Trust, Security, and Data

Built with scoped access, protected downloads, and credential-aware workflows from the start.

Developers trust SoundSync with products, subscriptions, customers, payments, downloads, and licensing. This page explains current trust posture honestly without fake certifications or unsupported compliance claims.

Developer data isolation

Developer routes should scope customers, products, serials, purchases, and exports to the authenticated developer.

Customer separation

Developers should not see other developers customers, products, serials, delivery files, or revenue records.

Support access controls

Support and operational access should be limited to legitimate account, billing, security, moderation, and platform reliability needs.

Customer export policy

Developer exports should be scoped to the developer relationship and should not expose unrelated customer data.

API keys and plugin credentials

Product/plugin credentials support creation, rotation, secret retrieval, and revocation workflows.

Download URL protection

Customer downloads should use delivery routes and entitlement checks rather than raw storage links.

Product file security

Product files are developer assets and should remain protected behind scoped upload, delivery, and entitlement flows.

Managed upload safety

Managed file upload jobs validate file type and size, sanitize filenames, keep progress/status records, attach completed files to the product, and scope job access to the owning developer or authorized support workflows.

Upload-by-link protections

Upload by link imports files server-side through HTTPS-only remote jobs by default, blocks localhost/private-network/metadata hosts, limits redirects and size, and stores the resulting product file without exposing private storage credentials.

HISE plugin storefront boundaries

Generated HISE product packages use HISE-native panels, labels, images, buttons, and SoundSync API calls. Checkout opens in the default browser instead of embedding payment fields in the plugin.

HISE support routing

Generated HISE package support buttons open the centralized SoundSync support center. Public storefront/product support fields can still exist, but plugin package support controls do not route to developer-specific support destinations.

Plugin storefront library safety

The in-plugin My Products view loads only after a customer provides a current library or download token, and download buttons use SoundSync entitlement-gated delivery URLs. Packages do not include payment IDs, private keys, storage paths, developer secrets, or raw customer data.

Branded support pages

Developer storefront support resolves to the SoundSync-hosted support page, preferring the verified branded storefront domain as /support when available, then falling back to the hosted storefront support route.

Support assistant boundaries

The public support chat answers only from saved support articles, public storefront/product facts, and developer support settings. It should route uncertain account, order, serial, billing, refund, or license-state issues to the contact form with transcript context.

AI approval controls

AI-generated campaign, product, storefront, support, analytics, promotion, and automation outputs remain editable drafts or suggestions. Developers choose what to apply, save, send, publish, or ignore.

AI input and secret boundaries

AI prompts are designed to avoid private URLs, payment data, API keys, plugin secrets, serials, license keys, raw customer data, and unsupported product claims. Support chat and operational support drafts treat customer messages as untrusted text and do not perform account actions.

No automatic AI actions

AI tools do not send marketing emails, publish storefront changes, change product prices, issue refunds, cancel subscriptions, suspend licenses, or run automations automatically.

Subscription entitlement state

Subscription status, renewal, cancellation, failed-payment grace, and refund/dispute signals should flow through entitlement, licensing, customer library, and reporting surfaces rather than living only in checkout records.

Refund/dispute behavior

Refunds and disputes should remain visible to order, revenue, entitlement, and support workflows.

Email marketing consent

Marketing campaigns should be consent-first, developer-scoped, and limited to eligible subscribed contacts. Purchased, scraped, non-consented, or unrelated lists are not allowed.

Unsubscribes and suppressions

Unsubscribed, suppressed, bounced, or complained contacts should be excluded from future marketing campaigns where tracked, while required transactional emails remain separate.

Marketing and scheduled deal safety

Email drafts and scheduled-deal campaign drafts require developer review. Marketing sends require developer action, unsubscribe/suppression checks remain required, and scheduled deals should keep clear review, edit, and cancellation states.

Marketing delivery handling

Marketing delivery should respect unsubscribe, bounce, complaint, and suppression events where tracked.

Privacy summary

SoundSync processes developer, customer, subscription, usage, billing, and support data to operate the platform.

Acceptable use summary

Abusive uploads, piracy, malware, fraud, credential theft, and delivery bypass attempts are prohibited.

Platform boundaries

Do not assume SOC 2, HIPAA, third-party audits, enterprise compliance claims, custom payout programs, reseller UI, or a completed JUCE/C++ SDK.