Privacy Policy

Last updated: 2026-05-05

This policy covers both gridwerk.app (this website) and the GRIDWERK desktop application. We designed both to keep your music, projects, and creative data on your machine. This page explains what we collect, why, where it goes, and how to control it.

Website (gridwerk.app)

Privacy-friendly analytics

We use Plausible Analytics to count page views and understand which pages people visit. Plausible is cookieless, does not track you across sites, and does not build a personal profile. The data we see is aggregated:

• Page URL and referrer (where you came from)
• Browser, OS, screen size (broad categories only — e.g. "Chrome / macOS / desktop")
• Country (derived from IP, then discarded — your IP is never stored)

No cookies, no fingerprinting, no cross-site tracking. Plausible is GDPR / CCPA / PECR friendly by design. You can verify this in the Plausible data policy.

Cookies on the website

The marketing site sets no analytics or advertising cookies. The only cookie used anywhere on gridwerk.app is gridwerk_admin, a strictly-necessary, httpOnly cookie used solely for staff access to the internal /admin dashboard. It is not set for normal visitors.

Hosting

The website is hosted on Cloudflare Pages. Cloudflare may log connection metadata (IP, timestamp, requested URL) for security and abuse-prevention purposes per their privacy policy.

Desktop app — what stays on your machine

• All audio files (samples, stems, masters, references)
• All project metadata (DAW projects, lyrics, notebooks, split sheets)
• All settings, presets, and library data
• All generated outputs (mastered files, separated stems, exports)
• The local SQLite database where the above is indexed

None of this is uploaded to GRIDWERK or any third party by default.

Desktop app — what we collect (with your consent)

Crash reports (default: enabled, opt-out in Settings)

If GRIDWERK crashes, we send anonymous crash data — stack trace, app version, OS — to our error-reporting service (Sentry). No file paths, audio content, project titles, or other personal data are included. Disable in Settings → Privacy & Feedback.

License activation

Pro subscribers' license keys are validated with our payment processor. We store a cryptographic token locally and re-validate periodically (with a 7-day offline grace period). The processor sees only what is required to bill you (email, billing details, license key); we receive only your email and license status.

Optional integrations (you choose)

Spotify

If you connect Spotify in Settings, we use OAuth to read public profile info, your top tracks, and artist data you search for. We do not write to your Spotify account. Tokens are stored locally.

YouTube / SoundCloud

Public artist data is fetched from public web pages. No login is sent. No accounts are created.

ByrddDrive (decentralized backups)

If you opt in, encrypted backups are uploaded to your ByrddDrive node. The backup is encrypted on your machine before leaving it; we cannot read its contents.

What we never do

• We do not sell, share, or rent any data to advertisers or data brokers.
• We do not use behavioral analytics in the desktop app (no Mixpanel, no Amplitude, no Google Analytics).
• We do not upload your audio, projects, or library to any server unless you explicitly trigger an export, sync, or backup feature.

Data retention

Crash reports are retained by Sentry for 90 days then auto-deleted. Plausible analytics data is retained indefinitely in aggregate form (no individual records exist to delete). License records are kept for the duration of your subscription plus 90 days for billing-dispute support.

Your rights (GDPR / UK GDPR / CCPA)

You have the right to access, correct, port, restrict, or delete personal data we hold about you, and to object to processing or withdraw consent. To exercise any of these rights, email [email protected]. We respond within 30 days. To delete all local app data, uninstall GRIDWERK and remove the %APPDATA%/gridwerk (Windows) or ~/Library/Application Support/gridwerk (macOS) folder.

International transfers

Cloudflare, Sentry, and Plausible may process data outside your country. Each provider participates in recognized transfer frameworks (Standard Contractual Clauses, EU-US Data Privacy Framework, or equivalent). Plausible's servers are EU-based by default.

Children

GRIDWERK is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided personal data to us, contact us and we will delete it.

Contact

Questions or requests: [email protected].

This policy reflects current product behavior; it is not legal advice. We may update this page as the product evolves — material changes will be announced via the app's release notes and the Last Updated date above.