GDPR Compliance

Your privacy rights are protected under GDPR and French law. Learn how Forward Digital SAS complies with CNIL requirements and respects your data subject rights.

Key GDPR Information

Data Controller: Forward Digital SAS (France)

DPO Contact: privacy@fwdmusic.com

Legal Basis: Legitimate interests and contractual necessity (Article 6 GDPR)

Supervisory Authority: CNIL (Commission Nationale de l'Informatique et des Libertés)

Company Registration: SIREN 835 311 176, Saint-Denis, France

Your GDPR Rights

As an EU resident, you have specific rights regarding your personal data

Right to Access

You have the right to request a copy of your personal data that we process.

How to exercise this right:

Submit a data access request through your account dashboard or contact privacy@fwdmusic.com

Right to Rectification

You can request corrections to any inaccurate or incomplete personal data.

How to exercise this right:

Update your information in account settings or contact our support team

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances.

How to exercise this right:

Submit a deletion request through your account or email privacy@fwdmusic.com

Right to Restrict Processing

You can request that we limit how we use your personal data.

How to exercise this right:

Contact our privacy team with your specific restriction requirements

Right to Data Portability

You can request your data in a structured, machine-readable format.

How to exercise this right:

Use the export feature in your dashboard or request via email

Right to Object

You have the right to object to certain types of processing of your personal data.

How to exercise this right:

Update your preferences in account settings or contact privacy@fwdmusic.com

Data Processing Details

Transparent information about what data we process and why

What We Collect

  • Account information (email, name, company) - Article 6(1)(b) GDPR
  • API usage metadata (timestamps, endpoints) - Article 6(1)(f) GDPR
  • Billing information (processed by Stripe with adequate safeguards)
  • Support interactions and communications - Article 6(1)(f) GDPR
  • Cookie preferences and consent records (CNIL compliance)

What We Don't Collect

  • Audio content (processed in memory only, automatically deleted)
  • Personal data within audio files (privacy by design)
  • Biometric voice data or voiceprints
  • Third-party user information without explicit consent
  • Location data beyond IP geolocation for fraud prevention

How We Use Data

  • Provide and improve our services
  • Process transactions and billing
  • Send service notifications
  • Comply with legal obligations

Data Retention (CNIL Compliant)

  • Account data: Duration of account + 30 days maximum
  • API logs: 90 days for security and fraud detection
  • Billing records: 10 years as required by French tax law
  • Audio data: Never stored, processed in-memory only
  • Cookie consent: 13 months maximum (CNIL requirement)
  • GDPR requests: 3 years for compliance documentation

Security & Protection

How we protect your personal data with appropriate security measures

Technical Measures

  • End-to-end encryption (TLS 1.3)
  • Encryption at rest (AES-256)
  • Access controls and authentication
  • Regular security audits

Organizational Measures

  • Data protection training for staff
  • Confidentiality agreements
  • Limited access on need-to-know basis
  • Regular privacy impact assessments

International Data Transfers

Data Location & Processing

Forward Digital SAS, as a French company, primarily processes personal data within the European Union. Our infrastructure is designed with data sovereignty in mind, ensuring compliance with GDPR requirements.

Primary Data Centers

  • • EU Region (France) - Primary processing
  • • EU Region (Germany) - Backup and redundancy
  • • All data remains within EEA jurisdiction

Safeguards

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Additional technical and organizational measures

Sub-processors

We maintain a list of sub-processors who may process personal data on our behalf. All sub-processors are bound by data processing agreements that ensure GDPR compliance.

Exercise Your Rights

Need to exercise your GDPR rights or have questions about your personal data?

Privacy Contact

privacy@fwdmusic.com

Dedicated privacy team

Response Time

Within 30 days

As required by GDPR

Supervisory Authority

CNIL (France)

3 Place de Fontenoy, 75007 Paris

Submit GDPR RequestView Privacy Policy