Skip to main content

Privacy Policy

Last Updated: June 24, 2025

At Rhythm Seven Software, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you visit rhythmseven.com, interact with our services, use our software products, or activate a license using the provided Activator application. It also outlines your rights regarding your personal information and how to contact us with questions. This policy applies to all customers and potential customers, as defined in our Legal Policies.

Definitions

To help you understand this policy, we provide definitions for key terms used:

  • AES-256 Encryption: An advanced encryption standard using a 256-bit key to secure data, widely recognized as one of the strongest encryption methods for protecting data at rest.
  • Activator application: When you install one of our software applications (e.g., Aquila), a corresponding license activator application (e.g., Aquila Activator) is also installed. This application is used to activate, deactivate, and manage the software license you purchased.
  • Data Mirroring: The process of creating and maintaining duplicate copies of data across multiple servers to ensure availability and resilience in case of hardware or system failures.
  • GDPR: The General Data Protection Regulation, a European Union law that governs the collection, processing, and protection of personal data, ensuring user rights and organizational accountability.
  • HTTPS Protocol: A secure version of HTTP that uses encryption to protect data transmitted between a client (e.g., your browser) and a server, ensuring confidentiality and integrity.
  • ISO 27001 Certification: An international standard for information security management systems, ensuring that an organization follows best practices to protect data.
  • One-Way Hash Function: A cryptographic algorithm (specifically, SHA256) that transforms input data into a fixed-length hash value. This transformation is designed to be computationally infeasible to reverse, ensuring that the original input (e.g., your name or activation code) cannot be recovered from the hash value.
  • SSAE 16 SOC 2 Type 2: A U.S. standard for auditing service organizations, ensuring that data facilities maintain effective controls for security, availability, confidentiality, and privacy over a period of time.
  • TLS Protocol: Transport Layer Security, a cryptographic protocol that provides secure communication over a network, used in conjunction with HTTPS to encrypt data in transit.

Entities Involved in the Collection and Use of Customer Data

There are five entities, or parties, involved in the transmission, collection and use of customer data, each with specific roles as follows:

  • Rhythm Seven Software: The rhythmseven.com website, related digital products, and the API for managing software license activations are provided by Rhythm Seven Software on a Microsoft Windows web server hosted by SmarterASP.Net. SmarterASP.NET provides web hosting services, specializing in ASP.NET running on Windows servers. Their data facilities are audited under SSAE 16 SOC 2 Type 2. The web server hosted by SmarterASP.Net is referred to as the "Rhythm Seven Software server" in this document.
  • Cloudflare: Cloudflare provides a broad range of services focused on improving website and application performance, security, and reliability. Key services include a Content Delivery Network (CDN), DDoS protection, and DNS management. The Rhythm Seven Software server is coupled with Cloudflare to strengthen security.
  • Microsoft Exchange Email Hosting: Microsoft Exchange offers hosted email solutions for businesses through Microsoft 365, providing features like advanced security, data loss prevention, and guaranteed uptime. Rhythm Seven Software has a Microsoft Exchange account that is used to facilitate one-on-one communication with customers and potential customers.
  • MailerLite: MailerLite is a marketing automation platform that provides functionality for email campaigns, automated workflows, building landing pages, and integration with payment processing platforms such as Stripe. Rhythm Seven Software uses MailerLite to provide software trials and an automated workflow that enables product purchases by integrating with Stripe and sending emails to customers, including their software activation code.
  • Stripe: Stripe is a platform used for businesses to accept online and in-person payments, manage their revenue, and build financial services. Rhythm Seven Software product purchases and refunds are processed by Stripe on Stripe's servers.

Data We Collect and How We Use It

We collect limited personal information to provide our services, process purchases, and manage software licenses. Below are the types of data we collect and their purposes:

  • Website Contact Form:

    • Data Collected: When you submit a request via our Contact Form, we collect your name, email address, and the content of your message. We also employ a "honeypot" anti-spam field which should be invisible to human users.
    • Purpose: To respond to your inquiries, provide customer support, and process refund requests. The anti-spam field helps us distinguish between genuine submissions and automated bots. Email addresses are used strictly for one-on-one communication and are never used for marketing.
    • Storage: Contact form data is sent to our Microsoft Exchange server and is not stored on the Rhythm Seven Software server.

  • Software Trials:

    • Data Collected: When you sign up for a software trial, MailerLite collects your name and email address.
    • Purpose: To provide you with trial access to our software and to protect against abuse from bots.
    • Storage: Your name and email address are stored securely by MailerLite in the EU. They are not stored on the Rhythm Seven Software server.

  • Software Purchases:

    • Data Collected: When you purchase a software license, Stripe collects your name, email address, and payment details. MailerLite also receives your name and email to trigger the post-purchase workflow. Rhythm Seven Software then collects a one-way hash of your name, a one-way hash of your activation code, the clear-text activation code, the product purchased, and an initial activation limit.
    • Purpose: To process your payment, create a unique license for you, and send your activation code via email. The clear-text activation code is stored on our server so it can be emailed to you and resent if needed for support purposes.
    • Storage: Your name, email, and payment details are processed and stored by Stripe. Your name and email are also stored by MailerLite. The hashed name, hashed activation code, clear-text activation code, product name, and activation count are stored in our secure database on the Rhythm Seven Software server.

