Privacy Notice
Last updated: October 27, 2025
ASR Tech Oy (hereinafter "SFX Stacks", “we”, or “us”) respects your privacy.
This notice applies to the sfxstacks.com website (the “Website”) and the SFX Stacks desktop application (the “App”). Together they form the “Service.”
1 Contact Details
- Controller: ASR Tech Oy – Business ID 2946518-6
- Address: Minna Canthin katu 66 lh 1, 70100 Kuopio, Finland
- Email: privacy@asrt.fi
- Supervisory Authority: Office of the Data Protection Ombudsman (tietosuoja.fi)
2 What Data We Process and Why
2.1 Website Visitors (SFX Stacks as Controller)
| Data Group | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Technical Logs | IP, user-agent, URL | Security & error diagnostics | Legitimate interest (f) | 30 days |
| Analytics | Pageviews (pseudonymized, no cookies) | Understand overall usage | Legitimate interest (f) | 24 months |
| Mailing List Form | Name, email (address via Google Forms) | Notify about product launch or updates | Consent (a) | Deleted after launch or upon request |
2.2 Purchases via Paddle
| Data Group | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Billing Data | Name, email, VAT ID, country | Payment processing and license management | Contract (b) / Legal obligation (c) | 10 years (legal accounting requirement) |
2.3 Desktop App Usage (Local Only)
| Data Group | Examples | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Indexed Audio Files | Filenames, audio metadata (e.g. duration, sample rate) | Provide search results to the user | Local processing only, no transfer | Stored locally until user deletes them |
The App never uploads or shares your sound files.
All analysis and indexing happen locally on your own machine.
3 Third Parties and Sub-processors
| Recipient | Purpose | Location | Transfer Basis |
|---|---|---|---|
| Paddle Payments Ltd. | Subscription & payment processing | UK / EU | SCC + DPF |
| Google Forms | Collect launch sign-ups | EU | SCC |
| Fathom Analytics Inc. | Anonymous pageview metrics | EU | Intra-EU |
Each provider complies with GDPR and, when applicable, uses Standard Contractual Clauses (SCCs).
4 Data Subject Rights
You have the right to:
- access your personal data
- request correction or deletion
- restrict or object to processing
- withdraw consent at any time
- data portability
- file a complaint with the Data Protection Ombudsman (tietosuoja.fi)
Requests: Contact us
We respond within 2 business days, no later than 30 days.
5 Security Measures
- TLS 1.3 for all transfers
- AES-256 encryption where applicable
- Least-privilege access controls
- EU-based hosting and backups for the Website
- Local processing only for App data
6 Cookies and Tracking
| Type | Name | Purpose | Duration | Basis |
|---|---|---|---|---|
| Necessary | – | Core site functionality (no personal data) | Session | Art. 6(1)(b) |
| Analytics | – | Fathom collects aggregate pageviews without cookies | – | Legitimate interest (f) |
The Website does not use any third-party advertising or tracking cookies.
7 Retention and Deletion
We keep data only as long as necessary:
- Mailing list entries → deleted after launch or upon request
- Billing data → retained for statutory accounting periods
- Analytics → 24 months aggregate retention
8 Changes
We may update this notice from time to time.
The latest version is always available on this page.
Significant changes will be announced via the Website.
Legal bases: (a) consent, (b) contract, (c) legal obligation, (f) legitimate interest