Privacy
Last updated 2026-05-02. Plain English version of our data practices. The legal version sits below in the same shape.
What we collect, why, and where it goes
| Data | Why | Stored where |
|---|---|---|
| Email + display name + password (hashed) | Signing in, contacting you about your account | SQL Server in our European data centre |
| Set history — track titles, artists, BPM, key, time you played them | Building your tracklist, analytics, recommendations | Same DB |
| 15-second audio samples captured by the desktop client | Sent to ACRCloud for identification only | Held in server memory for the API round-trip, then deleted. Never written to disk on our side |
| Mastered MP3s + merged YouTube videos | Letting you download and publish a finished mix | On our app server, deleted 48 hours after creation |
| OAuth tokens for Mixcloud / YouTube | Posting on your behalf when you press Publish | Encrypted at rest with ASP.NET Core DataProtection. We never see your platform passwords |
| Stripe payment records | Subscription billing | Stripe handles all card data — we never receive it. We only store Stripe's customer + subscription IDs |
Third parties
- ACRCloud — receives 15s audio samples for identification. They have their own privacy policy at acrcloud.com.
- Stripe — receives all card and tax data; we receive only confirmation of payment.
- Mixcloud / Hearthis / YouTube — only when you choose to publish; the upload uses your account's OAuth token (or your Hearthis API key).
Your rights
You can export everything we hold about you, delete your account (and we'll wipe it within 30 days), or change anything in your Account page. Email hello@makingwaves.live if anything's unclear or you want a copy of the data we have.
Cross-DJ analytics
"Trending on platform" charts and the recommendation engine use track-level data aggregated across all DJs whose sets are marked Network or Public. Sets marked Private are completely excluded — they don't surface anywhere except in your own dashboard.