Apollo View Modular - Eurorack Modules

Apollo View Modular LogoApollo View Modular Logo

Privacy Policy

Introduction

We are committed to protecting your privacy and ensuring a secure online experience. This Privacy Policy explains how we collect, use, and protect your information in accordance with the European Union's General Data Protection Regulation (GDPR). It covers data collected via cookies, our contact form, and our digital audio plugin store and customer portal.

This policy relates to data collected through our website and digital plugin services only. Eurorack hardware module purchases made through third-party dealers are not covered by this policy.

Data Controller

Apollo View Modular Ltd (referred to as "we", "us", or "our") is the data controller responsible for your personal data.

What Information We Collect

Website Browsing (Cookies)

  • Usercentrics: Provides the cookie banner and stores your preferences.
  • Google Analytics Cookies: Used solely to analyse website traffic and visitor behaviour. We do not actively collect any personally identifiable information via these cookies.
  • YouTube Cookies: Set when you view embedded YouTube videos. These are managed by YouTube/Google and are subject to their respective privacy policies.

Contact Form

When you use our contact page, we collect the information you voluntarily provide, such as your name, email address, and any additional details or messages. This data is used exclusively to respond to your enquiry or provide customer support.

Plugin Purchases

When you purchase a digital audio plugin, the following data is collected and stored:

  • Email address — provided during checkout, used to deliver your licence key and identify your account.
  • Licence key — a unique code generated for your purchase to activate the plugin.
  • Order information — transaction ID, product purchased, amount paid, and currency (received from our payment processor).

We do not collect or store payment card details, billing addresses, or other financial information. All payment processing is handled entirely by Paddle (see Data Processors below).

Customer Portal

If you log in to the customer portal to manage your licences or download installers, we use passwordless authentication via a magic link sent to your email address. This creates a session to verify your identity. We store your email address and authentication session data for this purpose.

How We Collect Your Data

  • Cookies: Your browser automatically collects cookies as you interact with our website. You can manage or disable cookies via our "Cookie Preference" feature or through your browser settings; however, doing so may affect your user experience.
  • Contact Form: You manually provide data when you fill out and submit the contact form.
  • Plugin Purchases: Your email address is provided during checkout via Paddle. Order and licence data is generated automatically when the purchase is completed.
  • Customer Portal: You provide your email address to request a magic link for login.

Legal Basis for Processing

We process your data based on the following grounds:

  • Consent: By continuing to use our website and/or submitting the contact form, you provide explicit consent for us to process your data as described.
  • Contractual Necessity: When you purchase a plugin, processing your email address, licence key, and order data is necessary to fulfil the purchase, deliver the product, and provide ongoing licence management and support.
  • Legitimate Interests: We use cookie data to monitor and improve website performance, and contact form data to respond to your enquiries.

How We Use Your Data

  • Cookies: Used exclusively to analyse website traffic, understand visitor behaviour, and support the functionality of embedded videos.
  • Contact Form Data: Used solely to respond to your enquiry, offer support, or provide information about our services.
  • Plugin Purchase Data: Used to deliver your licence key, provide access to the customer portal, enable installer downloads, and provide product support. We do not use your purchase data for marketing unless you have separately opted in.
  • Customer Portal Data: Used to authenticate your identity and display your licences and downloads.

Data Processors

We use the following third-party services to process your data on our behalf:

  • Paddle (Paddle.com Market Limited) — Acts as our Merchant of Record for payment processing. Paddle collects and processes your payment information (including card details and billing address) directly. We never receive or store this payment data. Paddle's processing is governed by their Privacy Policy.
  • Supabase — Provides our database and authentication services. Your email address, licence keys, order records, and authentication sessions are stored in Supabase. Our Supabase project is hosted in the EU (eu-west-1).
  • Ionos — Provides email delivery (SMTP) for licence key emails and magic link authentication emails.
  • Vercel — Hosts our website. Vercel may process server logs containing IP addresses and request metadata.
  • Google Analytics — Analyses website traffic and visitor behaviour.
  • YouTube/Google — Manages cookies for embedded video content.

Data Sharing and Disclosure

  • We do not sell, rent, or share your personal data with third parties for marketing purposes.
  • Your data is shared only with the data processors listed above, strictly for the purposes described in this policy.
  • Your data may be disclosed if required by law or in response to a valid legal request from public authorities.

Data Retention

  • Cookies: Data collected through cookies is retained in accordance with the relevant third-party providers' policies.
  • Contact Form Data: We retain your contact form submissions only for as long as necessary to address your enquiry or as required by law. Once the purpose is fulfilled, your data will be securely deleted.
  • Plugin Purchase Data: Your email address, licence key, and order records are retained for as long as your licence is active, to provide ongoing access to the customer portal and installer downloads. If you request deletion of your data, we will remove your personal information, though we may retain anonymised transaction records for accounting purposes as required by law.
  • Authentication Data: Portal session data is temporary and expires automatically. Magic link tokens are single-use and expire after 10 minutes.

Data Security

We implement appropriate technical and organisational measures to protect your data from unauthorised access or disclosure. These include:

  • Encrypted connections (HTTPS) for all data transmission.
  • Licence keys generated using cryptographic hashing (HMAC-SHA256).
  • Database access restricted by row-level security policies.
  • Private storage buckets with time-limited signed URLs for installer downloads.

While we strive to safeguard your information, no method of transmission or storage is entirely secure.

Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Request corrections to any inaccurate or incomplete information.
  • Erasure: Request deletion of your data (subject to applicable conditions and legal retention requirements).
  • Restriction & Objection: Ask us to limit or object to our processing of your data.
  • Data Portability: Receive your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please contact us at info@apolloviewmodular.com. We will respond to your request within 30 days.

Cookies and Tracking Technologies

  • Usercentrics: Provides the cookie banner and stores your preferences.
  • Google Analytics Cookies: Monitors website traffic and analyses visitor behaviour.
  • YouTube Cookies: Enables the functionality of embedded YouTube videos.

Third-Party Links

Our website may contain links to third-party websites (such as YouTube and Paddle). We are not responsible for these external sites' privacy practices or content. We encourage you to review their respective privacy policies.

International Data Transfers

Our primary database is hosted in the EU (eu-west-1). Some third-party providers (such as Google Analytics, Vercel, and Paddle) may transfer data outside the European Economic Area (EEA). These providers are required to implement adequate safeguards to ensure data protection consistent with GDPR requirements.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: