Privacy Policy

SetWise is built local-first. The short version: your music library and DJ data never leave your machine. The only things we touch on a server are your license and, if you opt into Pro AI features, your prompts. This page lays out exactly what data flows where, why, and how long we keep it.

1. Who we are

"SetWise" (we, us, our) refers to the SetWise desktop application and the website at setwise.site, operated from Chile. For any privacy question, contact [email protected].

2. What stays on your device

The following is processed entirely on your computer and is never transmitted to us or any third party:

• Your imported Rekordbox XML and the local library SetWise builds from it (track titles, artists, BPM, key, file paths, ratings, cues, etc.)
• Your saved sets, drafts, archived sets, trash, and per-set planner configuration
• App settings (language, default folders, theme, BPM defaults, harmonic preferences)
• Audio files: SetWise never reads or transmits audio. Only the metadata you exported from Rekordbox.

3. What we do collect

3.1 License activation data

When you activate a paid license inside SetWise, the desktop app sends to license.setwise.site:

• Your license key
• An anonymous device fingerprint (a hash that identifies the install, not you personally)
• The IP address used to activate (logged briefly for fraud prevention and rate limiting)

Email and name on the license are received from Polar.sh at the moment of purchase (see §4 below). We use this data to validate the license, enforce activation limits, and prevent license abuse.

3.2 AI feature usage (Pro only)

If you use SetPilot (SetWise's cloud AI feature, also referred to as SetWise AI), each draft request sends to our server:

• Your free-text intent prompt (e.g., "120-minute warmup leading to peak techno")
• The structured criteria schema your app builds from your prompt
• An incremented counter on your license to enforce your monthly/yearly/lifetime AI quota

Your library, track lists, filenames, and audio are never sent. The AI receives only your intent and the criteria shape. The local planner, running on your machine, does the actual track selection against your local library.

If you instead use ChatGPT BYO (Pro Lifetime BYO or any user with their own ChatGPT connector), the request goes from your machine directly to OpenAI under your account; we do not see or proxy it.

3.3 Website data (setwise.site)

The marketing site uses Cloudflare for DNS, CDN, and basic protection. Cloudflare may log standard request metadata (IP, user agent, request time) for security and performance. We use Cloudflare Web Analytics, which counts visits in aggregate without setting cookies and without profiling individual visitors. We do not run third-party tracking pixels or ad networks.

3.4 Support correspondence

If you email [email protected], we receive your email address and the contents of your message. We use this only to respond to you.

3.5 Marketing forms (waitlist & free download)

If you submit one of the email forms on setwise.site — the Pro waitlist or the Free download form — we collect:

• Email address — stored at our email provider Resend (see §4) so we can deliver the welcome email you signed up for and any future launch announcement. We also keep a salted SHA‑256 hash of your email in our license-server database for deduplication and aggregate analytics. The original address is never stored on our server in plain form.
• Browser language (a two-letter code such as "en", "es", "ja") — used to choose which translation of the welcome email to send.
• Country code (such as "CL", "DE", "JP") — derived from your IP via Cloudflare's CF-IPCountry header. We do not store your full IP address. Cloudflare retains raw IPs per its own policy.
• Source label (such as "landing_hero" or "final_free_download") — a tag we set ourselves to identify which form on the page you used. If your visit URL included ?ref=… or ?utm_source=…, we may append the first 32 characters of that value to the source label.
• Anti-bot challenge data — while you submit the form, Cloudflare Turnstile (see §4) performs a brief challenge. Cloudflare may collect minimal browser fingerprint data for the duration of the challenge. We do not retain this data.

We use these data to send the welcome email you signed up for, segment our list (Pro waitlist vs Free download users) for future product announcements, and measure which forms convert. We do not sell, rent, or share this data with anyone other than the processors listed in §4.

To unsubscribe: email [email protected]. Our welcome emails also include a List-Unsubscribe header that most modern email clients surface as a native one-click "Unsubscribe" link near the subject line.

3.6 Marketing analytics (consent-based)

The site is configured with a consent banner that, on first visit, gives you three category choices:

• Strictly necessary — always on (Cloudflare bot protection, Cloudflare Turnstile during form submission).
• Analytics — Cloudflare Web Analytics is cookieless and outside this category for now; the toggle is shown for transparency.
• Marketing — off by default. If and only if you accept marketing cookies, the site will load the Meta Pixel and the Google Ads tag for the duration of your visit. These services collect minimal browser data (IP, user agent, page URL, conversion events) so we can measure how well our paid ad campaigns perform. They are operated by Meta Platforms and Google respectively, each as an independent data controller bound by its own privacy policy (see §4).

