Privacy Policy
Last updated: May 8, 2026
1. Who We Are
BandCut ("we", "us", "our") is an AI-powered audio stem separation service. Our infrastructure runs on Amazon Web Services (AWS) in the Mumbai (ap-south-1) region. Questions about this policy can be directed to privacy@bandcut.app.
2. Information We Collect
Account Information
When you register, we collect your email address and a hashed password via AWS Cognito. We do not store raw passwords.
Audio Files
Files you upload are stored in AWS S3 (encrypted at rest with AES-256) and are automatically and permanently deleted after 7 days. We do not analyse, listen to, or share your audio files with any third party.
Job & Usage Data
We store metadata about your processing jobs (filename, timestamps, status, processing mode) in AWS DynamoDB. This data is used to display your job history and is retained while your account is active.
Payment Information
Payments are processed by Stripe. We never see or store your full card details. We only receive a payment confirmation and the number of credits to assign to your account.
Log Data
Our servers automatically log standard access information (IP address, browser type, pages visited, timestamps) for security and debugging purposes via AWS CloudWatch. Logs are retained for 30 days.
3. How We Use Your Information
- To provide, operate, and improve the Service
- To send job completion notifications via email (AWS SES)
- To process payments and manage your credit balance
- To detect and prevent fraud, abuse, and copyright violations
- To respond to your support requests
- To comply with legal obligations
We do not sell your personal data. We do not use your data for advertising.
4. Data Sharing & Third Parties
We share data only with trusted service providers necessary to operate BandCut:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services | Infrastructure, storage, compute | All data (stored in Mumbai region) |
| Stripe | Payment processing | Email, payment amount |
We may disclose information if required by law, court order, or to protect the rights, property, or safety of BandCut, its users, or the public.
5. Data Retention
- Audio files & stems: Automatically deleted 7 days after upload
- Job metadata: Retained while your account is active; deleted on account closure
- Account data: Retained until you delete your account
- Server logs: 30-day rolling retention in CloudWatch
6. Security
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- AES-256 encryption for data at rest (S3, DynamoDB)
- AWS Cognito for secure authentication (no raw password storage)
- Private S3 buckets with presigned URL access only
- IAM least-privilege access controls
No system is 100% secure. If you discover a security vulnerability, please report it to security@bandcut.app.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing
To exercise these rights, contact us at privacy@bandcut.app. We will respond within 30 days.
8. Cookies
BandCut uses minimal cookies. We use session cookies to keep you logged in (via AWS Cognito JWT tokens stored in memory). We do not use tracking cookies, advertising cookies, or third-party analytics.
9. Children's Privacy
BandCut is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
10. International Data Transfers
Your data is stored and processed in AWS Mumbai (ap-south-1). By using BandCut, you consent to the transfer of your information to India. We ensure appropriate safeguards are in place in line with the Singapore Personal Data Protection Act (PDPA) and applicable law.
11. Changes to This Policy
We may update this Privacy Policy periodically. The "Last updated" date at the top will reflect any changes. Continued use of the Service constitutes acceptance of the updated policy. For material changes, we will notify you by email.
12. Contact Us
For any privacy-related questions or requests:
Email: privacy@bandcut.app