Privacy Policy

By accessing or using our website and services, you agree to comply with and be bound by this Privacy Policy.

Last updated on February 16, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

Alejandro Fernández Fernández
Registered address: C/ Las Murias 7 Bajo, 33450, Asturias, Spain
Contact email: [email protected]

For any questions regarding this Privacy Policy or your personal data, you may contact us at the email above.

2. Categories of Personal Data We Collect

We may process the following categories of personal data:

A. Newsletter Subscription Data

If you subscribe to our newsletter, we collect:

  • Email address
  • Date and time of subscription
  • IP address at the time of subscription
  • Confirmation of consent

This data is processed for the purpose of sending email communications related to heroboard content, releases, and updates.

Newsletter subscription is voluntary. You may unsubscribe at any time using the unsubscribe link in any email or by contacting us.

B. Music Submission Data

If you submit music to us, we may collect:

  • Name
  • Email address
  • Submitted audio files (e.g., MP3)
  • Any accompanying message
  • Submission timestamp

This data is processed solely for the purpose of reviewing potential collaboration or publication opportunities.

Submission of music does not create any contractual obligation, guarantee of response, or guarantee of publication.

C. Licensing or General Contact Requests

If you contact us regarding licensing or other inquiries, we may collect:

  • Name
  • Email address
  • Message content
  • Timestamp

This data is processed to respond to your inquiry and manage potential business communications.

D. Technical and Security Data

When you access the website, certain technical data may be processed automatically, including:

  • IP address
  • Browser type
  • Device information
  • Date and time of access
  • Country of request origin

This data may be processed by:

  • Our hosting provider
  • Cloudflare (content delivery and security services)
  • Server logs for security and operational purposes

E. Analytics Data

We use a local analytics plugin (Statify) that records aggregated page view statistics:

  • Does not store IP addresses
  • Does not track individual users
  • Does not use cookies for profiling
  • Stores only aggregated page view counts

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent (Article 6(1)(a) GDPR): Newsletter subscriptions.
  • Pre-contractual steps or contractual necessity (Article 6(1)(b) GDPR): Licensing requests and collaboration discussions.
  • Legitimate interest (Article 6(1)(f) GDPR): Website security, abuse prevention, record-keeping, and review of music submissions.
  • Legal obligation (Article 6(1)(c) GDPR): Where required by law.

You may withdraw consent for newsletter communications at any time.

4. Purpose of Processing

We process personal data to:

  • Operate and secure the website.
  • Respond to inquiries and licensing requests.
  • Review music submissions.
  • Manage whitelist or Content ID-related communications.
  • Send newsletters (if subscribed).
  • Prevent fraud, abuse, or unauthorized access.

We do not sell personal data.

We do not engage in automated decision-making or profiling.

5. Data Retention

We retain personal data only for as long as necessary:

  • Newsletter Data: Retained while you remain subscribed. Proof of consent (including IP address and timestamp) may be retained for a limited period thereafter for legal compliance and defense purposes.
  • Music Submissions: Retained for evaluation and internal record-keeping purposes. Submissions may be deleted if no collaboration proceeds within a reasonable period.
  • Licensing or Contact Requests: Retained as long as necessary to manage communications and maintain reasonable business records.
  • Technical Logs: Retained according to hosting and security policies.

Data may be retained longer where required by law.

6. Data Sharing and Processors

We may share personal data with trusted service providers that assist in operating the Services, including:

  • Hosting providers
  • Cloudflare (security and content delivery services)
  • Mailjet (newsletter email service provider)
  • Email infrastructure providers
  • Copyright management platforms (e.g., YouTube) when necessary for claim review
  • Legal or regulatory authorities where required

These service providers process data on our behalf under appropriate contractual safeguards.

7. International Data Transfers

Some service providers (such as Cloudflare or Mailjet) may process data outside the European Economic Area (EEA), including in the United States.

Where such transfers occur, appropriate safeguards are implemented in accordance with GDPR, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Equivalent legal protection mechanisms

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request rectification of inaccurate data

  • Request erasure of your data
  • Restrict processing
  • Object to processing based on legitimate interest
  • Data portability (where applicable)
  • Withdraw consent at any time (for newsletter communications)
  • You may exercise your rights by contacting: [email protected]

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Agencia Española de Protección de Datos (AEPD)

https://www.aepd.es

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

However, no system can guarantee absolute security.

10. Cookies

We use essential technical cookies necessary for website functionality and security.

Cloudflare may process IP addresses for security and traffic management purposes.

We do not use tracking or advertising cookies for profiling purposes.

For more information, please refer to our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or operational practices. The updated version will be published on this page with a revised effective date.