You can change your choice at any time via the "Cookie settings" link in the footer. Withdrawing consent clears the related cookies (_fbp, _fbc, _gcl_*, _gac_*, _ga*) on the next page load. We never load these scripts before you opt in.

Status note (2026-04-26): the marketing category infrastructure is in place but no Meta Pixel ID or Google Ads conversion ID is configured yet. While that is the case, accepting the marketing category has no observable effect — nothing actually loads. Once we configure the IDs and start running paid campaigns, this notice will be removed and the cookies described above will start firing on consent.

4. Third parties

SetWise relies on a small set of trusted infrastructure providers. Each is a separate data controller bound by its own privacy policy:

• Polar.sh — Merchant of Record for all paid purchases. Polar collects payment data, billing address, and tax-relevant location data directly from you, and processes the underlying transaction through Stripe. SetWise never sees your card details. Polar privacy policy.
• Cloudflare — DNS, CDN, and Web Application Firewall for setwise.site and license.setwise.site. Cloudflare also provides Cloudflare Web Analytics (cookieless, aggregate visit counts on setwise.site) and Cloudflare Turnstile (anti-bot challenge embedded in our marketing forms; collects minimal browser fingerprint data only during the challenge, with no persistent identifier stored). Cloudflare privacy policy.
• Resend — Our email service provider, used both for transactional email (license keys, AI receipts) and for marketing-form welcome emails (waitlist and free download). When you submit a marketing form, your email address is stored in Resend's contact database and the welcome email is sent through Resend's infrastructure. Resend operates from the United States. Resend privacy policy.
• OpenAI — When you use SetPilot (cloud), our server forwards your intent prompt and criteria schema to OpenAI's API. We do not enable training on this data. OpenAI privacy policy.

5. Data retention

• License records: kept while your license is active and for a reasonable archival period (up to 7 years) for accounting and fraud-prevention reasons.
• AI usage logs: aggregated counters are kept for the life of the license. Individual prompt logs are retained for up to 90 days for abuse mitigation, then deleted.
• Marketing-form data: Your email address at Resend is retained until you unsubscribe or until we delete the segment. The salted SHA‑256 hash of your email kept in our local database is retained indefinitely as anonymized aggregate data — because the hash is one-way, it cannot be reversed to recover your email.
• Support emails: kept until you ask us to delete them, or longer if needed for an open issue.
• Cloudflare logs: retained per Cloudflare's defaults (typically days, not weeks).

6. Your rights

You can ask us, at any time, to:

• Tell you what data we have on you (right of access)
• Correct any inaccurate data
• Delete your license records, marketing-list entry, and AI usage logs (right to erasure)
• Export your license records in a portable format
• Withdraw consent for AI features (you can stop using them anytime; we'll stop receiving prompts)
• Unsubscribe from marketing emails — email [email protected], or use the native "Unsubscribe" link your email client surfaces from our messages

Email [email protected] with your license key (if applicable) and we'll respond within 30 days. If you're in Chile, your rights under Ley 19.628 (Protección de la vida privada) apply. If you're in the EU/EEA or UK, the GDPR/UK GDPR apply.

7. Children

SetWise is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you are a parent or guardian and believe your child has provided us data, contact us and we will delete it.

8. Cookies

The website does not set tracking cookies of its own. Specifically:

• Cloudflare may set strictly necessary functional cookies for security (DDoS protection, bot detection at the edge).
• Cloudflare Turnstile may set short-lived state used only to complete its anti-bot challenge during a form submission. No persistent identifier remains afterwards.
• Cloudflare Web Analytics is cookieless — it counts visits in aggregate without identifying individuals.
• We do not run third-party advertising or profiling pixels.
• The desktop app uses no cookies; it stores its own state in data/ on your machine.

9. Security

All connections to license.setwise.site and setwise.site use HTTPS/TLS. License keys are stored hashed server-side; we cannot recover a license key from the database (we can only recognize it when you present it). No system is perfectly secure, but we apply reasonable industry practices.

10. International transfers

Our servers are operated from Chile. Some third parties (Cloudflare, OpenAI, Polar.sh, Stripe) process data in the United States and other countries. By using SetWise you understand your data may be transferred across borders for the limited purposes described above.

11. Changes to this policy

We may update this Privacy Policy as the product evolves. Material changes will be reflected in the "Last updated" date at the top, and we will make a reasonable effort to notify active license holders by email when changes are significant.

12. Contact

For privacy questions, data requests, or anything in this document: [email protected].