Legal

Privacy Policy

Last updated: May 2026

1. Who We Are

musicsupervision.io ("we", "our", "us") is operated by Paola Andrea Trujillo Tapias, an individual sole trader (the "Seller"). For the purposes of applicable data protection laws (including the GDPR and UK GDPR), the Seller acts as the data controller of the personal information described in this notice. You can contact us at supervisionpaolatrujillo@gmail.com.

2. Information We Collect

We collect information you provide directly to us, such as when you create an account, fill out a form, or contact us. This may include your name, email address, login credentials, support messages, and any other information you choose to provide. We also collect usage and device data (IP address, browser type, pages visited) to operate and secure the service.

3. Gmail Integration & Data Use

If you choose to connect your Gmail account, musicsupervision.io accesses your Gmail data solely to power the quote request workflow:

  • gmail.send: We compose and send licensing quote request emails from your Gmail address to rights holders (publishers, labels, artist managers). The email subject, recipients, body, and any CC addresses are determined by the quote request you create inside the app.
  • gmail.readonly: We fetch reply bodies from the specific email threads that our app created when sending quote requests. We identify these threads by the thread ID stored at send time. We do not scan your general inbox, read unrelated emails, or access your contacts.
  • gmail.modify: We remove the UNREAD label from messages after you view the reply inside our app's dashboard. This keeps your Gmail inbox in sync with what you've already seen in our UI. We never delete emails, move them to trash, or apply labels to unrelated messages.

Gmail data is used exclusively for this licensing negotiation workflow. We do not use Gmail data for advertising, sell it to third parties, transfer it outside the app, or use it to train AI/ML models.

4. Legal Basis for Processing

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to create your account, deliver the service, and process subscription payments.
  • Legitimate interests — to secure the platform, prevent fraud and abuse, improve the product, and provide customer support.
  • Consent — for the Gmail integration scopes described above and for any optional marketing communications. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other regulatory requirements.

5. Data Storage & Retention

Account data and message bodies from quote request email threads are stored in our database only to render the conversation history back to you inside the app. This data is tied to your account and the specific project/quote request it belongs to. We retain personal data only for as long as needed to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. You can delete your account and all associated data at any time via your profile settings or by contacting us; we will then delete or anonymise the data within a reasonable period.

6. Sharing of Information

We do not sell your personal information. We share data only with the following categories of recipients:

  • Paddle.com Market Ltd ("Paddle") — our Merchant of Record and payment processor. When you purchase a subscription, Paddle handles the checkout, payment, billing, tax compliance, invoicing, refunds, and chargebacks. Paddle receives the personal and payment data you submit at checkout (such as name, email, billing address, and payment method details) and processes it under Paddle's Privacy Notice.
  • Infrastructure and hosting providers — cloud database, file storage, and analytics services that operate the platform on our behalf as data processors.
  • Google (Gmail API) — only when you explicitly connect your Gmail account, and only for the scopes described in Section 3.
  • Professional advisers and authorities — where required by law, court order, or to protect our rights.

7. Data Security

We implement appropriate technical and organisational measures — including encryption in transit (HTTPS/TLS), access controls, and least-privilege database policies — to help protect personal information from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction.

8. International Transfers

Our service providers, including Paddle and our hosting partners, may process data outside your country of residence (including in the EEA, UK, and US). Where data leaves the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

9. Your Rights

Subject to applicable law (including the GDPR / UK GDPR), you have the right to access, rectify, erase, restrict, or port your personal data, and to object to or withdraw consent for certain processing. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, contact us at supervisionpaolatrujillo@gmail.com. You may also disconnect your Gmail account at any time from your profile page, which immediately revokes our access to your Gmail data.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date above.

11. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact Paola Andrea Trujillo Tapias at supervisionpaolatrujillo@gmail.com.