Press Cmd/Ctrl + P and save as PDF at 100% scale.
TL TuneLab API
For your security, legal, and procurement teams

CTO Defense Kit
2-page brief

Hand this to whoever needs to sign off on adopting the TuneLab Audio Intelligence API. Six common objections, six honest answers — no marketing, no NDA required.

developers.tunelab.dev/trust compliance@tunelab.dev v1 · 2026-04-16

The Six Objections — Quick Reference

  1. Data handling Where does our user audio go?
    Metadata lookups never touch your users' files. Sync upload endpoints (/v1/bpm, /v1/key, /v1/lufs) process bytes in memory and never write to disk. Async upload jobs stage audio in a private R2 bucket that auto-deletes after 1 hour via lifecycle rule. Generated stems auto-delete after 24 hours. We do not train any model on customer payloads.
  2. GDPR & data location Where is the data processed?
    Compute and durable storage are EU-only: bare-metal FastAPI plus PostgreSQL on Hetzner data centres in Germany (Falkenstein). Edge cache reads served from Cloudflare's global anycast network. Sub-processors: Cloudflare, Hetzner, Modal Labs (US, GPU overflow only), Stripe (billing only). DPA available on request from compliance@tunelab.dev.
  3. SLA & reliability What happens when you're down?
    Cache hits served from Cloudflare's edge survive bare-metal outages. Compute uses backpressure (instant 503) — never blocking — and 503s automatically overflow to Modal GPU. Tier targets: Pro 99.9%, Scale 99.95% [VERIFY]. Public status page, public RCAs within 5 business days, trace ID in every response for support tickets.
  4. Bus factor What if your startup dies?
    Public OpenAPI spec at /api/openapi.json. Spotify-compatible JSON shim means your parser already works against any other Spotify replacement. Public changelog with 90-day breaking-change notice and a new /v2/ namespace for any breaks. Bulk export of all your computed features on shutdown. Open methodology at /technology.
  5. Security practices Is the infrastructure actually secure?
    TLS 1.3 enforced by Cloudflare. Origin traffic over Hetzner private network, never the public internet. API keys with tl_live_* / tl_test_* separation. HMAC-signed webhooks with rotation. Stripe webhook idempotency. Product-level isolation: dedicated Worker, D1, R2, Modal app — failures cannot cascade across products.
  6. Procurement How do we buy this?
    Self-serve: credit card via Stripe Checkout, instant. Annual invoice (USD or EUR) in 1–2 business days via hello@tunelab.dev. DPA in 1–2 business days. Security questionnaire in 3–5 business days. SSO/SAML for the dashboard available on the Enterprise tier.
TuneLab Audio Intelligence API · CTO Defense Kit · Page 1 / 2 developers.tunelab.dev/trust

Where Your Audio Goes — Data Flow

Sync upload path. Bytes are processed in memory and never written to durable storage. Async upload path adds R2 staging with a 1-hour lifecycle rule.

Developer app │ │ HTTPS / TLS 1.3 ▼ [Cloudflare Worker — edge] ← API key auth, rate limit, _meta envelope │ authenticated, never persisted ▼ [Bare-metal FastAPI — Hetzner DE] ← DSP compute, in-memory only │ │ on bare-metal 503 only ▼ [Modal GPU container — overflow] ← isolated, no persistent state Audio retention: • Sync upload → in memory, 0 seconds on disk • Async upload → R2 bucket, max 1 hour (lifecycle delete) • Stem outputs → R2 bucket, max 24 hours (lifecycle delete) • Logs → trace ID + metadata only, never payload bodies

SLA Targets & Remedies

Tier Monthly uptime target Service credits Status / RCA
Free Best effort None Public status page
Starter — $29/mo 99.5% [VERIFY] None Public status page
Pro — $99/mo 99.9% [VERIFY] Pro-rated credits Public + RCA in 5 business days
Scale — $499/mo 99.95% [VERIFY] Pro-rated credits Public + RCA in 5 business days
Enterprise — $2,500+/mo Negotiated Custom contract Dedicated Slack + email alerts

Versioning & Continuity Commitments

Semver, in writing

Minor versions (v1.x) add fields and endpoints; they never remove or rename. Breaking changes get a new major version (/v2/) and at least 90 days advance email notice. The full version history is published at /changelog.

Escape hatch

On shutdown: 90-day notice, continued read-only access during the window, and a one-time bulk export of every feature ever computed against your key. Stable identifiers throughout (MBID, ISRC, Spotify ID, AcoustID) so you can re-resolve against any replacement provider.

Procurement Contacts

Compliance & security compliance@tunelab.dev
DPA, security questionnaires, vulnerability disclosure (subject prefix [security]). Replies within 1 business day.
Sales & invoicing hello@tunelab.dev
Annual invoices (USD/EUR), Enterprise terms, custom MSA, SSO/SAML. Replies within 1–2 business days.

Honest Status — What We Are Not (Yet)

We are not SOC 2 Type II certified [VERIFY target date]. We are not ISO 27001 certified [VERIFY target date]. Our infrastructure providers (Cloudflare, Hetzner) carry the heavy upstream certifications; their public reports cover the layer beneath us. If your procurement process requires a certified vendor today, we are happy to refer you to one and re-engage when our certification path lands.

TuneLab Audio Intelligence API · CTO Defense Kit · Page 2 / 2 developers.tunelab.dev/trust