Skip to content
Sign in Sign up
Legal

Privacy Policy

Last updated: 2026-05-26

Information we collect

We collect only what we need to operate the Service.

  • Account data: your email address and a hashed password when you create an account.
  • Uploaded audio files: audio you submit to the assessment is processed entirely in your browser using a WebAssembly engine. The audio file itself is never uploaded to our servers or to any third-party processor. Only the resulting score and a short summary of the diagnostic metrics are transmitted to our servers when you choose to save a result to your account.
  • Analytics events: page URLs and CTA button interactions to understand how the Service is used. No personal identifiers are attached to these events.
  • Billing data: your payment details when you subscribe. Payment information is handled directly by Stripe and is not stored on our servers.
  • Support correspondence: messages you send to us at hello@levelrebel.net.
  • Comments: if you post a comment on /pulse/, the name and email address you provide on the comment form. Email is not displayed publicly. Comments are moderated before publication; we may decline to publish or remove comments at our discretion.

How we use it

  • Process your uploaded audio and return a scored assessment and conformed export file.
  • Improve the assessment models and loudness-target accuracy over time.
  • Send transactional email (receipts, account notices) via Postmark.
  • Respond to support requests.
  • Manage your subscription through Stripe.

How we store it

Account data and analytics events are stored in a PostgreSQL database. Uploaded audio is processed in your browser and is never transmitted to our servers, so there is no audio storage to describe. Other site assets (images, fonts, generated PDFs) live in DigitalOcean Spaces. We do not store raw payment card data; Stripe handles that directly.

Security incidents. If we become aware of a security breach affecting your personal data, we will notify you by email at the address on your account without undue delay, and within 72 hours where required by law.

Retention

  • Account email: retained until you delete your account.
  • Uploaded audio: not retained at all. Audio is processed entirely in your browser; the diagnostic summary you save to your account contains only metrics (loudness, peak, dynamic range, speech-clarity) and no audio content.
  • Analytics events: retained for 90 days, then deleted automatically.
  • Billing records: retained as required by applicable tax and financial regulations (typically 7 years).

Third-party processors

We share data with the following processors only to the extent needed to operate the Service:

  • Stripe — billing and payment processing. Stripe receives your payment details and billing address when you subscribe. Stripe Privacy Policy.
  • Postmark — transactional email delivery (receipts, password resets, account notices). Postmark receives your email address and the content of the message being sent. Postmark Privacy Policy.
  • Mailchimp — newsletter and marketing email, if you opted in to our mailing list. You can unsubscribe at any time via the link in any email or by contacting us. Mailchimp Privacy Policy.
  • Sentry — error monitoring and diagnostics, when enabled. Sentry may receive technical data including error messages and stack traces. No audio file content or payment information is sent to Sentry. Sentry Privacy Policy.

Content delivery networks. Pages on the Service load a small number of assets from third-party CDNs:

  • Gravatar (Automattic) — byline avatars on certain /pulse/ articles are served by Gravatar. Loading the avatar transmits your IP address and User-Agent string to Automattic. We do not send your email address or account identifier.
  • Google Fonts and Cloudflare cdnjs — a subset of fonts and icons load from these CDNs. They receive your IP and User-Agent when the assets are requested. We do not send any user identifier.

User rights

You have the right to:

  • Delete your account: from your account settings. This removes your email address and any retained audio files.
  • Request a copy of your data: email hello@levelrebel.net and we'll provide a summary of what we hold for you.
  • Unsubscribe from the newsletter: click the unsubscribe link in any Mailchimp email, or contact us directly.
  • Ask questions or raise concerns: contact us at hello@levelrebel.net.

Children

The Service is intended for users who are at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a minor, contact us at hello@levelrebel.net and we will delete it promptly.

Cookies and tracking

We group cookies into three categories, matching the consent banner shown at the bottom of the page:

  • Necessary: session cookie (keeps you signed in) and CSRF cookie (protects form submissions). These are always set; the Service cannot function without them.
  • Analytics: when you accept this category we load Google Analytics and Google Tag Manager. These services set cookies and run JavaScript to record page views, device and browser metadata, and a randomized identifier. We do not transmit your email address or account identifier to Google. You can revoke consent at any time by re-opening the cookie banner from the footer.
  • Marketing: reserved for future marketing pixels; no marketing cookies are set today. If we add any, they will only fire after you accept this category.

If you are located in the EU or EEA, you must opt in before any non-essential cookie is set. You can opt out of Google Analytics specifically using Google's opt-out browser add-on.

International users and data transfers

Level Rebel is operated from the United States. If you use the Service from outside the US (including the EU or EEA), the personal data we collect — your email address, account preferences, billing details — will be transferred to and processed on servers in the United States.

For transfers of personal data subject to EU GDPR or UK GDPR, we rely on the Standard Contractual Clauses published by the European Commission, as adopted by our third-party processors (Stripe, Postmark, Mailchimp, Sentry). You can find each vendor's data transfer documentation linked in the Third-party processors section above.

If you have a GDPR-specific request — access, correction, deletion, portability, or to lodge a complaint — email hello@levelrebel.net with "GDPR" in the subject line. You also have the right to complain to your local data-protection authority.

Changes to this policy

We may update this Privacy Policy as the Service evolves. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we'll send a notice to the email address on your account.

Contact

Questions about this Privacy Policy? Reach us at hello@levelrebel.net.