Privacy Policy
This Privacy Policy explains how Cre8iveMonk ("we", "us", "our"), operating the Kastyn platform, collects, uses, and protects your personal data. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller: Cre8iveMonk, Birmingham, United Kingdom
Contact: hello@kastyn.co.uk
1. Data We Collect
| Category | Data | Source |
|---|---|---|
| Account | Name, email address, password (hashed), company, country, phone number | You, on registration |
| Profile images | Avatar and logo images | You, via profile upload |
| Usage data | Stations, tracks processed, jobs run, scan logs | Automatically, via Service use |
| Payment data | Billing name, last 4 digits, subscription tier (full card data held by Stripe) | You, on subscription |
| Technical data | IP address, browser type, access timestamps | Automatically, via server logs |
2. How We Use Your Data
- To create and manage your account
- To provide the metadata identification and correction service
- To process payments and manage your subscription
- To send transactional emails (account confirmation, billing receipts, service notices)
- To improve and develop the Service
- To comply with legal obligations
3. Legal Basis for Processing
- Contract performance — processing necessary to provide the Service you signed up for
- Legitimate interests — improving the Service, preventing fraud, securing our systems
- Legal obligation — compliance with applicable law
- Consent — where you have explicitly opted in (e.g. marketing emails)
4. Third-Party Services
We share limited data with the following third parties to operate the Service:
- AcoustID — audio fingerprints are submitted for track identification. No personal data is transmitted.
- MusicBrainz — metadata lookups using AcoustID results. No personal data is transmitted.
- Stripe — payment processing. Subject to Stripe's Privacy Policy.
- Hostinger — VPS hosting provider where your data is stored. Servers located in Manchester, UK.
We do not sell your personal data to any third party.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Anonymised usage statistics may be retained indefinitely. Billing records are retained for 7 years as required by UK tax law.
6. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS), hashed passwords (bcrypt), and restricted access to production systems. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
7. Your Rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us at hello@kastyn.co.uk. We will respond within 30 days.
8. Cookies
The Kastyn dashboard uses localStorage (not cookies) to store your authentication token locally in your browser. We do not use tracking cookies or third-party analytics. The landing site does not set any cookies.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-dashboard notice. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Data protection queries: hello@kastyn.co.uk