SongkeeperSongkeeper

Privacy Policy

Last updated: February 10, 2026

This Privacy Policy describes how Songkeeper ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website, desktop applications, mobile applications, and services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

Account Information

  • Name and display name
  • Email address
  • Password (stored in hashed form)
  • Profile image
  • Phone number (optional)
  • Business name, tax ID, and address (optional)
  • Two-factor authentication data, including TOTP secrets and backup codes (stored in encrypted form)

Content and Files

  • Audio files (songs, recordings, mixes, masters, ideas)
  • Images and artwork
  • Documents and other files you upload
  • Song metadata (titles, lyrics, credits, BPM, key, genre, etc.)
  • Recording metadata (ISRC codes, ISWC codes, release dates, production credits)
  • Songwriting information (ownership splits, IPI numbers, PRO affiliations)

Contact and CRM Data

  • Contact information you enter (names, emails, phone numbers, addresses)
  • Artist profiles and biographies
  • Social media handles
  • Activity notes and interaction history

Billing Data

  • Service items, billable items, and project billing information you create
  • Payment terms and invoice notes
  • Currency and language preferences

Communications

  • Comments and feedback you leave on shared content
  • Support requests and correspondence with us
  • Responses to surveys or questionnaires

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information:

Usage Data

  • Pages and features you access
  • Actions you take within the Service
  • Date and time of your visits
  • Time spent on pages
  • Referring URLs

Device and Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Screen resolution

Session Data

  • IP address and user agent string associated with each login session
  • Session creation and expiration timestamps

Share Analytics

When content is shared with third parties, we collect:

  • View, play, download, and approval events
  • Playback position, duration, and completion percentage
  • Approximate geographic location (country, region, city)
  • Referrer information
  • User agent and browser information
  • Visitor session identifiers

This analytics data helps you understand how recipients engage with your shared content.

Inbox Submissions

When clients or collaborators submit files to your inbox, we collect the submitter's name, email address (if provided), and IP address for security and abuse prevention purposes.

1.3 Information from Third Parties

We may receive information from third-party services:

  • OAuth Providers: If you sign in using Google or other OAuth providers, we receive your name, email address, and profile picture from those services.
  • Payment Processors: We receive payment confirmation, subscription status, and customer identifiers from Stripe. We do not store your full credit card number.

1.4 Email Delivery Data

When we send emails on your behalf (such as split sheet signing requests or share notifications), we track delivery status, including whether emails were delivered, bounced, or received complaints. This helps us maintain email deliverability and avoid sending to invalid addresses.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Maintain the Service

  • Create and manage your account
  • Store and organize your music, files, and data
  • Enable sharing and collaboration features
  • Process payments and manage subscriptions
  • Send transactional emails (share notifications, split sheet signing requests, subscription reminders, etc.)
  • Provide share analytics to content owners

2.2 Improve and Develop the Service

  • Understand how users interact with the Service
  • Identify and fix technical issues
  • Develop new features and functionality
  • Analyze usage patterns and trends

2.3 Communicate with You

  • Respond to your requests and support inquiries
  • Send service-related announcements and updates
  • Notify you about changes to our terms or policies
  • Send notification emails based on your notification preferences

2.4 Ensure Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Monitor email delivery health (bounces, complaints) to maintain service quality
  • Enforce our Terms of Service
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Your Consent

When you share content through the Service (e.g., sharing a project with a client), you direct us to make that content accessible to your chosen recipients.

3.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Backblaze: File storage (B2)
  • Cloudflare: Content delivery network and image processing
  • Stripe: Payment processing and subscription management
  • Resend: Email delivery services
  • Google: Authentication services

These providers are contractually obligated to protect your information and may only use it to provide services to us.

3.3 Legal Requirements

We may disclose your information if required by law or if we believe such action is necessary to:

  • Comply with a legal obligation, subpoena, or court order
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

3.4 Business Transfers

If Songkeeper is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure cloud infrastructure provided by Backblaze B2, with content delivered through Cloudflare's network. We use multiple storage approaches depending on the sensitivity of the content:

  • Sensitive Documents: Content such as split sheets and other sensitive documents are stored in private storage buckets and accessed only through time-limited, pre-signed URLs. These files cannot be accessed without a valid, temporary access token.
  • General Content: Audio files, images, and other production assets are stored with unique, cryptographically random file identifiers that are not publicly listed or discoverable. These files are private by default and only accessible when you explicitly share them or access them through the Service. While the underlying storage is technically accessible by URL, the file identifiers are sufficiently long and random to prevent unauthorized discovery.
  • Public Content: Certain content you choose to make publicly available, such as release artwork and promotional images, may be stored in publicly accessible storage and delivered via CDN.

4.2 Data Location

Your data may be processed and stored in data centers located in the United States, Canada, Europe, and other regions. By using the Service, you consent to the transfer of your information to these locations. Our infrastructure is designed to serve content from locations nearest to users for optimal performance.

4.3 Security Measures

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of all stored data at rest using AES-256 encryption provided by our storage infrastructure
  • Secure password hashing
  • Encrypted storage of two-factor authentication secrets
  • Cryptographically random, unguessable file identifiers for stored content
  • Time-limited pre-signed URLs for sensitive document access
  • Access controls and authentication
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

5. Data Retention

We retain your information for as long as:

  • Your account is active
  • Necessary to provide the Service and fulfill the purposes described in this policy
  • Required by law (e.g., tax records, legal compliance)
  • Needed to resolve disputes or enforce our agreements

When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as maintaining backup copies).

5.1 Subscription Expiration

If your subscription expires or is cancelled, we may retain your data for a grace period to allow you to renew your subscription or export your data. After the grace period, your data may be queued for deletion. We will make reasonable efforts to notify you before any data deletion occurs.

5.2 Content Deletion

When you delete files or content from the Service, they may be moved to a "trash" state before permanent deletion. Permanently deleted content is removed from our active systems but may persist in backups for a limited period.

5.3 Account Deletion

Account deletion requests are processed through a structured workflow. Once you request deletion, there is a waiting period during which you may cancel the request. After the deletion is finalized, your data is permanently removed from our active systems.

6. Your Rights and Choices

6.1 Account Information

You can access, update, or delete your account information through your account settings at any time.

6.2 Data Export

You can export your data from the Service. Contact us if you need assistance with data export.

6.3 Account Deletion

You can request deletion of your account through your account settings or by contacting us. Upon deletion, your personal information will be removed in accordance with our retention policies described in Section 5.

6.4 Email Communications

You can manage your email notification preferences in your account settings. You may opt out of optional notification emails at any time. Note that you cannot opt out of transactional emails related to your account or the Service (e.g., password resets, security alerts, subscription billing notices).

6.5 Cookies

Most web browsers allow you to control cookies through browser settings. However, disabling cookies may affect the functionality of the Service.

7. Rights for Users in Specific Jurisdictions

7.1 European Economic Area (EEA) Residents - GDPR

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Our legal bases for processing your data include: performance of our contract with you, your consent, our legitimate business interests, and compliance with legal obligations.

You also have the right to lodge a complaint with your local data protection authority.

7.2 California Residents - CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us using the information provided below. We may need to verify your identity before processing your request.

7.3 Canadian Residents - PIPEDA

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access and correct your personal information.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Understand how you use the Service
  • Ensure security and prevent fraud

8.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand usage patterns

8.2 Do Not Track

We do not currently respond to "Do Not Track" browser signals. However, you can control cookies through your browser settings.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We encourage you to review this policy periodically.

Your continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: [email protected]