Privacy Policy

Last Updated: July 7, 2026

1. Introduction

Szabolcs Marton e.v. (Individual Entrepreneur, registered in Hungary, Registration Number: 51783538, Tax Number: 68463861-1-28), currently transitioning operations to ProducerGrid Kft. (a Hungarian limited liability company under registration) (“ProducerGrid,” “we,” “us”) takes your privacy seriously. This Privacy Policy explains what personal data we collect, the legal bases we rely on, how we use it, how long we keep it, and your rights under the General Data Protection Regulation (GDPR), Hungarian law, and applicable European Union data protection laws.

This Policy applies when you use the ProducerGrid desktop agent, website, web dashboard, APIs, and related online services (“the Services”).

2. Data Controller & Contact

Data Controller: Szabolcs Marton e.v. (Individual Entrepreneur, registered in Hungary, Registration Number: 51783538, Tax Number: 68463861-1-28), currently transitioning operations to ProducerGrid Kft. (a Hungarian limited liability company under registration).

Data Protection Contact: privacy@producergrid.com
General Inquiries: info@producergrid.com

Supervisory Authority: You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) at naih.hu or with the supervisory authority in your EU member state of residence, pursuant to GDPR Article 77.

3. Legal Bases for Processing (GDPR Article 6)

We process your personal data only when we have a valid legal basis. The table below maps each processing purpose to its GDPR legal basis:

Processing PurposeLegal BasisGDPR Reference
Service delivery (desktop agent, dashboard, APIs, sync, support)Contract performanceArt. 6(1)(b)
License activation & workstation verificationContract performanceArt. 6(1)(b)
Account management & authenticationContract performanceArt. 6(1)(b)
Billing, invoicing, tax recordsLegal obligationArt. 6(1)(c) — Hungarian Accounting Act (2000. évi C. tv.), VAT Act
Security, fraud prevention, abuse detectionLegitimate interestArt. 6(1)(f)
Product improvement (aggregate/anonymized only)Legitimate interestArt. 6(1)(f) — with opt-out right
Anonymous plugin version contribution (optional)ConsentArt. 6(1)(a)
Crash reports & diagnostics (if contains personal data)Legitimate interest or ConsentArt. 6(1)(f) or 6(1)(a)
Website analytics & cookies (non-essential)ConsentArt. 6(1)(a) — ePrivacy Directive + GDPR
Marketing emails (new customers)ConsentArt. 6(1)(a)
Service-related emails (billing, security, legal)Contract performance / Legal obligationArt. 6(1)(b) / 6(1)(c)

Legitimate Interest Assessment (LIA): Where we rely on legitimate interest, we have conducted and documented a Legitimate Interest Assessment balancing our interests against your rights and freedoms. You may request a summary of the LIA for any processing purpose by emailing privacy@producergrid.com. You have the right to object to processing based on legitimate interest at any time (see Section 9).

Consent withdrawal: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Categories of Personal Data

4.1 Local Desktop Data

The desktop agent stores data locally on your workstation: plugin names, formats, local paths, preset metadata, sample library metadata, local preferences, tags, and categories. This data remains on your device unless you use an online feature.

4.2 Account, Billing & License Data

  • Email address and account identifiers
  • Subscription plan, billing period, payment processor references (Stripe), invoice and tax records
  • Workstation identifiers, activation state, app version, OS metadata, last activity timestamps
  • Activation codes, API keys, authentication tokens — stored only as hashes or encrypted values

4.3 Web Dashboard & Organization Data

If you use the web dashboard, we store organization data: organization profile, users and roles, workstations, API keys, plugin/preset/library/license/project metadata, alerts, notifications, reports, audit events, and operational state. Full DAW project files are not stored as part of project inventory.

4.4 Uploaded Assets

Files intentionally uploaded through explicit dashboard features, with related metadata. Upload features are explicit; files are not uploaded merely because the desktop agent scans your workstation.

4.5 Analytics, Logs & Cookies

  • Anonymous or aggregated usage and feature usage data (where enabled)
  • Crash reports, error logs, security logs, rate-limit records, delivery attempts
  • Cookie and website analytics data as described in our Cookie Policy

Payment card data is processed exclusively by Stripe. ProducerGrid does not store full payment card numbers, CVC codes, or card expiry dates.

5. How We Use Your Data

  • Service delivery: to provide the desktop agent, web dashboard, APIs, synchronization, reports, alerts, notifications, asset handling, and support.
  • Subscription & license management: to process purchases, renewals, cancellations, license activation, workstation limits, and plan entitlements.
  • Security & abuse prevention: to protect accounts, organizations, workstations, APIs, and infrastructure.
  • Support & communication: to respond to requests and send important service, billing, security, or legal notices.
  • Product improvement: aggregate, anonymized, or de-identified data analysis for reliability, performance, compatibility, and feature quality. You may opt out at privacy@producergrid.com.
  • Legal compliance: to meet tax, accounting, consumer protection, security, and other legal obligations.

