Legal
Privacy Policy
Last updated: 17 July 2026
1. Who we are
Ross Command Deck ("we", "us", "our") operates the browser-based digital audio workstation available at https://rossdeck.com. We are the data controller for personal data collected through this service.
For privacy enquiries, contact us at [email protected].
2. Data we collect
We collect the following categories of personal data:
- Account data: email address, display name, and hashed password when you register.
- Usage data: pages visited, features used, session duration, and error logs — collected to improve the service.
- Payment data: billing information is processed by Stripe. We do not store card numbers; we receive only a Stripe customer ID and subscription status.
- Project data: DAW projects, audio clips, MIDI sequences, and settings you save to cloud storage.
- Technical data: IP address, browser type, operating system, and device identifiers collected automatically.
- Cookie data: session cookies for authentication and, with your consent, analytics cookies (see Section 6).
3. How we use your data
We use your personal data to:
- Provide, maintain, and improve the Ross Command Deck service.
- Process payments and manage your subscription.
- Send transactional emails (account confirmation, password reset, billing receipts).
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
- With your consent: send product updates and marketing communications.
4. Legal basis for processing (UK/EU GDPR)
- Contract performance: processing necessary to deliver the service you signed up for.
- Legitimate interests: security monitoring, fraud prevention, and service improvement.
- Legal obligation: tax records and compliance with applicable law.
- Consent: analytics cookies and marketing emails (you may withdraw consent at any time).
5. Data sharing
We share personal data only with:
- Stripe: payment processing (their privacy policy applies to card data).
- Hosting infrastructure: GoDaddy Airo platform for server and storage.
- Analytics providers: only with your cookie consent.
- Law enforcement: when required by applicable law or court order.
We do not sell your personal data to third parties.
6. Cookies
We use strictly necessary cookies for authentication sessions. With your consent (via the cookie banner), we also use analytics cookies to understand how the DAW is used. You can withdraw consent at any time by clicking "Cookie Settings" in the footer or clearing your browser cookies.
7. Data retention
We retain account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. billing records retained for 7 years for tax purposes). Project files in cloud storage are deleted immediately on account deletion.
8. Your rights
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict processing in certain circumstances.
- Data portability — receive your data in a machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time without affecting prior processing.
To exercise any right, email [email protected]. We will respond within 30 days.
9. International transfers
Your data may be processed in countries outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with UK GDPR Chapter V.
10. Security
We implement industry-standard security measures including HTTPS encryption, hashed passwords (bcrypt), HTTP security headers, and rate limiting on all API endpoints. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
11. Children
Ross Command Deck is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice on the site. The "Last updated" date at the top of this page reflects the most recent revision.
13. Contact and complaints
For privacy questions: [email protected]
If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). If you are in the EU, contact your local supervisory authority.