PressPlay Studio
TermsPrivacyRefund

Privacy Policy

Last updated: May 12, 2026 · v1.0

This Privacy Policy explains how Axiom Media LLC (Axiom, we, us) handles personal data in PressPlay Studio (the Service). It applies to Creators who run accounts on the Service, Buyers who purchase from those Creators, and visitors to Creator pages we host.

Plain English. We collect the minimum data needed to run the platform. Creators bring their own keys to third-party services (Stripe, Resend, AI providers) and those services hold the sensitive parts. We never see Buyer credit card numbers. Buyer emails go to the Creator who sold to them, plus a few named infrastructure providers. You can delete your account at any time.

1. Who we are

Axiom Media LLC is the data controller for personal data we collect about Creators and Service users. For Buyers, the Creator who sold them the product is the data controller for the purchase relationship; Axiom acts as a processor on the Creator's behalf for storing and delivering the Buyer's purchase.

Contact for privacy questions: hello@axiommedia.org.

2. What we collect, and why

2.1 Creators

DataPurposeSource
Name, email, password (hashed)Account, sign-in, supportYou
Profile (avatar, bio, social links)Public profile, catalog pageYou
Stripe API key, Resend API key, AI provider keysProcess payments, send email, run AI features. Stored encrypted at rest with AES-GCM.You (pasted into Settings)
Page configurations, audio uploads, cover artOperate your sales pages and product deliveryYou
Sales / analytics events (clicks, plays, conversions)Show analytics on your dashboardGenerated by the Service
Support communicationsAnswer your questionsYou

2.2 Buyers

DataPurposeController
Email addressSend the access link and order confirmation; enroll in the Creator's email sequence if applicableThe Creator
Name (optional)Personalize the access page and emailsThe Creator
Access hash, purchase timestamp, refund statusGate access to purchased contentThe Creator
Purchase amount, Stripe session ID (no card number)Reconciliation, refund matchingThe Creator
Play/listen events on the Creator's contentCreator analyticsThe Creator

2.3 Visitors

Anyone who visits a hosted Creator page generates basic request-log data (IP address, user-agent, referrer, requested URL, timestamp). We use this for security, abuse prevention, and aggregate analytics. We do not sell this data.

2.4 Card numbers — we don't have them

When a Buyer pays, they enter their card details on Stripe's hosted checkout page. Stripe charges the card and the funds flow directly to the Creator's Stripe account. We receive a Stripe session ID and the amount charged. We never receive the card number, CVC, expiration date, or full bank details.

3. How we use data

  • To operate, maintain, and improve the Service.
  • To process Creator payments to their own Stripe accounts.
  • To deliver purchased content to Buyers.
  • To send transactional email (sign-in links, purchase confirmations, password resets).
  • To send Creator email about their account (security, billing, important changes).
  • To detect, prevent, and respond to fraud, abuse, and security threats.
  • To comply with legal obligations (tax records, lawful requests).
  • For aggregate analytics that help us improve the product.

We don't sell personal data. We don't share it with advertisers or data brokers. We don't run third-party tracking pixels for advertising purposes on Creator pages by default.

4. Subprocessors

We rely on a small set of named providers to operate the Service. Each is bound by data-protection terms with us and applies its own security controls. Current list:

ProviderPurposeData
Convex (Convex, Inc.)Database, file storage, serverless functionsAll Service data
Vercel (Vercel Inc.)Web hosting, edge compute, request logsPage renders, request metadata
WorkOSCreator authentication (sign-in)Email, hashed credential, sign-in tokens
StripePayment processing (Creator-owned account; we never see card data)Buyer email, name, amount, session ID
ResendTransactional and marketing email (Creator-owned account when connected; Axiom-owned for platform-side emails like sign-in links)Email address, name, content
Anthropic, OpenAI, ElevenLabs, Inworld, Google, Deepgram, Fish AudioAI features the Creator opts into (text drafting, audio generation, transcription). Called with the Creator's own API key.Prompts and inputs the Creator chooses to send

We may update this list. Material additions will be announced in advance via the dashboard or email.

5. Where data is stored

Primary data resides in the United States via Convex and Vercel. Some subprocessors operate in additional regions. By using the Service from outside the United States, you consent to the transfer of your personal data to the United States and processing under U.S. law. Where required, transfers from the EEA, UK, or Switzerland rely on Standard Contractual Clauses or equivalent legal mechanisms.

6. Retention

We retain personal data only as long as needed:

  • Creator account data: for the life of your account plus 30 days after closure.
  • Buyer purchase records: as long as the Creator's account is active, so the Buyer can access their purchase. If a Creator closes their account, Buyers are notified before purchase records are removed.
  • Tax and accounting records: 7 years (or longer if required by law).
  • Request logs: 30 days for hot logs, up to 12 months for aggregated security analytics.
  • Backups: rolling 30-day retention for disaster recovery.

7. Security

  • All data in transit uses TLS 1.2+ encryption.
  • Creator-supplied API keys (Stripe, Resend, AI provider keys) are encrypted at rest using AES-GCM with a key stored only in Convex environment variables.
  • Production database access is restricted to a small set of named platform engineers under role-based access controls.
  • We log access to sensitive operations and review logs regularly.
  • No system is perfectly secure. If we discover a personal-data breach that affects you, we will notify you within 72 hours of discovery, consistent with applicable law.

8. Your rights

Depending on where you live, you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (subject to legal retention obligations).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where we relied on it.
  • (California residents) Know what categories of personal data we collect, the purposes, and the categories of recipients; opt out of sale or sharing of personal data (we don't do either).
  • (EU/UK/Swiss residents) The rights under GDPR / UK GDPR / Swiss FADP, including the right to lodge a complaint with your supervisory authority.

To exercise any right, email hello@axiommedia.org from the address on your account (so we can verify you). We respond within 30 days.

Buyers wanting to exercise rights regarding a specific Creator's records should contact that Creator first, since they are the data controller for the purchase relationship. We will support the Creator's response and act on lawful requests directly when needed.

9. Cookies and similar technologies

We use a small set of cookies and local-storage entries to make the Service work:

  • Authentication / session required to keep you signed in. Set by WorkOS and by our own session manager.
  • Editor state saves your preferences (e.g. which sidebar tab was open) in your browser. Stays on your device.
  • Analytics (aggregate, first-party) we count page views and key events to improve the product. No third-party advertising trackers by default.

Creators may add their own analytics or tracking pixels to their published pages. Those are governed by the Creator's own privacy policy, not this one.

10. Children

The Service is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you are a parent or guardian and believe a child has provided us personal data, contact hello@axiommedia.org and we will delete it.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be announced via the dashboard or email at least 14 days before they take effect, except where a change is required by law and must take effect sooner.

12. Contact

Axiom Media LLC
hello@axiommedia.org

EU/UK/Swiss residents may also contact their local supervisory authority.

© 2026 Axiom Media LLC. All rights reserved.

Questions? hello@axiommedia.org