Home
RISE Academy

Privacy Policy

Last updated: April 15, 2026

1. Introduction

RISE Academy ("we," "us," or "our") operates a music education and career platform. We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Dutch General Data Protection Regulation (AVG).

This Privacy Policy explains how we collect, use, process, and protect your personal data when you use the platform. By using our Service, you consent to the data practices described in this policy.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date and notify you of material changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

2. Data Controller

The data controller responsible for processing your personal data is:

RISE Academy
Location: The Netherlands
Email: contact@riseartistacademy.com

For any questions about this Privacy Policy or our data practices, please contact us using the information above.

3. Information We Collect

We collect and process the following categories of personal data:

3.1. Account Information

  • Email address (required)
  • Password (hashed and encrypted, required)
  • Name (required)
  • Username (required)
  • Profile picture/avatar (optional)
  • IPI code (optional, for music industry identification)

3.2. Content You Upload

  • Songs, tracks, and audio files
  • Artwork and images
  • Lyrics and text content
  • File attachments
  • Song metadata (title, artist, genre, tags, etc.)
  • Comments and messages

3.3. Usage Information

  • Last login timestamp
  • Onboarding completion status
  • Feature usage patterns

3.4. Payment Information

  • Payment processor customer ID
  • Subscription status and plan name
  • Billing information (processed securely by our payment processor, not stored by us)

3.5. Communication Data

  • Email communication history
  • Marketing preferences (opt-in/opt-out)
  • Notification preferences

3.6. Consent Records

  • Terms of Service acceptance timestamp and version
  • Privacy Policy acceptance timestamp and version

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract Performance: To provide and maintain the Service, process payments, and fulfill our contractual obligations to you
  • Consent: For marketing communications (you can withdraw consent at any time), and for processing Terms of Service and Privacy Policy acceptance
  • Legitimate Interests: To improve our Service, prevent fraud, ensure security, and send transactional emails necessary for service delivery
  • Legal Obligation: To comply with applicable laws and regulations, including tax and accounting requirements

5. How We Use Your Information

We use your personal data for the following purposes:

  • To provide, maintain, and improve the platform
  • To process your account registration and authenticate your identity
  • To store, organize, and make your content accessible to you
  • To process payments and manage subscriptions and credits
  • To send transactional emails (welcome emails, password resets, session reminders, etc.)
  • To send marketing communications (only if you have opted in)
  • To respond to your inquiries and provide customer support
  • To ensure security, prevent fraud, and enforce our Terms of Service
  • To comply with legal obligations and resolve disputes
  • To analyze usage patterns and improve our Service

6. Data Sharing and Third-Party Services

We share your personal data with the following third-party service providers to operate the Service:

6.1. Payment Processing

We use a third-party payment processor to handle credit purchases and subscriptions. The processor handles your payment information securely. We only receive and store a customer reference ID, not your full payment details.

6.2. File Storage

Your uploaded files are stored using a secure cloud storage service. Data is encrypted in transit and at rest.

6.3. Authentication and Database

We use Supabase for user authentication and session management, and a self-hosted PostgreSQL database for account and content data. View Supabase's Privacy Policy.

6.4. Email Services

We use Amazon SES to send transactional emails. Your email address is shared with Amazon SES only for the purpose of sending emails related to the Service.

6.5. Other Sharing

  • If required by law or legal process
  • To protect our rights, property, or safety, or that of our users
  • In connection with a business transfer (merger, acquisition, etc.)

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers are located.

We ensure that such transfers comply with GDPR requirements by:

  • Using service providers certified under appropriate frameworks (e.g., EU-U.S. Data Privacy Framework)
  • Implementing Standard Contractual Clauses (SCCs) where applicable
  • Ensuring adequate data protection measures are in place

8. Data Retention

We retain your personal data for as long as necessary to provide the Service, unless a longer retention period is required by law:

  • Account Data and Content: Retained while your account is active. Upon account deletion, all account data, content, and files are permanently and immediately deleted.
  • Payment Records: Retained for 7 years as required by tax and accounting laws
  • Consent Records: Retained to demonstrate compliance with data protection requirements
  • Marketing Preferences: Retained until you withdraw consent or delete your account

Important: Account deletion is permanent and immediate. We cannot recover your data after deletion. Please back up any content you wish to keep before deleting your account.

9. Your Rights Under GDPR/AVG

You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: You can request that we limit how we process your data
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
  • Right to Object: You can object to processing based on legitimate interests
  • Right to Withdraw Consent: You can withdraw consent for marketing communications at any time

To exercise these rights, please contact us at contact@riseartistacademy.com. We will respond to your request within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your data protection rights.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments and updates
  • Access controls and authentication
  • Regular backups of your data

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, authenticate users, and remember your preferences. For detailed information, please see our Cookie Policy.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

13. Marketing Communications

We only send marketing communications if you have explicitly opted in. You can opt out at any time by updating your preferences in your account settings, clicking the unsubscribe link in any marketing email, or contacting us directly.

Even if you opt out of marketing communications, we may still send transactional emails necessary for the Service (account notifications, session reminders, etc.).

14. Changes to This Privacy Policy

When we make material changes we will update the "Last updated" date, notify you via email or through the Service, and for significant changes may require you to review and accept the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

RISE Academy
Email: contact@riseartistacademy.com
Location: The Netherlands

For complaints regarding data protection, you can also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Terms of ServiceRefund PolicyCookie PolicyHome