Privacy Policy

Data We Collect

• User data: account identifiers and profile fields we need to operate the service, such as email addresses and names used for authentication, display, and workspace membership.
• Catalog and registration data you provide or import: song titles, ISRCs, work identifiers, contributor names and IDs, splits and share information, signatures, templates, and generated documents—needed for document generation, catalog operations, and PRO registration workflows.
• Technical and security data: session-related signals, activity and audit events, and operational diagnostics required to protect accounts, prevent abuse, and keep the platform reliable.

How We Use Data

• To run BaseBox features you choose to use, including catalog management, template-based PDF/XLSX generation, archives, and PRO registration and submission flows.
• To store data using appropriate technical and organizational measures. We do not sell your personal or catalog data to third-party marketers. Data is not shared with unrelated third parties except as described below (including PRO/CMO submissions you initiate).
• To provide customer support, respond to security or legal requests where permitted, and improve stability through monitoring and logging.

Recipients: PROs and service providers

When you export registrations or otherwise submit materials to a Collective Management Organization (PRO) or similar rights organization, the information contained in those submissions is received by that organization as part of your chosen workflow. BaseBox acts on your instructions; we do not claim ownership of your musical works. We use infrastructure and subprocessors (for example hosting, database, email delivery) strictly as needed to provide the service.

Data Security

• BaseBox-DB uses authenticated access controls and scoped data isolation per workspace.
• We continuously maintain security headers and audit flows in the application runtime.
• Data in transit is protected with TLS/SSL encryption on supported production endpoints.
• Authentication uses secure OAuth and token-based session flows, with role-based access controls for admin, editor, and user boundaries.
• Automated daily backups support data recovery and operational resilience.
• We continuously monitor infrastructure health and runtime signals to detect reliability or security issues.

Cookies, similar technologies, and GDPR rights

We use essential cookies (and similar storage) to keep you signed in securely. Where enabled, analytics may help us understand product usage. You can control cookies through your browser settings. If you are in the EEA/UK/CH or otherwise covered by the GDPR or similar laws, you may have rights to access, rectify, erase, restrict, or port personal data, and to object to certain processing—contact us through support to exercise these rights or ask questions.

Your Rights and Control

You retain ownership of the catalog content you enter. You can use in-product controls (where available) and exports to manage your data, and request help or account-related actions through support.