Privacy Policy

Privacy Policy

Your privacy matters. This policy explains what data we collect, why we collect it, the legal basis for doing so, and the rights you have over it.

Last updated: May 30, 2026

Who We Are

ARCHITECT Music Inc. ("ARCHITECT", "we", "us", "our") operates the ARCHITECT platform β€” an AI-powered intelligence and IP-management product for music labels, rights holders, and consumer brands. This Privacy Policy explains what personal data we process, why, on what legal basis, and the rights you have over it.

Data Controller

  • Controller: ARCHITECT Music Inc. (United States)
  • For account, billing, and marketing data, ARCHITECT acts as the data controller
  • For catalog, customer, and campaign data uploaded into the platform by business clients, ARCHITECT acts as a data processor on the client’s behalf (see "Our Role as a Processor")

Data Protection Contact

  • Privacy & Data Protection Officer: privacy@architectmusic.ai
  • Legal & compliance: legal@architectmusic.ai
  • Security & vulnerability reports: security@architectmusic.ai

Information We Collect

We collect only what we need to run the platform, bill it, secure it, and improve it.

Account & Identity Data

  • Name and email address provided at registration
  • Phone number when used for SMS verification
  • Company / organization details for business accounts
  • Authentication metadata (session tokens, login timestamps, device and IP information)

Payment Data

  • Subscription plan, billing status, and invoice history
  • Card and payment details are collected and stored by Stripe β€” we never see or store full card numbers

Platform & Usage Data

  • Features used, pages visited, and in-app actions
  • API usage statistics and rate-limiting data
  • Performance metrics, error logs, and diagnostic information

Behavioural & Analytics Data

  • Page views, clicks, scroll depth, and navigation paths
  • Heatmap and session-interaction data used to diagnose usability issues
  • Device, browser, language, and approximate (IP-derived) location
  • Form interactions and conversion-funnel events

Client-Uploaded Content

  • Music catalog, track, and rights metadata you add to the platform
  • Brand, product, and campaign configuration you create
  • Any end-user or customer data you choose to import β€” processed strictly under your instructions

Publicly Sourced Market Data

  • Trend and engagement signals about tracks, sounds, and brands collected from public platform APIs (e.g. streaming, social, and marketplace sources)
  • This data describes content and market activity, not the personal data of our individual users

Legal Bases for Processing

Where the GDPR applies, we rely on the following legal bases under Article 6. We only process your data where at least one applies.

Article 6 Bases

  • Performance of a contract (Art. 6(1)(b)) β€” to create your account, deliver the platform, and process payments
  • Legitimate interests (Art. 6(1)(f)) β€” to secure the service, prevent abuse, analyse usage, and improve our products, balanced against your rights
  • Consent (Art. 6(1)(a)) β€” for non-essential cookies, optional analytics, and marketing communications; withdrawable at any time
  • Legal obligation (Art. 6(1)(c)) β€” to meet tax, accounting, and regulatory requirements

How We Use Your Data

Service Provision

  • Provide and maintain the AI-powered intelligence and IP-management platform
  • Process and analyse your catalog, brand, and campaign data
  • Generate trend-detection, scoring, and campaign recommendations
  • Deliver real-time alerts and notifications you have configured

Platform Improvement

  • Improve our models, scoring, and recommendation engines
  • Enhance usability and develop new features
  • Optimize performance, reliability, and operating cost

Security & Compliance

  • Detect, investigate, and prevent fraud, abuse, and unauthorized access
  • Maintain audit logs and meet our legal and contractual obligations

Communications

  • Send transactional messages (account, billing, security, service status)
  • Send product and marketing updates only where you have opted in β€” unsubscribe at any time

AI & Automated Processing

ARCHITECT uses machine-learning and AI models to generate market intelligence. We are transparent about where automation is applied.

What the AI Does

  • Trend detection, breakout-probability scoring, and source-authority weighting on market signals
  • AI-assisted insights, executive summaries, and translations
  • These outputs describe content and market dynamics β€” they are decision-support tools, not automated decisions about individuals

Your Safeguards

  • We do not make decisions producing legal or similarly significant effects about you based solely on automated processing (GDPR Art. 22)
  • AI-generated recommendations are advisory; a human always remains in control of campaign and business decisions
  • Where third-party AI providers are used (e.g. Google), data is processed under their data-processing terms and not used to train their foundation models without a contractual basis

Cookies & Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the platform is used.

Categories

  • Strictly necessary β€” authentication, security, and core functionality (always on)
  • Preference β€” language, theme, and UI settings
  • Analytics β€” usage and heatmap measurement to improve the product
  • Marketing β€” only set with your consent

Managing Cookies

You can accept or reject non-essential cookies via the cookie settings available in our footer, and change your choice at any time.

You can also block or delete cookies in your browser settings, though some features may stop working as a result.

Third-Party Services & Subprocessors

We rely on a small set of vetted providers to operate the platform. Each processes data under a data-processing agreement and only for the purposes below.

