Privacy
Privacy Policy
Draft updated: July 11, 2026 · English review copy
BeatSync API processes uploaded audio to return rhythm analysis data. This policy explains what we handle, why we handle it, where it is processed, and the retention policy and its target. It is an engineering and product policy draft, not legal advice.
Information we process
- Uploaded audio files submitted through
multipart/form-data. - Analysis results such as BPM, beat timestamps, cut points, request IDs, and task IDs.
- Operational metadata such as file size, content type, processing time, status and error codes, timestamps, subscription tier, and a pseudonymous user reference.
- Support correspondence and the identifiers you provide when asking us to investigate a request.
How we use data
- We use uploaded audio and generated results only to provide the requested rhythm analysis.
- We use limited operational metadata to secure the service, enforce limits, diagnose failures, respond to support requests, and resolve billing disputes.
- We do not use uploaded audio to train models.
- We do not perform voice recognition, speaker identification, transcription, or biometric profiling.
- We do not manually review uploaded audio unless you explicitly authorize access for a specific support request.
Processors and processing regions
- RapidAPI provides marketplace access, subscription context, request routing, and billing; its own privacy terms also apply to data it controls.
- Cloudflare receives API traffic and temporarily stores processing objects in its North America region.
- Amazon Web Services processes analysis tasks in the United States.
- Data may therefore be processed outside your country. The operator and qualified counsel must approve target markets and any required transfer terms before public launch.
Retention
- Uploaded input is targeted for deletion immediately after analysis completes or definitively fails, including enqueue failure cleanup.
- Request manifests, results, errors, and progress objects have a target maximum retention of 24 hours and should expire by then, with storage lifecycle cleanup as a backstop.
- This 24 hours target is not yet a verified public-launch promise; launch remains blocked until implementation and deletion drills prove it.
- RapidAPI billing records, support correspondence, and security logs follow the relevant provider or approved operational retention schedule; those schedules must be finalized before launch.
Your choices and contact process
- Depending on applicable law, you may ask to access, correct, delete, restrict, or object to our processing, and ask for a portable copy or information about complaint options.
- Email support@beatsyncapi.com with your request ID, task ID, timestamp, RapidAPI account reference, and the right you want to exercise.
- We will verify that the requester is associated with the request before disclosing or deleting data. An identifier alone is not sufficient proof.
- This support process is the current contact path; no self-service deletion endpoint is promised.