Privacy Policy & Cookie Policy
Last updated: July 19, 2026
This policy explains how vowrks.com processes personal data in accordance with the EU General Data Protection Regulation (GDPR). By using the site, you accept this policy.
1. Data Controller
Vowrks (Owner: Mattias Pettersson)
Email: [email protected]
We are responsible for the personal data processed on vowrks.com.
2. Data We Collect
2.1 When you create an account
We process:
- name
- password (stored as a hash)
- country
- language
- your self-description (bio)
- optional website URL
- IP address at registration (for security)
2.2 When you upload demos
We process:
- mp3 files (maximum 30 seconds)
- uploaded file names
- metadata
- the description you provide for the demo
2.3 AI processing of demos
To classify your voice and generate descriptive tags, your demo is sent to our AI providers:
- OpenAI
- Anthropic
We send:
- your mp3 file
- your description
- your bio
No other personal information is sent.
2.4 When someone uses the contact form
We process:
- sender's name
- sender's email
- selected topic
- message content
Messages are delivered through AWS SES.
We store a lightweight log containing:
- which artist was contacted
- timestamp
- sender fields
2.5 Technical data and logs
We collect:
- IP address
- browser information
- timestamps
- diagnostic and security data used to operate the site
- network reputation signals (e.g., whether an IP is from a data center/VPN/bot network)
IP data is used to determine approximate country, enforce rate limiting, and block automated abuse. We do not use it for precise location.
2.6 Cookies and measurement
We use cookies for:
- login sessions
- security
- analytics (Google Analytics)
- bot protection (Cloudflare Turnstile)
Detailed information is in the cookie section below.
3. Purpose of Processing
We process data to:
- create and display user profiles
- store mp3 demos
- generate AI tags for your demo
- forward contact requests to artists
- maintain security and prevent abuse (including bot detection, rate limiting, and blocking known data-center/VPN traffic)
- improve the service through traffic analysis
The legal basis is:
- Contract (user accounts, uploads)
- Legitimate interest (security, analytics, basic functionality)
- Consent (cookies not strictly required for the site to function)
4. Retention Periods
- Account data: until you delete your account
- Uploaded demos: until you remove them
- Contact logs: up to 12 months
- Server logs: up to 30 days
- Cookies: see cookie table below
5. Third-Party Providers
We use trusted processors to operate the service:
OpenAI & Anthropic
Used to analyze mp3 demos and generate descriptive tags or short texts.
We send:
- mp3 file
- demo description
- your bio
Google Analytics
Used for anonymized traffic insights. IP addresses are masked.
Cloudflare Turnstile
Used on forms to block automated traffic.
Cloudflare receives:
- technical browser data
- hashed IP
- Turnstile token
Cloudflare (Edge Security)
All traffic passes through Cloudflare for DDoS protection and bot mitigation. Cloudflare provides security headers (e.g., country code, bot score, connecting IP) that we use to detect abuse and enforce rate limits.
AWS SES
Used to deliver contact form messages.
Web hosting provider
Stores databases and uploaded files.
We do not sell or trade personal data.
6. Your Rights
Under GDPR you may:
- request access to your data
- request correction
- request deletion
- object to certain processing
- request data portability
- file a complaint with your local data protection authority
To exercise your rights, contact: [email protected]
7. Cookie Policy
7.1 Why cookies are used
We use cookies to:
- keep you logged in
- maintain security
- measure site usage
- support bot protection
7.2 Types of cookies
| Type | Purpose | Example | Duration |
|---|---|---|---|
| Essential cookies | Login sessions, navigation | PHP session cookie | Session |
| Security cookies | Bot protection | Cloudflare Turnstile | Up to 1 year |
| Analytics cookies | Traffic insights | Google Analytics | 1–24 months |
Analytics and security cookies are only set after consent.
8. Where Data Is Stored
Data is stored within the EU whenever possible. AI providers may process data outside the EU. This processing is protected through:
- the EU–US Data Privacy Framework, or
- Standard Contractual Clauses (SCCs)
9. How We Protect Data
We use:
- encrypted connections (HTTPS)
- hashed passwords
- access control
- protective measures against misuse and automated attacks
- secure file handling
10. Changes to This Policy
This policy may be updated. The date above shows the latest revision.
11. Contact Information
Questions or concerns:
[email protected]