Developer data isolation
Developer routes should scope customers, products, serials, purchases, and exports to the authenticated developer.
SoundSyncDeveloper Platform
Trust, Security, and Data
Developers trust SoundSync with products, subscriptions, customers, payments, downloads, and licensing. This page explains current trust posture honestly without fake certifications or unsupported compliance claims.
Developer routes should scope customers, products, serials, purchases, and exports to the authenticated developer.
Developers should not see other developers customers, products, serials, delivery files, or revenue records.
Support and operational access should be limited to legitimate account, billing, security, moderation, and platform reliability needs.
Developer exports should be scoped to the developer relationship and should not expose unrelated customer data.
Product/plugin credentials support creation, rotation, secret retrieval, and revocation workflows.
Customer downloads should use delivery routes and entitlement checks rather than raw storage links.
Product files are developer assets and should remain protected behind scoped upload, delivery, and entitlement flows.
Managed file upload jobs validate file type and size, sanitize filenames, keep progress/status records, attach completed files to the product, and scope job access to the owning developer or authorized support workflows.
Upload by link imports files server-side through HTTPS-only remote jobs by default, blocks localhost/private-network/metadata hosts, limits redirects and size, and stores the resulting product file without exposing private storage credentials.
Generated HISE product packages use HISE-native panels, labels, images, buttons, and SoundSync API calls. Checkout opens in the default browser instead of embedding payment fields in the plugin.
Generated HISE package support buttons open the centralized SoundSync support center. Public storefront/product support fields can still exist, but plugin package support controls do not route to developer-specific support destinations.
The in-plugin My Products view loads only after a customer provides a current library or download token, and download buttons use SoundSync entitlement-gated delivery URLs. Packages do not include payment IDs, private keys, storage paths, developer secrets, or raw customer data.
Developer storefront support resolves to the SoundSync-hosted support page, preferring the verified branded storefront domain as /support when available, then falling back to the hosted storefront support route.
The public support chat answers only from saved support articles, public storefront/product facts, and developer support settings. It should route uncertain account, order, serial, billing, refund, or license-state issues to the contact form with transcript context.
AI-generated campaign, product, storefront, support, analytics, promotion, and automation outputs remain editable drafts or suggestions. Developers choose what to apply, save, send, publish, or ignore.
AI prompts are designed to avoid private URLs, payment data, API keys, plugin secrets, serials, license keys, raw customer data, and unsupported product claims. Support chat and operational support drafts treat customer messages as untrusted text and do not perform account actions.
AI tools do not send marketing emails, publish storefront changes, change product prices, issue refunds, cancel subscriptions, suspend licenses, or run automations automatically.
Subscription status, renewal, cancellation, failed-payment grace, and refund/dispute signals should flow through entitlement, licensing, customer library, and reporting surfaces rather than living only in checkout records.
Refunds and disputes should remain visible to order, revenue, entitlement, and support workflows.
Marketing campaigns should be consent-first, developer-scoped, and limited to eligible subscribed contacts. Purchased, scraped, non-consented, or unrelated lists are not allowed.
Unsubscribed, suppressed, bounced, or complained contacts should be excluded from future marketing campaigns where tracked, while required transactional emails remain separate.
Email drafts and scheduled-deal campaign drafts require developer review. Marketing sends require developer action, unsubscribe/suppression checks remain required, and scheduled deals should keep clear review, edit, and cancellation states.
Marketing delivery should respect unsubscribe, bounce, complaint, and suppression events where tracked.
SoundSync processes developer, customer, subscription, usage, billing, and support data to operate the platform.
Abusive uploads, piracy, malware, fraud, credential theft, and delivery bypass attempts are prohibited.
Do not assume SOC 2, HIPAA, third-party audits, enterprise compliance claims, custom payout programs, reseller UI, or a completed JUCE/C++ SDK.