Last updated: May 13, 2026
Language. This document is currently provided in English only. The English version is the legally binding text. Translations into Dutch, German, French, Italian, Spanish, Portuguese, and Japanese can be requested at privacy@tracksensei.com and are provided for convenience without altering the binding English original. Nederlandse vertaling is op verzoek beschikbaar; de Engelse versie blijft juridisch bindend.
TrackSensei ("we", "us", "our") operates the website tracksensei.com and the TrackSensei web application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
Account information: When you register, we collect your email address and a display name (optional). Your password is stored as a one-way cryptographic hash — we never store or see your actual password.
Audio files: When you analyze a track, your audio (WAV, MP3, FLAC, AIFF, OGG) is processed entirely in your browser using the Web Audio API. Your audio is never uploaded to our servers. Only the resulting numerical metrics (LUFS, spectral balance, stereo correlations, MFCC features, etc.) are transmitted to TrackSensei for scoring and advice generation.
Reference track feature data: When you upload a reference track for a Deep Dive comparison, the same client-side analyzer extracts numerical audio features (integrated LUFS, true peak, frequency band percentages, kick design metrics, stereo correlation per band, spectral tilt, and similar technical descriptors). These feature vectors — typically 5–10 KB of JSON per track, containing no identifiable audio content — are stored on our servers together with a one-way SHA-256 hash of the audio file (used solely to detect duplicate uploads, not reversible to the original audio) and the genre you selected at upload time. The audio file itself, the filename, and any embedded metadata (artist/title/album/artwork) never leave your browser. We use this anonymized feature data to keep our genre-calibration targets aligned with the production reality of professionally-mastered releases. You can delete this data at any time — see Section 5 (Data Retention) and Section 7 (GDPR Rights).
Reference sets: Separately from the calibration data described above, you can save named collections of reference tracks ("reference sets") to your profile to use as the scoring baseline for your own uploads. Each track you add is analyzed in your browser using the same audio extractor; only the resulting feature dictionary (typically 5–50 KB of JSON, no identifiable audio content, no filename, no embedded metadata) plus the display name you assign is transmitted. We additionally store optional non-identifying metadata you choose to attach — duration, BPM, and detected key — so the UI can list the tracks in a set without re-reading the feature blob. The audio file itself never leaves your browser. Reference sets are private to your account (database-level isolation via Row-Level Security policies), are not used for our cross-user calibration pipeline, and are retained until you delete them — see Section 5 for retention details and Section 7 for the GDPR rights that apply.
Ableton project files: If you choose to include an Ableton Live project file (.als), that file is uploaded to our servers for parsing. We extract track/device/MIDI metadata for analysis. .als files contain no audio samples — only references to them. Once parsed, the .als file itself is discarded and we only retain the extracted metadata within your analysis report.
Chat conversations: Messages you exchange with the AI feedback assistant are stored for 30 days so you can revisit your conversation history. After 30 days, chat history is permanently deleted.
Usage data: We track how many analyses and chat messages you use each month to enforce tier limits. We also collect standard server logs (IP address, browser type, timestamps) for security and debugging purposes.
Payment information: Payments are processed by Stripe. We do not store your credit card number or bank details on our servers. Stripe handles all payment data under their own Privacy Policy.
We use your information to provide and improve TrackSensei. Our processing is based on the following legal bases under GDPR Article 6:
Specifically, we use your information to: process your audio analyses, deliver AI-powered production feedback, manage your account and subscription, enforce usage limits per tier, send essential service emails (account verification, password resets), and detect and prevent abuse or fraud.
Your audio is analyzed locally in your browser — it never reaches our servers or any third party. Ableton .als project metadata (extracted server-side from uploaded .als files) plus the numerical audio metrics computed in your browser are sent to Anthropic's Claude API to generate production feedback. Your raw audio is never sent to Anthropic. Anthropic processes the metric data under their Privacy Policy and does not use API data to train their models.
We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:
Audio files: Your audio never reaches our servers — it is analyzed entirely in your browser. We therefore do not store, cache, or retain your audio files at any point. The only data about your audio that reaches us are the numerical metrics computed client-side.
Ableton project files: .als files are uploaded for parsing. After parsing completes, the original .als file is immediately discarded. We only retain the extracted metadata (track names, plugin list, BPM, arrangement structure) as part of your analysis report.
Analysis results: The text-based analysis report, production scores, generated visualizations (PNG images), and chat messages are retained for 30 days so you can revisit your analysis. After 30 days, all analysis data is permanently deleted.
Reference track feature data: Numerical feature vectors derived from reference track uploads (described in Section 1) are retained for as long as we operate the calibration pipeline, in order to allow periodic re-aggregation as analysis methods evolve. When you delete your account, the link between you and the stored feature vectors is removed within 30 days; the anonymized vectors themselves may be retained without any association to you, since they contain no identifiable audio content. You may also request deletion of your reference-track feature data without deleting your account by emailing privacy@tracksensei.com.
Reference sets: Reference sets and the per-track feature dictionaries they contain are retained for as long as your account exists, because the entire point of the feature is to give you a stable baseline over time. You can delete a single track, an entire set, or all of your sets at any time from the Profile → Reference sets section of the app; deletions are immediate and permanent — no recovery window, no shadow copies. When you delete your account, all of your reference sets and their underlying feature data are permanently removed within 30 days, including from off-site backups when the backup rotation completes. Reference-set data is technically isolated per user via Row-Level Security at the database layer and is not used for our cross-user calibration corpus.
Account data: Your account data is retained as long as your account is active. If you delete your account, all associated data is permanently removed within 30 days.
We take security seriously. Measures include: bcrypt password hashing, JWT-based authentication, rate limiting and brute-force protection, encrypted connections (HTTPS/TLS), input validation and sanitization on all endpoints, and regular security reviews.
If you are located in the EU, you have rights under the General Data Protection Regulation (GDPR). You have the right to: access the personal data we hold about you, request correction of inaccurate data, request deletion of your account and data (the "right to be forgotten"), data portability (receive your data in a portable format), object to processing of your data, and withdraw consent at any time.
To exercise these rights, email us at privacy@tracksensei.com.
Self-service deletions. Several categories of personal data can be erased directly from within the app without contacting us, satisfying your right to erasure under Article 17:
For categories that require manual action on our side (Deep Dive reference-track calibration vectors, off-site backup purges, server log redaction), email privacy@tracksensei.com and we will respond within the statutory 30-day window.
We use essential cookies and local storage only for authentication and session persistence:
ts_access_token. This token is essential for maintaining your session and verifying your identity with our servers. It is deleted when you log out or when your session expires.We do not use tracking cookies, analytics cookies, or advertising cookies. All cookies and local storage are essential to the operation of the service.
TrackSensei is not intended for users under 16 years of age. We do not knowingly collect data from minors.
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.
TrackSensei has appointed a Data Protection Officer (DPO) to oversee data privacy and GDPR compliance. For privacy-related inquiries, data subject requests, or if you wish to report a data protection concern, please contact our DPO at privacy@tracksensei.com.
General questions about this policy? Contact us at hello@tracksensei.com.
TrackSensei is operated by Stephan Kiekens. KvK-registered in the Netherlands.