Privacy Policy

Maccordion is operated by Private Enterprise “ISMA-SERVICE” (ПП “ІСМА-СЕРВІС”), EDRPOU 33927324, registered in Ukraine. When we say “Maccordion,” “we,” “us,” or “our,” we mean PP “ISMA-SERVICE.”

For privacy-related questions, contact us at support@maccordion.com.

2.1 Information you provide

• Account data: email address and password when you create an account.
• Payment data: when you purchase the Original sound library, payment is processed entirely by Stripe. We never see or store your full card number. We store the transaction email, amount, and Stripe session ID.
• Waitlist: email address if you join the Mac app waitlist.
• Video submissions: email and video URL if you submit a video for the discount promotion.
• Contact form: email, message text, and device information (device type, OS, screen size) when you contact us through the app.

2.2 Information collected automatically

• Usage data: pages visited, features used, and session duration via Google Analytics and Vercel Analytics.
• Device data: browser type, operating system, screen resolution, and IP address.
• Cookies: authentication session cookies (Supabase) and analytics cookies (Google Analytics). See Section 8.

2.3 Camera access

Maccordion requests access to your webcam to detect laptop lid movement for the bellows feature. Your camera feed is processed entirely in your browser. We use low-resolution frames (160×90) to calculate motion vectors only. No video, images, or camera data is ever recorded, stored, or transmitted to our servers. You can revoke camera permission at any time through your browser settings, and the instrument remains playable via keyboard alone.

• Provide, maintain, and improve the Maccordion service
• Process payments and manage your account
• Send transactional communications (password resets, purchase confirmations)
• Respond to your support requests
• Analyze usage patterns to improve performance and user experience
• Prevent fraud, abuse, and enforce rate limits
• Comply with legal obligations

We do not use your data for automated decision-making or profiling.

If you are in the EU/EEA, we process your data under these bases:

• Contract: to provide your account, process purchases, and deliver the service.
• Consent: for camera access, analytics cookies, and marketing communications. You may withdraw consent at any time.
• Legitimate interest: for security, fraud prevention, and service improvement.
• Legal obligation: for tax records and regulatory compliance.

We do not sell, rent, or trade your personal data. We share data only with:

• Stripe — payment processing. Stripe collects transaction data, device identifiers, and IP addresses under its own privacy policy. See stripe.com/privacy.
• Supabase — authentication and database hosting (AWS infrastructure, US region). See supabase.com/privacy.
• Vercel — application hosting and performance analytics. See vercel.com/legal/privacy-policy.
• Google Analytics — anonymized usage analytics. See policies.google.com/privacy.

We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, authentication, and analytics. You can learn more at stripe.com/privacy.

Your data is processed on servers in the United States (Vercel, Supabase on AWS). If you are in the EU/EEA, these transfers are protected by Standard Contractual Clauses and the providers' respective Data Processing Agreements. Supabase's DPA is available at supabase.com/legal/dpa.

• Account data: retained while your account is active. Deleted when you delete your account.
• Payment records: retained for 7 years as required by tax and commercial law.
• Waitlist emails: retained until the Mac app launches, then deleted.
• Video submissions: retained for the duration of the promotion.
• Analytics data: retained per Google Analytics defaults (26 months), anonymized.
• Rate limit data: IP addresses stored transiently (60-second sliding window), not persisted.
• Camera data: never stored. Processed in browser memory for approximately 16ms per frame, then discarded.

Essential cookies: Supabase authentication cookies (access token, refresh token). These are required for the service to function and cannot be disabled.

Analytics cookies: Google Analytics (_ga, _gid) and Vercel Analytics. These help us understand how the service is used. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can also manage cookies through your browser settings. Disabling essential cookies will prevent you from logging in.

All users:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Object to processing of your data

EU/EEA residents (GDPR):

• Right to data portability
• Right to restrict processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

California residents (CCPA):

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of sale — we do not sell your personal information
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, email support@maccordion.com. We will respond within 30 days.

Maccordion is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@maccordion.com and we will promptly delete it.

We protect your data with TLS encryption in transit, encrypted databases at rest (Supabase on AWS), and hashed passwords. Payment card data is handled entirely by Stripe, which is PCI-DSS Level 1 certified. While no system is 100% secure, we take reasonable measures to protect your information.

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the site. Your continued use of Maccordion after changes take effect constitutes acceptance of the updated policy.

Private Enterprise “ISMA-SERVICE” (ПП “ІСМА-СЕРВІС”)
EDRPOU: 33927324
Email: support@maccordion.com