1. Purpose & Scope
This Privacy Policy describes how zombies21 (“AuraSync X”, “we”, “our”, or “us”) processes information when you access or use the AuraSync web application— including its 3-D Music Visualizer and MP4 Video Player—available at https://aurasyncx.example (the “Service”). It applies to all users worldwide, with specific disclosures required under the laws of Canada, the United States, the European Union/EEA, the United Kingdom, and other applicable jurisdictions.
2. Key Principles
We built AuraSync X as a fully client-side experience. All media rendering and playback occur locally in your browser. We do not collect, store, or share any personally identifiable information (“Personal Data”). Our privacy commitments are grounded in:
| Principle | What It Means for You |
|---|---|
| Data Minimisation | We avoid collecting data unless it is strictly necessary to provide or secure the Service. |
| Purpose Limitation | Any data we do process is used only for the purpose stated in this Policy. |
| User Control | Settings—such as visualiser preferences—are stored only in your browser’s localStorage; you can delete them at any time. |
| Security by Design | All processing takes place locally; no media files leave your device, eliminating server-side breach risk. |
3. Information We Do Not Collect
We intentionally do not gather:
- Names, e-mail addresses, telephone numbers, or other direct identifiers.
- IP addresses, device identifiers, or browser fingerprints.
- Usage analytics (pages viewed, session length, clickstream data).
- Media content (audio/video) that you load or stream in the Applications.
Because we do not process the above data, concepts such as “sale” or “sharing” under California Consumer Privacy Act (“CCPA/CPRA”) or “targeted advertising” under Virginia’s VCDPA are inapplicable.
4. Limited Diagnostic Data
What we receive:
When a fatal JavaScript error occurs, the Application may send a one-line crash hash (a non-reversible SHA-256 digest of the stack trace) to our GitHub issue tracker via an HTTPS POST. This hash cannot be linked to an individual and contains no Personal Data.
Legal basis & retention:
- Legitimate Interest (GDPR Art. 6 (1)(f)) / Section 7(1)(a) of Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”)—to maintain Service stability.
- The hash is auto-deleted from logs after 30 days.
- You may opt-out by disabling the “Send error reports” toggle in Settings.
5. Cookies, LocalStorage & Similar Technologies
AuraSync X never sets traditional HTTP cookies. Instead, optional preferences (e.g., theme, last-used playlist) are stored in the localStorage area of your own browser. This data never leaves your device, and you may clear it using your browser’s “Clear Site Data” controls.
6. Third-Party Streams & Links
If you choose to stream content hosted on third-party platforms (e.g., a public radio station’s HLS URL), your interaction is governed by that provider’s privacy policy. AuraSync X merely passes the stream URL to the HTML5 <audio>/<video> element and has no server visibility into those requests.
7. Children’s Privacy (COPPA & Equivalent Laws)
AuraSync X is not directed to children under 13 years. We do not knowingly collect Personal Data from anyone—so no parental consent mechanism is required under the U.S. Children’s Online Privacy Protection Act (“COPPA”). If you believe a child has provided Personal Data via our crash-report opt-in, contact us and we will promptly delete the diagnostic entry.
8. International Compliance Statements
| Region | Compliance Approach |
|---|---|
| Canada (PIPEDA; Québec Law 25) | No “personal information” is collected; therefore, obligations on consent, breach notification, and data-subject access are generally not triggered. |
| United States (CalOPPA, CCPA/CPRA, etc.) | We do not collect “personal information” or engage in “selling/sharing”; thus, consumer opt-out mechanisms are not applicable. |
| European Union / EEA (GDPR) | Processing of crash hashes relies on legitimate interest; no automated profiling or cross-border transfers take place. |
| United Kingdom (UK GDPR & DPA 2018) | Same rationale as EU GDPR; no Personal Data processed. |
| Other Markets (e.g., Brazil LGPD, Australia Privacy Act) | Because no Personal Data is collected, most obligations regarding notice, consent, and transfer impact assessments do not arise. |
9. Your Rights
In theory, privacy statutes may grant you rights to access, correct, erase, or port your Personal Data. Since AuraSync X holds no Personal Data, there is nothing for us to produce or delete. Nevertheless, you may:
- Request confirmation that we maintain no server-side data about you.
- Disable diagnostic reporting at any time (Settings ▸ Error Reporting).
We respond to rights requests within 30 days as required by GDPR Art. 12 and PIPEDA s. 8.
10. Data Security Measures
- All communication with our website uses TLS 1.3.
- Diagnostic hashes are retained only in encrypted log storage with strict access controls.
- We undergo annual penetration testing to confirm no inadvertent server-side data flows.
11. Data Retention & Deletion
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Crash-report hash | 30 days | Automatic log rotation & secure wipe |
| localStorage preferences | Until cleared by user | Manual deletion via browser |
12. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or business developments. If changes materially affect your rights, we will post a prominent notice at least 30 days before they take effect (or sooner if required by law).
13. Contact Us
AuraSync X Privacy Officec/o Stephen Alfred
PO Box 1337, Halifax, Nova Scotia B3J 3A5
Email: privacy@aurasyncx.example
Tel: +1 902 555-0142
You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada, your provincial privacy regulator, or (for EU/UK residents) your supervisory authority.