Privacy Policy

Levels Flow is a software-as-a-service product operated by Sheldon Yeoman, trading as Levels Studio, in Perth, Western Australia. For the purposes of this policy we are the “data controller” of the personal information you provide.

We collect three categories of information: (a) account data — your email address, password hash, name, business details, and billing details (payment-card details are tokenised by Stripe and never touch our servers); (b) content data — the audio files, invoices, receipts, client records, and messages you upload or create inside the Service; and (c) usage data — anonymous request logs, error reports, and aggregated metrics that help us run the Service.

Account and content data are processed solely to operate the Service for you — store your files, render your invoices, deliver share links to people you authorise, send you transactional email. Usage data is processed to keep the Service running, debug problems, and prevent abuse. We do not use your data for advertising or for training third-party machine-learning models.

Levels Flow is built on Supabase (Postgres + S3-compatible object storage). Data is stored in the AWS Asia-Pacific (Sydney) region (ap-southeast-2). All connections are encrypted in transit (TLS) and at rest. Row-level security policies in the database ensure that one studio's data is never queryable from another studio's session. Audio downloads are served via short-lived signed URLs and are gated server-side on payment status. Auth endpoints (sign-in, sign-up, password reset) are rate-limited.

We rely on a small number of vendors to operate the Service: Supabase (database, storage, auth) hosted in the AWS ap-southeast-2 region, Vercel (web hosting), Resend (transactional email), Stripe (payments), PostHog (product analytics). Each vendor is contractually bound to handle your data only on our instructions and is reviewed for security posture before integration.

We use strictly-necessary cookies for authentication, session management, and your locale + appearance preferences. If product analytics are enabled in your environment, PostHog also sets cookies for distinct-id continuity (used to count unique signed-in users; never sold or used for advertising). We do not use third-party advertising trackers, social-media pixels, or session-replay tools on the marketing site or inside the app.

We never sell your data. We share content only at your direction — for example, when you generate a share link for a song, send an invoice to a client, or grant your accountant a read-only token URL. We may disclose data in response to a valid legal request, but will notify you first unless prohibited from doing so.

You can access, export, correct, or delete your data at any time:

• Export: signed-in, GET /api/export/me returns a JSON archive of every row you own across clients, projects, songs, audio metadata, comments, invoices, and receipts. Storage paths are included so you can fetch the actual audio + receipt files via signed URLs.
• Erasure: signed-in, Settings → Delete account permanently removes your auth credentials, all of the rows above, and every object in your storage prefix. Any active subscription is cancelled before the delete fires. This takes effect immediately — there is no recovery window from our side.
• Correction: edit your profile fields in Settings; for anything else, email us (see §12).

If you are in the EU, UK, or California you have additional rights under GDPR, UK GDPR, and CCPA respectively — including the right to object, the right to data portability, and the right to lodge a complaint with your supervisory authority.

We keep account and content data for as long as your account is active. On account deletion, content is purged from active storage immediately. Database backups maintained by our sub-processor (Supabase) retain a copy for up to 30 days thereafter and are out of our direct control; they are not restored to the running service except in disaster-recovery scenarios that affect all customers equally. Anonymous usage logs are retained for up to 12 months for security and debugging purposes, then aggregated or deleted.

Levels Flow is not directed to children under 16 and we do not knowingly collect data from them. If you believe a child has created an account, email admin@levelsflow.com and we will close the account.

Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The “last updated” date at the top of this page reflects the current version.

Privacy questions or requests? Email admin@levelsflow.com.