6. User Content & Ownership

You and your organization retain ownership of your music, recordings, samples, projects, presets, metadata, uploaded assets, and creative content. ProducerGrid does not claim ownership of your creative work.

We process your content and metadata only to provide, secure, maintain, support, and improve the Services you use, subject to the limited processing license in our Terms of Service. Product improvement is limited to aggregate, anonymized, or de-identified analysis and does not include using your data to train machine learning models, build derivative products, or sell insights.

7. Data Sharing & Processors

We do not sell your personal data. We share data only with service providers and processors needed to operate the Services, or where required by law. All processors are bound by data processing agreements compliant with GDPR Article 28.

Key processors and service providers:

  • Stripe: payment processing, billing, invoices, tax and subscription records. Stripe acts as a data controller for payment card data under its own privacy policy.
  • Supabase: database, hosting, authentication, and object storage infrastructure.
  • Resend / email provider: account, billing, support, security, and operational messages.
  • Analytics & diagnostics providers: website analytics, app diagnostics, crash reporting, and service reliability monitoring.

We may disclose information if required by law, court order, government authority, security investigation, fraud prevention, or to protect our rights, users, or services.

8. Security & Encryption

We use technical and organizational measures to protect data: TLS encryption in transit, access controls, least-privilege operational access, monitoring, and protected storage of credentials and API keys using hashes or encryption.

No internet-connected service can guarantee absolute security. You remain responsible for protecting local systems and account access.

9. Your GDPR Rights

Under GDPR and applicable data protection laws, you have the following rights:

  • Right of access (Art. 15): obtain confirmation and a copy of your personal data.
  • Right to rectification (Art. 16): correct inaccurate personal data.
  • Right to erasure (Art. 17): request deletion (“right to be forgotten”) where applicable.
  • Right to restriction (Art. 18): restrict processing in certain circumstances.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent (Art. 7(3)): withdraw consent at any time where processing is consent-based.
  • Right to lodge a complaint (Art. 77): with NAIH (Hungary) or your local EU supervisory authority.

To exercise your rights, contact us at privacy@producergrid.com. We may need to verify your identity and organization authority before fulfilling a request. We aim to respond within 30 days as required by GDPR.

10. Data Breach Notification

In the event of a personal data breach, we will notify the competent supervisory authority (NAIH) within 72 hours of becoming aware of the breach, where required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay as required by GDPR Article 34.

11. Data Retention

We retain personal data only as long as necessary for the purposes stated:

  • Active accounts: retained while the account is active and for 30 days after deletion request, to allow for reactivation or export.
  • Billing & tax records: retained for 8 years per Hungarian Accounting Act (2000. évi C. törvény) and applicable tax law.
  • Security, audit & operational logs: retained for 12 months for service integrity, fraud prevention, abuse prevention, and dispute resolution.
  • Backup data: removed within 90 days per backup lifecycle policy, unless longer retention is legally required.
  • Support communications: retained for 3 years after case closure for quality assurance and legal defense.
  • Cookie & analytics data: retained per our Cookie Policy.

12. Cookies & Tracking

The ProducerGrid website uses cookies and similar technologies for essential functionality, preferences, security, and analytics where you have given consent. We do not use advertising cookies or third-party tracking pixels for behavioral advertising.

For detailed information, see our Cookie Policy.

13. International Data Transfers

Your data may be processed in Hungary, the European Economic Area (EEA), or the United States where our service providers operate. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (2021/914): for transfers to the United States and other third countries without an adequacy decision.
  • Adequacy decisions: where the European Commission has determined a country provides adequate protection.
  • Data Processing Agreements: with all processors, incorporating SCCs where required.

You may request a copy of the relevant safeguards by emailing privacy@producergrid.com.

14. Data Processing Agreement for Organizations

For organization customers using the web dashboard, ProducerGrid acts as a data processor for organization-managed data. A Data Processing Agreement (DPA) compliant with GDPR Article 28 is available upon request at privacy@producergrid.com and is incorporated into our Terms of Service for dashboard subscribers.

15. Children

ProducerGrid is not intended for users under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@producergrid.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email, in-app notice, dashboard notice, or website notice. Continued use after changes become effective constitutes acceptance.

17. Contact Us

For privacy-related questions, data requests, or to exercise your GDPR rights:

ProducerGrid is provided by Szabolcs Marton e.v. (Individual Entrepreneur, registered in Hungary, Registration Number: 51783538, Tax Number: 68463861-1-28), currently transitioning operations to ProducerGrid Kft. (a Hungarian limited liability company under registration).
Data Protection Contact: privacy@producergrid.com
General: info@producergrid.com

We aim to respond to privacy requests within 30 days where required by applicable law.