Data Security, Retention, and Deletion Policy for MD5 Records

At MD5 Records, we prioritize the privacy and security of your data while providing a unique way to commemorate your development projects. We take careful steps to ensure that the data you upload remains anonymous and is handled with the utmost care.

What Data Do We Collect?

The data you upload is highly anonymous. Specifically, we collect:

  • Timestamps: These are used to map the timing of your project’s progression into musical notes. Timestamps contain no identifiable information and serve only as a chronological reference.
  • Commit SHAs: A hash (SHA) is a cryptographic signature representing a specific commit. The SHA is anonymous and cannot reveal any sensitive information about your codebase.
  • Usernames: We only collect the first part of the username to help create track tables and to provide context for team-based projects. This username is not tied to any sensitive personal or organizational data.

What we do NOT collect:

  • Any code from your project.
  • Any commit messages.
  • Project names or ownership details.

If you’d like to verify this for yourself, please review the CSV file you upload—none of the information provided compromises any sensitive company data.

Data Deletion Options

We believe in giving you full control over your data. You have three options to delete your data based on your interaction with our record creation process:

  1. Manual Deletion: If you decide to abandon the record-building process, you can select the “delete my data” option at any time. Once selected, we will immediately delete all associated data from our systems.
  2. Scheduled Deletion: If your design remains inactive (unpurchased) for more than 7 days, we will automatically delete the uploaded data to ensure that we do not store unnecessary information.
  3. Post-Purchase Deletion: After your record has been produced, including the audio file and album art, we no longer need your git log data. Once the final product is delivered, we will promptly delete all uploaded data from our systems.

How We Secure Your Data

We employ several layers of security to ensure your data is well-protected:

  • Private Storage: All git logs are stored on a private volume, isolated from public access to prevent unauthorized access.
  • Unique Design Identifiers: Each interface for creating a vinyl record with your git log is assigned a UUID (Universally Unique Identifier), which is nearly impossible to guess or link back to you.
  • Anonymous Until Checkout: Your uploaded data is not associated with your personal or organizational details until you proceed to checkout, ensuring your privacy throughout the design process.

For checkout, we rely on Stripe, a leading payment processor. You can review their data policies for additional details on how your payment information is handled securely.