Privacy
Beatlyze keeps the v2 product surface narrow: email sign-in, private audio uploads, deterministic report artifacts, billing state, and operational logs.
Updated May 29, 2026
Data Beatlyze handles
The account surface stores the email address used for sign-in, workspace metadata, session records, billing mirror state, API keys, analysis jobs, job events, usage rows, storage object metadata, and webhook delivery records.
- Browser auth uses a backend-set HttpOnly cookie plus a non-sensitive session profile hint.
- Stripe owns payment details; Beatlyze stores Stripe customer and event identifiers needed to mirror plan state.
- Postmark sends email sign-in codes and receives the minimum recipient information needed to deliver them.
Audio and reports
Customer audio uploads are stored as private Cloudflare R2 source objects for analysis. Successful analysis stores a JSON report artifact and records a source cleanup event when the private uploaded source is deleted.
- SonicCore runs local deterministic analysis inside the Beatlyze runtime.
- Report metadata may include technical audio descriptors and provenance.
- Provider-backed enrichment remains gated and is not part of the default local flow.
Operational logs
Beatlyze uses structured logs and Sentry signals for production reliability. Logs should not contain session tokens, signing secrets, signed upload URLs, raw payment details, or full API keys.