BaseBox-DB LogoBaseBox-DB Logo

Privacy Policy (GDPR)

This policy explains how BaseBox-DB (Alexandros Pilatos) processes personal and catalog data when you use our cloud music-catalog platform.

1. Purpose

This Policy sets out the framework and principles applied by BaseBox-DB (Alexandros Pilatos) (“we”, “us”, or “the Data Controller”) for managing personal data and protecting their security, confidentiality, integrity, and availability when we provide the BaseBox-DB cloud software service for music catalog organization, work metadata, and Collective Management Organization (CMO) registration workflows.

2. Scope

This Policy applies to all personal data we process in operating the BaseBox-DB platform, including user accounts, catalog and contributor information you enter or import, technical security records, and subscription transactions where applicable.

3. Who applies this Policy

  • Management / lawful representatives of the Data Controller
  • Data Protection Officer (DPO)
  • Authorized platform and support personnel
  • Processors that handle data on our instructions, bound by contract and law

4. Description — General

We recognize the importance of personal data and align our practices with Regulation (EU) 2016/679 (GDPR). For questions or to exercise your rights, contact us at info@basebox-db.com.

5. Data Controller and DPO details

  • Legal name: BaseBox-DB (Alexandros Pilatos)
  • Address: Nafpaktou 1, Agia Varvara, 12351
  • Phone: 6986563325
  • Privacy / general contact: info@basebox-db.com
  • Data Protection Officer (DPO): info@basebox-db.com

6. Who collects personal data

Personal data is collected and processed by the Data Controller when providing BaseBox-DB: catalog management, document generation, CMO registration flows, digital signatures, private split-sheet agreements, and archives.

7. What personal data we collect

  • Account and profile: email, display name, artist or professional name, username/handle, avatar, role (admin/editor/user), workspace, subscription/billing details where applicable, and authentication data.
  • Catalog and contributors you provide: names, emails, phone numbers, IPI/CAE, share percentages, song metadata (titles, ISRC, ISWC, duration, genres, release media), digital signatures, split sheets, templates, and archives.
  • Technical and security: IP/device signals, audit logs, support messages, cookie preferences, and operational diagnostics.

8. How we collect data

  • Directly from you: registration, forms, file import, support chat.
  • Automatically when you use the service: sessions, cookies, logs.
  • From third parties only when you choose (e.g. Google OAuth, PayPal).

9. Children

The service is aimed at adult creators and professionals. We do not target individuals under 16 years of age.

10. Purposes of processing

  • Providing and operating BaseBox-DB.
  • Authentication and account security.
  • Customer support.
  • Subscriptions and payments.
  • Compliance with legal obligations.

11. Legal bases (GDPR)

  • Performance of a contract.
  • Legitimate interests.
  • Legal obligation.
  • Consent (e.g. optional cookies).

12. Profiling

We do not use personal data for automated profiling.

13. Disclosure to third parties

We share data with processors (Vercel, Supabase, Zoho Mail, PayPal, Google, Cloudflare Turnstile) strictly to operate the service, and with CMO organizations only when you choose to submit or export a registration.

14. Subprocessors and hosting

Production data is hosted in the EU/EEA where supported. Subprocessors include Vercel, Supabase, Zoho Mail, PayPal, Google (OAuth), and Cloudflare Turnstile. Optional analytics (consent only): When you accept cookies, we may use Google Analytics (Google LLC) and Vercel Web Analytics / Speed Insights (Vercel Inc.) as described in our [Cookie Policy](/cookie-policy). These do not run until you opt in via the banner.

15. Retention

Retention depends on the purpose of processing.

  • Account and catalog: for as long as your account remains active.
  • Billing/transactions: as required for tax and accounting obligations.

16. Your rights

You have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent, subject to applicable law.

Complaints to the Hellenic Data Protection Authority (APDPX): Kifisias Ave. 1-3, 115 23 Athens, Greece — complaints@dpa.gr.

17. Data security

  • We apply organizational and technical measures (access controls, TLS, encryption, backups, and related safeguards).

18. Cloud service

BaseBox-DB is a cloud-hosted SaaS application. Your account, catalog, and documents are processed on managed infrastructure operated by our subprocessors.

19. Cookies

We use essential cookies to keep you signed in. Optional analytics and performance tools (Google Analytics, Vercel Web Analytics, Vercel Speed Insights) load only after you accept the cookie banner. You can control cookies through your browser. Our banner records your choice until accepted. For full details, see our [Cookie Policy](/cookie-policy).

20. Contact

Address: Nafpaktou 1, Agia Varvara, 12351 · Email: info@basebox-db.com · DPO: info@basebox-db.com

21. Updates

We review this Policy when legislation or our practices change. The version and last-updated date appear at the bottom of this page.