Legal
Privacy policy
Last updated: 22 April 2026
This policy explains what personal data we collect through this pre-launch website, why we collect it, who we share it with, and the rights you have under EU data protection law.
Summary
If you fill in our contact form, we store your name, email, and message in an EU-hosted database in order to reply to you. We do not use tracking cookies. We do not sell your data. You can ask us to delete your data at any time by writing to hello@motifsync.eu.
1. Who we are
The data controller is:
TOURINGTUNES Sp. z o.o.
ul. Złota 7 lok. 28
00-019 Warszawa, Poland
NIP 5252968519 · KRS 0001053019
Email: hello@motifsync.eu
For any question about this policy or how your data is handled, please write to the email above.
2. What data we collect, and why
2.1 Contact form submissions
When you fill in the contact form on this website, we process the following:
| Field | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Name | To address you in our reply | (a) Consent |
| To reply to your message | (a) Consent | |
| Organisation (optional) | To understand who is reaching out | (a) Consent |
| Role (artist, label, supervisor, etc.) | To route your message to the right person | (a) Consent |
| Message content | To respond to your enquiry | (a) Consent |
| Salted hash of IP address + email | Spam prevention and duplicate-submission detection | (f) Legitimate interest |
| User-Agent string | Spam prevention and basic abuse logging | (f) Legitimate interest |
| Submission timestamp | Operational record-keeping | (f) Legitimate interest |
You can withdraw your consent at any time by writing to hello@motifsync.eu. Withdrawing consent does not affect the lawfulness of any processing carried out before withdrawal.
2.2 Anti-spam (Cloudflare Turnstile)
We use Cloudflare Turnstile, a privacy-preserving alternative to traditional CAPTCHA, to prevent automated form abuse. Turnstile does not use tracking cookies and does not profile visitors across sites. It may briefly process technical signals from your browser (challenge tokens, basic device characteristics) to verify that you are human. Legal basis: legitimate interest in preventing spam (Art. 6(1)(f)).
2.3 Analytics (Plausible)
We use Plausible Analytics, an EU-hosted, cookieless analytics service. Plausible records aggregate page-view counts, anonymised referrer information, and approximate country (derived from IP, never stored). It does not set cookies, does not track you across websites, and does not collect any data that can be tied back to an individual person. Because no personal data within the meaning of GDPR is collected, no consent is required and no opt-out is offered (there is nothing to opt out of). Legal basis: legitimate interest in measuring how visitors find and use the site (Art. 6(1)(f)).
2.4 Cookies
This website does not set tracking cookies. Cloudflare may set a strictly necessary security cookie (__cf_bm or similar) to protect the site from automated abuse — this is exempted from consent requirements under the ePrivacy Directive Art. 5(3) as it is strictly necessary for the requested service.
3. Who we share your data with
We use the following processors, each bound by a Data Processing Agreement (DPA):
| Processor | Purpose | Data location |
|---|---|---|
| Cloudflare, Inc. | Website hosting, lead-storage database (D1), anti-spam (Turnstile) | EU edge regions; data-at-rest on Cloudflare D1 in EU |
| Resend (Resend.com Inc.) | Sending the auto-reply email and the internal notification email | EU region |
| Plausible Insights OÜ | Cookieless website analytics | EU (Germany) |
Cloudflare and Resend are US-incorporated companies. Where data is processed outside the EEA, the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) and supplementary measures (encryption in transit and at rest). Both providers offer DPAs that comply with GDPR Chapter V.
We do not sell or rent your personal data, and we do not share it with third parties for advertising or marketing purposes.
4. How long we keep your data
- Contact form submissions: kept for up to 24 months from the date of submission, to allow follow-up correspondence and to maintain our pre-launch waitlist. After 24 months, records are deleted unless you have become a customer or we have a separate ongoing communication.
- Anti-spam metadata (IP/email hash, User-Agent): kept for 90 days, then deleted.
- Email correspondence initiated through hello@motifsync.eu: kept for 36 months from the last reply, in line with standard business correspondence retention.
- Analytics (Plausible): aggregate, non-personal data; retained according to Plausible's policy.
5. Your rights
Under GDPR, you have the following rights with respect to your personal data:
- Access — ask what data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — ask us to delete your data.
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, where processing is based on consent.
- Lodge a complaint — with the Polish supervisory authority (UODO — Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl) or with the supervisory authority of your EU country of residence.
To exercise any of these rights, write to hello@motifsync.eu. We will respond within one month, as required by Art. 12(3) GDPR. There is no fee for exercising your rights.
6. Is providing your data required?
No. Filling in the contact form is entirely voluntary. If you choose not to provide your name, email, or message, we cannot reply to you — but no other consequence follows.
7. Automated decision-making and profiling
We do not make automated decisions or carry out profiling that produces legal effects or similarly significant effects on you. Spam-prevention checks via Cloudflare Turnstile are technical filters and do not constitute automated decision-making in the GDPR sense.
8. Security
Personal data is transmitted over HTTPS and stored encrypted at rest by our processors. Access to the lead database is restricted to authorised personnel of TOURINGTUNES Sp. z o.o. via authenticated CLI access, with all queries logged.
9. Changes to this policy
We may update this privacy policy as MOTIF SYNC moves from pre-launch to launch and adds new features. Material changes will be communicated by email to anyone in our database, with at least 14 days' notice before the change takes effect. The "Last updated" date at the top of this page always reflects the current version.
10. Contact
For any privacy-related question or to exercise your rights, please contact us at hello@motifsync.eu.