Back to home

Privacy policy

Last updated: April 20, 2026

Introduction

PocketLab is designed to work offline by default, without an account and without a server. Creating an account is optional and is used solely to synchronize your data across multiple devices. This policy describes the data we collect when you choose to create an account, as well as the measures taken to protect it.

Data controller

The data controller is CIM Consulting, represented by Mathieu Aboudharam, registered office 26 Hameau de Parassac, 2B Chemin des Paons, 05000 Gap, France. For any question regarding your personal data: [email protected].

Data we collect

The data collected varies depending on how you use the application.

Offline use (default)

No personal data is sent to our servers. Your samples, banks, and preferences are stored locally in your browser (IndexedDB, localStorage). You are the sole controller of this data.

With an account

When you create an account, we collect: your email address (required for one-time code authentication), an optional display name, the data you choose to synchronize (samples, banks, folders, projects, audio files), and technical logs (IP address, user-agent, timestamp) related to security events (sign-in, account deletion).

Analytics (Matomo)

We use Matomo in cookieless mode, self-hosted on analytics.dubomatik.com. No tracking cookie is placed. Collected data (pages visited, browser, screen resolution) is anonymized and does not allow you to be identified. No data is shared with third parties.

Error monitoring (Sentry)

When a technical error occurs in the application, a report is sent to Sentry GmbH (EU region) so we can diagnose and fix it. This report contains the stack trace, the URL of the page involved, the browser type, the application version and, if you are signed in, your internal identifier (never your email or IP address). No form input data is captured.

Cross-device synchronization

Synchronization is optional and active only if you create an account and enable it. When enabled, your samples, banks, folders and projects are stored on our servers (PostgreSQL and MinIO, hosted in Germany by Contabo GmbH, EU region) so you can retrieve them from another device signed into the same account. Audio files transit directly between your browser and our object storage via short-lived signed URLs (15 minutes) - they never go through our application servers. You can delete your account at any time to erase all of this data.

Purposes of processing

  • Authentication and account management (sending OTP codes by email).
  • Synchronization and backup of your samples, banks and projects across devices.
  • Service security: abuse detection, quota enforcement, logging of sensitive events.
  • Anonymized audience measurement to improve the app.

Legal basis

Processing is based on contractual performance (GDPR art. 6.1.b) for account creation and management, on our legitimate interest (art. 6.1.f) for service security and anonymized audience measurement, and on your consent (art. 6.1.a) for optional processing.

Retention periods

  • Account data and synchronized data: as long as your account is active. Deleted immediately upon account deletion.
  • Security logs (sign-ins, deletions): maximum 12 months.
  • Matomo audience data: 13 months, then anonymized or deleted.

Recipients

Your data is processed solely by CIM Consulting. We do not sell, rent or share your personal data with third parties. Data may be accessible to our strictly necessary technical subcontractors, bound by contractual confidentiality obligations: Contabo GmbH (hosting, Germany) and Sentry GmbH (technical error monitoring, Germany).

Transfers outside the European Union

Your data is hosted in Germany by Contabo GmbH and technical error monitoring is provided by Sentry GmbH (Germany, EU region). No transfer of personal data to countries outside the EU is carried out.

Cookies

PocketLab uses no advertising tracking cookies. Only authentication tokens (JWT) are stored locally (localStorage) after sign-in to maintain your session. Matomo runs in cookieless mode and drops no cookie. No cookie consent is therefore required.

Your rights

Under the GDPR, you have the following rights over your personal data:

  • Right of access: obtain a copy of your data.
  • Right to rectification: correct inaccurate data.
  • Right to erasure: delete your account and all your data.
  • Right to portability: download your data in a ZIP archive (JSON + audio files) from the Settings page.
  • Right to object to certain processing.
  • Right to restriction of processing.

To exercise these rights, write to us at [email protected]. If your complaint remains unresolved, you may lodge a complaint with the CNIL: cnil.fr.

Security

We implement technical and organizational measures to protect your data: encrypted communications (HTTPS / TLS), passwordless one-time code authentication, short-lived JWT tokens with automatic rotation, strict security headers (CSP, X-Frame-Options, X-Content-Type-Options), and logging of sensitive events.

Changes to this policy

This policy may evolve to reflect technical, legal or service changes. The last-update date is shown at the top of the page. In the event of a substantial change, we will notify you by email if you have an account.

What's New

v1.33.0

Improved mobile navigation

Swipeable bottom bar with all your tools at your fingertips.

Better sample view on mobile

Sample names, tags and waveforms now stack vertically for better readability.

Account & cloud sync (coming soon)

Create an account to backup and sync your data across devices.