacy Policy acceptance
  • Legitimate Interests: To improve our Service, prevent fraud, ensure security, and send transactional emails necessary for service delivery. User Search and Contact Management: We process user search data based on legitimate interests to enable collaboration and contact management features. Users can opt out at any time in their account settings.
  • Legal Obligation: To comply with applicable laws and regulations, including tax and accounting requirements

5. How We Use Your Information

We use your personal data for the following purposes:

  • To provide, maintain, and improve the VAULT platform
  • To process your account registration and authenticate your identity
  • To store, organize, and make your content accessible to you and authorized collaborators
  • To process payments and manage subscriptions
  • To send transactional emails (welcome emails, collaboration invitations, password resets, etc.)
  • To send marketing communications (only if you have opted in)
  • To enable user search and contact management features for collaboration
  • To respond to your inquiries and provide customer support
  • To ensure security, prevent fraud, and enforce our Terms of Service
  • To comply with legal obligations and resolve disputes
  • To analyze usage patterns and improve our Service

6. Data Sharing and Third-Party Services

We share your personal data with the following third-party service providers to operate the Service:

6.1. Payment Processing

Paddle: We use Paddle as our Merchant of Record to process payments and manage subscriptions. Paddle processes your payment information securely and handles tax collection, invoicing, and compliance. We only receive and store your Paddle customer ID, not your full payment details.View Paddle's Privacy Policy.

6.2. File Storage

Wasabi S3 Storage: Your uploaded files (audio, images, attachments) are stored using Wasabi S3 Storage, a secure cloud storage service. Data is encrypted in transit and at rest. Wasabi provides S3-compatible object storage for your content.

6.3. Authentication

Supabase: We use Supabase for user authentication and session management.View Supabase's Privacy Policy.

6.4. Email Services

Amazon SES: We use Amazon SES to send transactional emails. Your email address is shared with Amazon SES only for the purpose of sending emails related to the Service.

6.5. Database Hosting

PostgreSQL Database: Your account information and metadata are stored in a PostgreSQL database hosted by our infrastructure provider.

6.6. Other Sharing

We may share your data in the following circumstances:

  • With users you explicitly share content with through collaboration features
  • If required by law or legal process
  • To protect our rights, property, or safety, or that of our users
  • In connection with a business transfer (merger, acquisition, etc.)

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers are located.

We ensure that such transfers comply with GDPR requirements by:

  • Using service providers that are certified under appropriate frameworks (e.g., EU-U.S. Data Privacy Framework)
  • Implementing Standard Contractual Clauses (SCCs) where applicable
  • Ensuring adequate data protection measures are in place

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Data and Content: Retained while your account is active. Upon account deletion, all account data, content, and files are permanently and immediately deleted from our systems. There is no grace period for account recovery after deletion.
  • Payment Records: Retained for 7 years as required by tax and accounting laws
  • Consent Records: Retained to demonstrate compliance with data protection requirements
  • Marketing Preferences: Retained until you withdraw consent or delete your account

Important: Account deletion is permanent and immediate. We cannot recover your data after deletion. Please ensure you have backed up any content you wish to keep before deleting your account.

For data that we are legally required to retain (such as payment records), we will securely delete or anonymize it after the retention period expires.

9. Your Rights Under GDPR/AVG

You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: You can request that we limit how we process your data
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
  • Right to Object: You can object to processing based on legitimate interests, including opting out of user searchability in your account settings
  • Right to Withdraw Consent: You can withdraw consent for marketing communications at any time

To exercise these rights, please contact us at remy@toolkit.music. We will respond to your request within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your data protection rights.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments and updates
  • Access controls and authentication
  • Regular backups of your data

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, authenticate users, and remember your preferences. For detailed information about our use of cookies, please see our Cookie Policy.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

13. Marketing Communications

We only send marketing communications if you have explicitly opted in. You can:

  • Opt out at any time by updating your preferences in your account settings
  • Click the unsubscribe link in any marketing email
  • Contact us directly to unsubscribe

Note that even if you opt out of marketing communications, we may still send you transactional emails necessary for the Service (e.g., account notifications, collaboration invitations).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date
  • We will notify you via email or through the Service
  • For significant changes, we may require you to review and accept the updated policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Remy Cooper Music
Email: remy@toolkit.music
Location: The Netherlands

For complaints regarding data protection, you can also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Terms of ServiceCookie PolicyHome