# Privacy Policy **Last Updated: February 1, 2026** Welcome to our website! This Privacy Policy explains how we collect, use, and protect your personal information when you visit our site ([https://cutoff.dev](https://cutoff.dev)), use our documentation, blog, subscription services, or engage with our community and support channels. Our Audio/MIDI framework itself, Cutoff, or any part of it (Cutoff AudioUI, Cutoff Fusion) does not collect any data—this policy applies only to the website and related services. ## 1. Who We Are We are Tylium, providing the Cutoff framework and related services. Contact us at [legal@tylium.io](mailto:legal@tylium.io) with questions. ## 2. What Data We Collect We collect the following: - **Authentication and Subscription Data**: When you sign up or manage a subscription via our site, Clerk handles authentication. This includes your email address, account details, and session data stored in essential cookies (e.g., `__clerk_db_jwt`, `__session`, `__client_uat`). - **Payment Data**: Stripe processes payments for subscriptions, collecting payment details (e.g., card info) and setting a machine ID cookie (`__stripe_mid`) for fraud prevention. We don’t store your full payment data. - **Usage Analytics**: Cloudflare Web Analytics collects anonymized data (e.g., page views, visit counts) about site usage. No cookies are used, but IP addresses are processed and anonymized. - **Community and Support Data**: - **Discord**: If you join our Discord server for community or commercial support, Discord collects data like your username, messages, and server activity per their [Privacy Policy](https://discord.com/privacy). - **GitHub**: If you submit issues or contribute via GitHub, it collects data like your username and activity per their [Privacy Statement](https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement). - **Technical Data**: We may log browser type or device info to keep the site running smoothly. ## 3. How We Use Your Data - **Site Services**: Clerk and Stripe enable subscriptions and access to premium features. - **Site Improvement**: Cloudflare’s anonymized analytics help us optimize performance. - **Communication**: We may email you about your account or updates (opt-out available for non-essential messages). - **Support**: Discord and GitHub facilitate community engagement and issue tracking. ## 4. Cookies and Tracking We keep it minimal: - **Essential Cookies**: - Clerk uses `__clerk_db_jwt`, `__session`, `__client_uat`, and `clerk_active_org` for login and subscriptions. - Stripe uses `__stripe_mid` for secure payments. - These are necessary for the site to work—no consent required, but you can block them via your browser (may break functionality). - **Analytics**: Cloudflare Web Analytics tracks usage without cookies, processing anonymized IP addresses. - No non-essential cookies (e.g., marketing) unless you opt in later. ## 5. Legal Basis (GDPR) - **Essential Cookies**: “Legitimate interest” for core site functions (auth, payments). - **Analytics**: “Legitimate interest” for anonymized site improvements. - **Account Data**: Contract fulfillment (subscriptions) or consent (emails). - **Third-Party Services**: Discord and GitHub process data under their own policies. ## 6. Sharing Your Data We share only as necessary: - **Clerk**: Authentication and session management. - **Stripe**: Payment processing. - **Cloudflare**: Anonymized analytics. - **Discord**: Community and support interactions. - **GitHub**: Issue tracking and contributions. No selling or sharing beyond legal requirements (e.g., court orders). ## 7. Your Rights Under GDPR and similar laws: - Access, correct, or delete your data. - Restrict or object to processing. - Withdraw consent (where applicable). - Request portability. Email [legal@tylium.io](mailto:legal@tylium.io) to exercise these, or contact Discord/GitHub directly for their data. You can also complain to your local data protection authority. ## 8. Data Protection We use HTTPS, Clerk’s encryption, and Stripe’s PCI compliance. Third parties (Discord, GitHub) have their own security—check their policies. No system is 100% secure—use at your own risk. ## 9. Data Retention - **Account Data**: Kept while active, deleted within 30 days of cancellation unless legally required. - **Payment Data**: Stripe retains records per their terms; we keep minimal accounting data. - **Analytics**: Cloudflare holds anonymized data up to 30 days. - **Support Data**: Discord and GitHub retain data per their policies. ## 10. Managing Cookies Block or delete cookies via your browser—disabling essential ones breaks login/payments. Opt out of analytics with browser privacy tools (e.g., Do Not Track)—Cloudflare respects these where possible. ## 11. Third-Party Links Our site links to Discord, GitHub, and external resources. We’re not responsible for their practices—review their policies. ## 12. Changes We may update this policy—check back for the latest. ## 13. Contact Reach us at [legal@tylium.io](mailto:legal@tylium.io).