Privacy Policy

INBEstudio AI Compliance Check Platform

Last Updated: November 9, 2025

Effective Date: November 9, 2025

1. Introduction

INBEstudio ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the INBEstudio AI Compliance Check Platform ("Service").

By using the Service, you consent to the practices described in this Privacy Policy.

Contact Information:

• Email: sales@inbestudio.com
• Website: www.inbestudio.com
• Address: Buenos Aires, Argentina

2. Information We Collect

2.1 Information You Provide

Account Information:

• Email address
• Password (encrypted)
• Company name (optional)
• Billing address

Payment Information:

• Credit card details (processed by Stripe, we do NOT store card numbers)
• Billing history

Uploaded Content:

• Audio files you upload for analysis
• File metadata (name, size, duration)

Communications:

• Messages you send to support
• Feedback and survey responses

2.2 Information Automatically Collected

Usage Data:

• API key usage statistics
• Number of analyses performed
• Files uploaded (metadata only)
• Feature usage patterns

Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Referral source
• Pages visited
• Time and date of access

Cookies and Tracking:

• Session cookies (essential for login)
• Analytics cookies (optional, for improving Service)

2.3 Information from Third Parties

Stripe (Payment Processor):

• Payment status
• Subscription status
• Transaction IDs

We do NOT collect:

• Social media data (we don't integrate with social platforms)
• Location tracking (beyond IP-based country detection)
• Biometric data
• Health information

2.4 Biometric Data and Voice Analysis

The Service analyzes audio signals for copyright fingerprinting and AI-generated content detection. This analysis:

• Does NOT extract or store voice biometrics (voiceprints)
• Does NOT identify individual speakers
• Does NOT create voiceprint templates
• Processes audio features transiently (deleted after analysis)

If your audio files contain voice recordings, you are responsible for obtaining necessary consents from speakers under applicable biometric privacy laws (GDPR Article 9, Illinois BIPA, etc.).

3. How We Use Your Information

We use your information for:

3.1 Providing the Service

• Creating and managing your account
• Processing audio files
• Generating analysis reports
• Providing customer support
• Sending transactional emails (password resets, receipts)

3.2 Billing and Payments

• Processing subscription payments
• Sending invoices and receipts
• Managing upgrades and downgrades
• Handling refunds (if applicable)

3.3 Service Improvement

• Analyzing usage patterns
• Identifying bugs and issues
• Improving AI models (using anonymized data only)
• Developing new features

3.4 Communications

• Responding to support requests
• Sending service announcements (downtime, new features)
• Sending marketing emails (you can opt-out)

3.5 Legal and Security

• Preventing fraud and abuse
• Enforcing Terms of Service
• Complying with legal obligations
• Protecting our rights and users' safety

We do NOT:

• Sell your data to third parties
• Use your audio files to train AI models
• Share your content publicly
• Track you across other websites

3.6 AI Model Training and Your Audio Files

IMPORTANT: We do NOT use your audio files to train AI models. Specifically:

• Your uploaded audio files are NEVER used for AI training
• We do not create datasets from customer files
• We do not share files with AI model providers
• We do not use files to improve copyright detection algorithms

We may use ONLY:

• Anonymized usage statistics (e.g., "1,000 files analyzed today")
• Aggregated performance metrics (e.g., "average analysis time: 30 seconds")

This is a core commitment. We understand artists' concerns about AI training and your trust is paramount.

4. Data Retention

4.1 Retention Periods

4.2 Deletion

You may request deletion by:

• Deleting your account in the dashboard
• Emailing sales@inbestudio.com

We will delete your data within 30 days, except:

• Billing records (retained for 7 years)
• Data required by law
• Anonymized analytics data

Backup retention: Deleted data may persist in backups for up to 90 days.

5. How We Share Your Information

5.1 Third-Party Service Providers

We share data with trusted partners who help us operate the Service:

All providers are GDPR/CCPA compliant.

5.2 Business Transfers

If we are acquired or merge with another company, your data may be transferred to the new entity. You will be notified via email.

5.3 Legal Requirements

We may disclose your information if required by law:

• Court orders or subpoenas
• Government investigations
• Protecting our legal rights
• Preventing fraud or harm

5.4 With Your Consent

We may share data for other purposes with your explicit consent.

We do NOT:

• Sell your data to advertisers
• Share data with social media platforms
• Provide data to marketing companies

6. International Data Transfers

Our servers are located in: United States

If you are outside the US, your data will be transferred to and processed in the US.

EU/EEA Users: We use standard contractual clauses (SCCs) approved by the European Commission to ensure your data is protected.

By using the Service, you consent to this transfer.

