This Privacy Policy describes how Capiscana, Inc. dba TOMMY RUSH ("Capiscana", "we", "us") collects, uses, stores, shares, and protects information when you use Session™ Vault (also referred to as "session.am" or the "Service"). We try to keep this short and human. If anything is unclear, email [email protected].
The Service is operated by Capiscana, Inc., an Illinois corporation, doing business as TOMMY RUSH.
We collect only what is needed to run the Service:
| Category | Data | Why |
|---|---|---|
| Account | Email address, bcrypt-hashed password, display name (your choice). | To create and authenticate your account. |
| Catalog metadata | Track titles, artists, durations, BPM, key, custom tags you add, folder structure, file names. | So your library is searchable and organized. |
| Audio files | The actual audio files you upload, stored on Backblaze B2 (encrypted at rest by B2). We never make files public except via share links you explicitly create. | So we can stream them back to you and to recipients you invite. |
| Share records | Recipient name, email, optional company; share-link metadata (created-at, expires-at, password-protected flag); per-recipient watermark payload mappings. | So you can re-send, see who opened what, and trace leaks back to the recipient. |
| Usage analytics | Pages visited, features used, error events. We do not use Google Analytics or any third-party tracker. | So we can find bugs and understand which features are useful. |
| Security signals | IP address, user-agent string, device fingerprint hash. IP is hashed with a daily-rotating salt before long-term storage so we cannot reverse it later. | Rate-limiting, fraud detection, alert-on-new-device sign-in notifications, abuse investigations. |
| Billing | Stripe customer ID, subscription tier, billing email. Full card details are stored by Stripe, never by us. | So we can charge you for paid tiers and surface invoices. |
| Email engagement | Open and click events for transactional and (opt-in) marketing email; hard-bounce events. | To debug delivery issues and avoid sending to dead inboxes. |
To make your library work, our servers perform a narrow, deterministic set of audio analyses. None of it leaves our infrastructure, none of it trains any model, and none of it is shared with third parties:
That is the complete list. We do not analyze your audio for any other purpose, ever.
The only "marketing" use of your email is the optional Klaviyo opt-in for our own service updates and product announcements — never sold, never shared with third parties for their marketing.
We share data with a limited set of providers required to run the Service. Each operates under its own privacy policy and security practices. Categories of data shared and links to each provider's policy are below; full descriptions are in the Terms of Service §7.
| Provider | Data shared | Their policies |
|---|---|---|
| Backblaze, Inc. (B2) | Audio files + file metadata (encrypted at rest). | Privacy · Terms |
| Hetzner Online GmbH | Application database, logs, encrypted backups (Ashburn, VA). | Privacy · Terms |
| Cloudflare, Inc. | Request metadata (IP, user-agent), TLS termination, edge caching. | Privacy · Terms |
| Stripe, Inc. | Email, billing address, payment-method tokens. Card data is handled by Stripe directly. | Privacy · Terms |
| Resend Inc. | Recipient email, transactional message content. | Privacy · Terms |
| Klaviyo, Inc. | Email, name, opt-in timestamp, engagement events, only with opt-in. | Privacy · Terms |
We may also disclose data when required by valid legal process (subpoena, court order) or to protect rights, property, and safety.
Each third-party provider above operates under its own security controls, privacy policy, and terms. While we vet our providers and apply industry-standard practices on our side — TLS in transit, scoped credentials, principle of least privilege, encryption at rest where the provider supports it, secrets stored in a managed secrets vault, restricted admin access, audit logging — Capiscana is not liable for security incidents, data breaches, outages, or other failures originating from these providers' systems, except to the extent caused by our own gross negligence or willful misconduct.
If a provider notifies us of a confirmed breach affecting your data, we will pass that notification on to you per Section 7.
If we confirm a security breach affecting your account — whether the breach occurred at Capiscana or at any third-party provider listed in Section 5 — we will notify the email address on file within 72 hours of confirming the breach (or, where the breach was at a provider, within 72 hours of receiving the provider's notification to us).
Notification will describe, to the extent known: (a) what data was affected, (b) when the breach occurred, (c) what we believe caused it, (d) what we are doing in response, and (e) what you should do (if anything — for example, reset your password). We will follow up with material updates as we learn more.
This commitment is in addition to any statutory breach-notification obligations under applicable law (e.g., state data-breach notification statutes, GDPR Article 33-34, etc.).
We retain your data for as long as your account is active.
You can delete your account at any time:
POST /api/account/delete),Deletion triggers a 30-day grace period, during which you can cancel via POST /api/account/delete/cancel or by contacting support. After 30 days, a scheduled purge job (running every 6 hours) removes your account, your library metadata, your share records, your B2-stored audio files, and the watermark forensic mappings you own from active systems.
For shares you sent: we retain the watermark payload, recipient mapping, and the relevant access log for up to 24 months after the share is sent so we can investigate leaks reported during that window. After 24 months, the forensic mapping is deleted. If you delete your account during that window, the mappings tied to your sends are deleted with the rest of your data.
The Service maintains encrypted backups per our backup-restore runbook: 24 hours of hourly snapshots, 30 days of daily snapshots, 12 weeks of weekly snapshots. When you delete your account, your data is purged from new backups immediately, but persists in older backups until they age out per the schedule above. Backups are stored encrypted at rest and are restorable only by Capiscana operations staff.
We may retain data longer than the windows above if required by valid legal process or to defend an active claim, in which case we'll retain only the minimum necessary for the duration required.
Email addresses that hard-bounced are kept on a suppression list indefinitely so we don't re-send to known-bad inboxes. The suppression list contains email addresses only and no other personal data.
Depending on where you live (CCPA / California, GDPR / EU + UK, Illinois BIPA where applicable, and similar laws elsewhere), you have rights over your personal information. We honor these rights for all users regardless of residency, where it's practical.
GET /api/account/export which returns a machine-readable bundle of your account record, library metadata, share records, and watermark mappings. For data not covered by that endpoint, email [email protected].POST /api/account/delete (also reachable from account settings).To exercise any right, email [email protected]. We will respond within 30 days (45 days where permitted by CCPA, with notice). We may need to verify your identity before responding to a substantive request.
We use a small number of first-party cookies and local-storage entries strictly to operate the Service:
We do not use third-party advertising cookies, third-party analytics cookies, or cross-site tracking pixels.
No system is perfect. If you discover a vulnerability, please report it to [email protected] with subject line "security report" — we will acknowledge within 72 hours.
The Service is operated from servers in the United States (Hetzner Ashburn, VA). If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. By using the Service you consent to that transfer. For EEA / UK residents, where Capiscana relies on Standard Contractual Clauses or other approved transfer mechanisms with sub-processors, those mechanisms are documented in each provider's own legal terms (see Section 5).
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us at [email protected] and we will delete it.
We may revise this Privacy Policy from time to time. For non-material changes (typo corrections, clarifications, formatting), we'll update the "Last updated" date at the top of this page. For material changes — changes that materially affect what we collect, how we use it, who we share it with, or your rights — we will give at least 30 days' notice via email to the address on file before the new Policy takes effect, and the effective date will be stamped at the top of this page.