Infrastructure & Storage

  • Google Firebase (Authentication, Firestore, Storage, App Hosting, App Check) β€” hosting, authentication, and encrypted data storage
  • Google BigQuery β€” analytics and intelligence data warehouse

Payments & Verification

  • Stripe β€” subscription billing and payment processing
  • MessageBird (Bird) β€” SMS verification for account security

AI & Language Processing

  • Google Gemini API β€” AI insights, summaries, and translations
  • Google Cloud Natural Language API β€” sentiment analysis

Analytics & Delivery

  • Firebase Analytics β€” product usage and conversion analytics
  • Heatmap / session analytics β€” usability and interaction analysis
  • Google Fonts β€” typography delivery

Market-Data Sources

  • Public platform APIs β€” Spotify, TikTok, YouTube, Instagram, and X/Twitter β€” for trend and engagement signals
  • Serper.dev, RapidAPI, Firecrawl, and SEC EDGAR β€” for market, retail, and public-filing intelligence
  • These sources supply content and market data, not your account information

How We Share Your Data

We Do Not Sell Your Data

We do not sell your personal information, and we do not share it for cross-context behavioural advertising as defined under the California Consumer Privacy Act (CCPA/CPRA).

When We Share

  • With subprocessors listed above, strictly to deliver the service
  • When required by law, regulation, legal process, or a valid government request
  • To protect the rights, safety, and security of ARCHITECT, our users, or the public
  • In connection with a merger, acquisition, or asset transfer β€” with notice to you and continued protection of your data

International Data Transfers

ARCHITECT operates across the EU and the US. Your data may be processed in either region.

Data Regions

  • Primary processing region: EU (Frankfurt)
  • Secondary regions: US East and US West
  • GDPR-compliant handling applies by default

Transfer Safeguards

  • Transfers out of the EEA/UK rely on European Commission Standard Contractual Clauses (SCCs) and equivalent safeguards
  • A Data Processing Agreement (DPA) with SCCs is available to business clients on request via legal@architectmusic.ai

Data Protection & Security

Security Measures

  • Encryption of data in transit (TLS) and at rest
  • Enterprise-grade cloud infrastructure with network and access controls
  • Role-based access control and least-privilege permissions
  • Continuous monitoring, logging, and vulnerability management
  • Automated backup and disaster-recovery procedures

Breach Notification

In the event of a personal-data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users without undue delay, as required by applicable law.

Data Retention

Retention Periods

  • Account data β€” retained for the life of your account and deleted within 30 days of account closure
  • Billing and invoice records β€” retained as long as required by tax and accounting law
  • Usage and analytics data β€” retained in anonymized or aggregated form for product improvement
  • Backups β€” securely overwritten on a rolling schedule per our retention policy
  • Client-uploaded content β€” retained under your instructions and deleted on request or contract termination

Your Rights

Depending on where you live, you have the following rights. To exercise any of them, contact privacy@architectmusic.ai β€” we respond within the timeframe required by law.

GDPR Rights (EEA / UK)

  • Access β€” request a copy of your personal data
  • Rectification β€” correct inaccurate or incomplete data
  • Erasure β€” request deletion of your personal data ("right to be forgotten")
  • Portability β€” export your data in a machine-readable format
  • Restriction & Objection β€” limit or object to certain processing, including direct marketing
  • Withdraw consent β€” at any time, without affecting prior lawful processing
  • Complaint β€” lodge a complaint with your local data-protection supervisory authority

CCPA / CPRA Rights (California)

  • Know what personal information we collect, use, and disclose
  • Request deletion or correction of your personal information
  • Opt out of sale or sharing β€” note: we do not sell or share your personal information
  • Non-discrimination for exercising any of your privacy rights

Our Role as a Processor

For data that business clients upload into the platform about their own customers, artists, or end users, ARCHITECT acts as a data processor.

How This Works

  • The client is the data controller and decides why and how that data is processed
  • We process it only on the client’s documented instructions and under our DPA
  • End-user privacy requests relating to client data are forwarded to, and handled by, the relevant client

Children’s Privacy

Age Restriction

ARCHITECT is a business product not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact privacy@architectmusic.ai and we will delete it.

Changes to This Policy

Updates

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last updated" date and, where appropriate, communicated to you directly.

Your continued use of the platform after an update constitutes acceptance of the revised policy.

Contact Us

Questions about this Privacy Policy or how we handle your data? Reach the right team directly:

Privacy / Data Protection β€” privacy@architectmusic.aiLegal & Compliance β€” legal@architectmusic.aiSecurity β€” security@architectmusic.aiGeneral β€” contact@architectmusic.ai

This Privacy Policy is operated by ARCHITECT Music Inc. and is governed by the laws of the United States, alongside the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA) where applicable.

We reserve the right to update this Privacy Policy at any time. Changes are posted on this page with an updated revision date.

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.