Privacy Policy
1. Data Protection
The use of this website is generally possible without providing personal data. If personal data (such as name or email address) is collected — for example via a contact form or email — this is always done on a voluntary basis. This data will not be passed on to third parties without your explicit consent.
2. Server Log Files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits. Data collected includes:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
This data cannot be assigned to specific persons and is not merged with other data sources.
3. Embedded Content and Third Parties
Loading this website normally does not contact any third-party server. Fonts, JavaScript libraries and release covers are all served from our own infrastructure. An IP transfer to external providers only happens once you actively interact with one of the following:
- SoundCloud (SoundCloud Limited, UK) — only loaded when you actively click a play button. The SoundCloud player is then embedded as an iframe; SoundCloud's privacy policy applies from that moment.
- YouTube (Google Ireland / Google LLC, USA) — embedded video players on the Galaxy section open only on click and use the privacy-enhanced
youtube-nocookie.comdomain. External YouTube links open in a new tab only on click. - Instagram, TikTok, WhatsApp — outbound social links open in a new tab only when clicked.
Self-hosted resources (GDPR-compliant):
- Inter, JetBrains Mono and Space Grotesk fonts are bundled locally via the
@fontsourcepackages — no Google Fonts CDN. - Three.js (3D library on the Galaxy page) is bundled via npm — no unpkg CDN.
- Release covers (including YouTube preview thumbnails) are served fully from our server.
4. Cookies and Local Storage
This website does not set tracking cookies. We only use technically necessary browser storage:
Session storage (sessionStorage, cleared on tab close):
- Acknowledgement of the EU AI Act Art. 50 transparency notice.
- The mini-player's last playback state (current track and position), so playback survives in-site navigation.
Persistent storage (localStorage, only on the /studio/ page; remains until you clear it):
pmp:studio:playlists— playlists you create (title + track references).pmp:studio:working— your current studio queue.pmp:studio:desktop-mini,pmp:studio:queue-collapsed— UI preferences (player size, collapsed sections).
You can clear these at any time via your browser settings (DevTools → Application → Local Storage → URL → Clear). No data is ever transmitted to our server — everything stays in your browser. No consent is required under GDPR / ePrivacy as these are strictly necessary functions.
5. Contact and Inquiry Forms
The forms on /contact/ use the mailto: mechanism of your email client. No server-side storage occurs. Once you submit a form, your email client sends the data directly to mail@prompt-music.com. We process your data solely to respond to your inquiry (GDPR Art. 6(1)(b)) and delete it after completion.
6. Newsletter
The newsletter form in the footer is self-hosted on our own infrastructure — no third-party email service provider is involved. Sign-up uses a strict double opt-in flow:
- Data collected on sign-up: email address, language preference (DE/EN), IP address, user-agent string, and a timestamp. The IP and user-agent serve as a legal proof of consent under GDPR (Art. 7(1)).
- Storage: a MySQL database on the same server that hosts this site (1blu, Germany). No data leaves our infrastructure for the sign-up itself.
- Confirmation: a confirmation mail is sent immediately. Your address is only added to the active list once you click the confirmation link. Until confirmed, the row is marked pending and will be cleaned up if you don't confirm within a reasonable period.
- Delivery: newsletters are sent via SMTP from mail@prompt-music.com. Each mail contains a personalised one-click unsubscribe link.
- Retention: we keep your address as long as you are subscribed. After you unsubscribe, the row is flagged unsubscribed and kept only as evidence that consent was previously given and then withdrawn (GDPR accountability principle). You can request full deletion at any time by writing to the address above.
- Legal basis: GDPR Art. 6(1)(a) — explicit consent, withdrawable at any time without effect on past processing.
- No tracking: mails contain no tracking pixels, no link-click tracking, no open tracking. We do not know if you opened a mail.
7. Your Rights
You have the right to request information about your stored personal data, its origin, recipients, and the purpose of its collection at any time and free of charge. You also have the right to request correction, blocking, or deletion of this data.