  • License Activation and Management:

    • Data Collected:
      • Activation: To activate your software, the Activator application sends a one-way hash of your name, a one-way hash of your activation code, the product name, and your computer's unique hardware ID to our server API.
      • Deactivation: To deactivate a license, the Activator sends the same information: hashed name, hashed code, product name, and hardware ID.
      • Reset (Deactivate All): To deactivate all computers, the Activator sends the hashed name, hashed code, and product name.
      • Status Check: To verify your license, the Activator or the main application sends the hashed name, hashed code, product name, and hardware ID.
    • Purpose:
      • Activation: To verify your purchase, generate a hardware-locked license file for your computer, and track the number of available activations.
      • Deactivation: To release an activation, allowing you to use it on another computer.
      • Reset: To recover all available activations if, for example, you can no longer access an old computer.
      • Status Check: To confirm that your computer has a valid, active license.
    • Storage: We store your computer's hardware ID and its activation status (active/inactive) linked to your purchase record in our database. We do not collect any other information from your computer. Your license credentials (name and activation code) are also stored in an encrypted file on your own computer in the \AppData\Roaming\<ProductName>\ folder for your convenience. This file is encrypted using your unique hardware ID as a key, meaning it can only be read on that specific computer.

  • Refunds:

    • Data Collected: Refund requests are initiated through our contact form. We use your name and email to locate your purchase in Stripe.
    • Purpose: To process refunds via Stripe and, subsequently, to deactivate the corresponding activation code in our system. Refund confirmations are sent via our Microsoft Exchange server.
    • Storage: Refund transaction data is processed and stored by Stripe according to their policies and our financial and legal obligations.

How We Protect Your Data

We employ robust, multi-layered security measures to safeguard your personal information:

  • Encryption in Transit: All data transmitted between your device and our servers, including our website, API calls from the Activator application, and emails, is encrypted using industry-standard HTTPS/TLS protocols.
  • Data at Rest: We use one-way hashing (SHA256) to protect your name and activation code in our database, ensuring they cannot be reversed into clear text. Your credentials are also stored securely encrypted on your local computer. No other sensitive data is stored in clear text on the Rhythm Seven Software server.
  • API Security: All communication between our Activator applications and our server API is secured with a cryptographic signature (an HMAC-SHA256 hash). This ensures that requests are legitimate and have not been tampered with, protecting against unauthorized license generation or manipulation.
  • Infrastructure Security: Our website and API are secured with an SSL certificate. We also leverage Cloudflare's security features, including their Web Application Firewall (WAF) and rate limiting on API endpoints, to protect against attacks.
  • Local Credential Security: The Activator application stores your registration name and activation code in an encrypted file on your computer. This file is encrypted using AES-256, with a key derived from your unique hardware ID, making it unreadable on any other machine.

Third-Party Data Processing

We partner with trusted third parties to provide our services. They process your data under strict privacy and security standards:

  • Stripe:

    • Role: Processes payments for software purchases and refunds.
    • Security: Stripe is a PCI DSS Level 1 certified provider. They use HTTPS/TLS for all communications, AES-256 encryption for sensitive data at rest, and maintain a secure data vault.
    • Privacy Policy: See Stripe’s Privacy Policy for details.

  • MailerLite:

    • Role: Manages trial sign-ups, purchase confirmation emails, and activation code delivery.
    • Security: MailerLite is GDPR-compliant and uses HTTPS/TLS for secure communication. They store data on secure EU servers with data mirroring and follow ISO 27001-certified processes.
    • Privacy Policy: See MailerLite’s Privacy Policy for details.

Your Data Protection Rights

Under applicable data protection laws, including GDPR, you have the following rights regarding your personal information:

  • Access: Request a copy of the data we hold about you (e.g., hashed name, stored hardware IDs, or any email correspondence).
  • Correction: Update or correct inaccurate data.
  • Deletion: Request deletion of your data, subject to legal and financial obligations.
  • Restriction: Limit how we process your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to certain types of data processing.

To exercise these rights, please submit a request via our Contact Form. We will respond promptly as required by law.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Contact Form Data: Stored in our Microsoft Exchange server until your inquiry is fully resolved and then deleted unless required for legal purposes.
  • Trial and Purchase Data: Managed by MailerLite and Stripe and retained according to their privacy policies and our legal obligations.
  • License Data: Hashed names, hashed activation codes, and associated hardware IDs are stored in our database for the duration of your software license to ensure it remains functional. If you request a refund, the license record is deactivated.
  • Refund Data: Retained by Stripe for financial and legal compliance (e.g., tax records), typically for seven years.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our services, legal requirements, or security practices. Updates will be posted on this page, and we will notify you of significant changes via email or a notice on rhythmseven.com. Please review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please use our Contact Form. Our support team will respond promptly to assist you.