PRIVACY POLICY

Last updated: March 7, 2026

1. Who We Are

Sesh ("we", "our", or "us") operates the website at sesh.fm and the Sesh multiplayer music studio. We are the data controller for the personal data described in this policy. For any privacy-related enquiries, contact us at [email protected].

2. Information We Collect

Information you provide directly:

  • Account information (email address, username, password)
  • Profile information (display name, avatar)
  • Content you create (projects, audio files, settings)
  • Communications with us (support requests, feedback)
  • Payment information (processed by our payment processor; we do not store card details)

Information collected automatically:

  • Device and browser information (browser type, operating system, screen resolution)
  • Usage data (features used, session duration, actions taken)
  • Log data (IP address, access times, pages viewed, referring URLs)
  • Cookie and tracking data (see Section 7)

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data on the following legal bases:

  • Contract — to provide our Service, process payments, and manage your account
  • Consent — for analytics, advertising measurement, and marketing cookies (you may withdraw consent at any time via our Cookie Settings)
  • Legitimate interests — for fraud prevention, security, and improving our Service, where these interests are not overridden by your rights
  • Legal obligation — where required by applicable law

4. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Analyse usage patterns to improve user experience
  • Measure the effectiveness of our marketing and advertising
  • Detect, investigate, and prevent fraud and abuse
  • Comply with legal obligations

5. Information Sharing

We do not sell your personal information. We may share information with:

  • Service providers who assist in operating our Service (hosting, payments, analytics, email) under data processing agreements
  • Other users when you collaborate on public projects
  • Law enforcement or regulatory authorities when required by law
  • Successor entities in connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or compliance reasons. Analytics data is retained for up to 24 months in aggregated or pseudonymised form.

7. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies. You can manage your preferences at any time via our Cookie Settings page.

Essential Cookies

Required for the site to function. These manage your session, security tokens, and authentication state. They cannot be disabled. Legal basis: contract / legitimate interests.

Analytics Cookies

We use an analytics service to understand how visitors interact with our site — which pages are visited, session duration, and where errors occur. Data is pseudonymised and proxied through our own servers before being processed in the EU. No data is sold or used for advertising. Legal basis: consent.

Advertising Measurement Cookies

We measure the performance of our advertising campaigns (e.g. whether you clicked an ad before visiting). This data is used only to evaluate ad effectiveness, not to serve you targeted ads. Legal basis: consent.

Marketing Cookies

Used to send you relevant product updates and offers by email. You can unsubscribe at any time using the link in any email we send. Legal basis: consent.

8. International Data Transfers

Our analytics data is processed in the EU. Other service providers may process data in countries outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. All data is transmitted over HTTPS. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we restrict processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

11. Children's Privacy

Our Service is not directed to children under 13 (or 16 in certain EU jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us immediately at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact us at [email protected].