4chordsStudios

Privacy policy

Who we are

4chordsStudios is the data controller for personal data collected via 4chords.studio and our mobile apps and plugins. Contact: [email protected]. UK Information Commissioner's Office registration: application submitted; reference number will be published once issued by the ICO.

What we collect

  • Website: cookie consent state, anonymised analytics events (page views, button clicks), waitlist signups (email + source page), contact form submissions (name + email + message).
  • Mobile apps: nothing beyond on-device usage state stored on your device. We do not collect device identifiers, contact lists, or media unless you explicitly share them with a feature (e.g. uploading an audio file to a recorder).
  • Plugin storefront (when live): name, email, billing address, payment method (handled by Stripe, so we never see your card number), licence activation history.

Lawful bases

  • Contract performance (subscriptions, account management).
  • Legitimate interests (basic, anonymised, first-party analytics that help us improve the Service without identifying you).
  • Legitimate interests (measuring which of our adverts lead to sales: when you start a trial or buy, we share with Meta a hashed, irreversible identifier derived from your email plus the order details, and (if you arrived from one of our adverts) the click reference contained in that advert’s link. No cookies, device storage, or browsing history are involved, and you can object at any time. See “Advertising measurement”).
  • Consent (cookie-based third-party analytics and advertising, namely GA4 and the Meta Pixel, all gated behind our cookie banner).
  • Soft opt-in (PECR): if you start a checkout but don’t finish it, we may send you one follow-up email offering a no-card free trial of the same plugins. Every such email carries a one-click unsubscribe and we stop immediately if you use it. See “Abandoned-checkout follow-up”.

Cookies

  • We use the following cookies and similar technologies on the website only:
  • Strictly necessary: cookie-banner state (localStorage key ‘4cs_consent’). Always on.
  • Analytics (consent): Google Analytics 4 (_ga, _gid, _gat). Sends pseudonymous usage events to Google.
  • Advertising (consent): Meta Pixel (_fbp, _fbc). Sends ad-attribution events to Meta.
  • First-party analytics (consent): a single session ID we generate locally, sent to analytics.4chords.studio. No third party.
  • You can change your cookie choice at any time via the link in the footer.

Advertising measurement

  • When you start a trial or buy, we send a server-to-server “conversion” event to Meta so we can measure which of our adverts actually lead to sales. This uses a hashed (irreversible) version of your email plus the order details, and (if you reached us by clicking one of our adverts) the click reference from that advert’s link (which we read from the link itself; we do not store it on your device or read any cookie for it). Never your card number, and no browsing history. Our lawful basis is our legitimate interest in measuring the effectiveness of our own advertising.
  • If you have granted advertising consent in the cookie banner, we additionally include your Meta cookie identifiers (_fbp, _fbc) to improve the accuracy of that match. If you have not consented, no cookies or device identifiers are used, only the hashed purchase data.
  • You can object to advertising measurement at any time by emailing [email protected], and we will exclude your purchases from it.

Abandoned-checkout follow-up

  • If you begin a checkout for the plugins but don’t complete it, we may send you a single follow-up email, a reminder and an offer to try all the plugins free for 7 days with no card required. We rely on the PECR “soft opt-in”: you gave us your email while starting to buy a similar product, and every message has a clear one-click unsubscribe.
  • Every follow-up email contains a one-click unsubscribe; using it stops all such emails immediately. You can also opt out any time by emailing [email protected]. We never share abandoned-checkout details with third parties for their own marketing.

Third parties

We use Google (Analytics, GTM), Meta (Pixel), Apple (App Store billing), Google Play (Android billing), Stripe (plugin billing), Apple Push Notification Service, LANDR (music distribution for our label), and a UK VPS provider for hosting. Each receives only the minimum data needed for their function.

Retention

Website analytics: 14 months. Waitlist signups: until launch + 90 days, or until you unsubscribe. Contact form messages: 2 years. Subscription records: 7 years (HMRC requirement). Email marketing: until you unsubscribe.

International transfers

Some third parties (Google, Meta, Stripe) process data in the US. Transfers occur under the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

Your rights

Under UK GDPR you have the right to access, correct, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. Email [email protected]. We respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

Security

TLS everywhere. No payment card data is stored on our systems. Operational secrets are managed via the VPS host, encrypted at rest. We do not sell your data.

Children

We do not knowingly collect personal data from children under 13. Apps are rated 4+ on the App Store and do not include children-targeted advertising or social features.

Changes

Material changes will be announced 14 days in advance to active subscribers and via a website banner. Last updated: 2026-06-22.