7. Data Security

7.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

• Encryption in transit (HTTPS/TLS 1.3)
• Encryption at rest (database encryption)
• Secure password hashing (bcrypt)
• API key authentication
• Rate limiting to prevent abuse

Organizational Safeguards:

• Employee access controls
• Regular security audits
• Incident response plan
• Vendor security assessments

7.2 Your Responsibilities

You are responsible for:

• Keeping your password secure
• Not sharing your API key
• Using strong passwords
• Notifying us of unauthorized access

7.3 Data Breach Notification

If a breach occurs, we will:

1. Investigate within 24 hours
2. Notify affected users within 72 hours
3. Report to authorities if required by law
4. Provide guidance on protective measures

Despite our efforts, no system is 100% secure. Use the Service at your own risk.

8. Your Privacy Rights

8.1 All Users

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account
• Portability: Export your data in JSON format
• Opt-out: Unsubscribe from marketing emails

How to exercise rights: Email sales@inbestudio.com with your request.

8.2 GDPR Rights (EU/EEA Users)

If you are in the EU or EEA, you have additional rights:

• Right to object: Object to data processing
• Right to restrict: Limit how we use your data
• Right to lodge a complaint: Contact your local data protection authority

Legal basis for processing:

• Contract performance (providing the Service)
• Consent (marketing emails)
• Legitimate interest (fraud prevention, analytics)

Data Protection Officer: Not required under GDPR Article 37(1) (company does not meet DPO designation threshold: fewer than 250 employees, and data processing is not core activity involving regular and systematic monitoring of data subjects on a large scale).

For privacy matters, contact: sales@inbestudio.com

8.3 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know: What personal information we collect and how we use it
• Delete: Request deletion of your personal information
• Opt-out of sale: We do NOT sell personal information
• Non-discrimination: We will not discriminate against you for exercising rights

How to submit a request:

1. Email sales@inbestudio.com
2. Provide your email address for verification
3. We will respond within 45 days

Verification: We verify your identity using your email address.

9. Cookies and Tracking

9.1 Types of Cookies

We use the following cookies:

9.2 Third-Party Cookies

We may use:

• Google Analytics (if implemented) - Opt-out
• Stripe (payment processing) - Essential, cannot opt-out

9.3 Managing Cookies

You can control cookies through:

• Browser settings (block all cookies)
• Privacy mode/incognito mode
• Opt-out links (for analytics)

Note: Blocking essential cookies will prevent you from using the Service.

9.4 Do Not Track

We do not respond to "Do Not Track" (DNT) signals because there is no industry standard.

10. Children's Privacy

The Service is NOT intended for children under 18.

We do not knowingly collect data from children. If we discover we have collected a child's data, we will delete it immediately.

Parents: If you believe your child has provided data, contact us at sales@inbestudio.com.

10.2 Audio Files Containing Minors' Voices

While the Service is intended for business users 18+, uploaded audio files may contain recordings of minors (e.g., young artists). You represent that:

• You have obtained necessary parental/guardian consents
• You comply with COPPA and similar laws
• You are authorized to process minors' data for business purposes

We do not knowingly collect personal information from children. Our Service processes audio characteristics, not personal data of individuals in recordings.

11. Marketing Communications

11.1 Types of Communications

Transactional (cannot opt-out):

• Account creation confirmations
• Password reset emails
• Invoices and receipts
• Service announcements (security, downtime)

Marketing (can opt-out):

• New feature announcements
• Special offers and promotions
• Company news

11.2 Opting Out

To unsubscribe from marketing emails:

1. Click "Unsubscribe" link in any marketing email
2. Email sales@inbestudio.com
3. Update preferences in your account dashboard

You will still receive transactional emails.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are NOT responsible for their privacy practices.

Examples:

• Stripe (payment processing)
• API documentation links
• Support resources

We recommend reviewing the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email to registered users (for significant changes)

Your continued use after changes constitutes acceptance.

Previous versions: Available upon request at sales@inbestudio.com

14. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: sales@inbestudio.com

Website: www.inbestudio.com

Address: Buenos Aires, Argentina

Response time: We aim to respond within 7 business days.

15. Specific Provisions by Region

15.1 European Economic Area (EEA)

Data Controller: INBEstudio, [ADDRESS]

Legal basis for processing:

• Contractual necessity (providing the Service)
• Legitimate interest (fraud prevention, analytics)
• Consent (marketing)

Data transfers: We use Standard Contractual Clauses (SCCs)

Supervisory authority: You may lodge a complaint with your local data protection authority.

15.2 California (CCPA)

Categories of personal information collected:

• Identifiers (email, IP address)
• Commercial information (purchase history)
• Internet activity (usage data)
• Audio files (for analysis)

Purposes: As described in Section 3

Third parties: As described in Section 5

Sale of personal information: We do NOT sell personal information.

Right to opt-out: Not applicable (we don't sell data)

15.3 Brazil (LGPD)

Data Controller: INBEstudio

Legal basis:

• Consent
• Contract execution
• Legitimate interest

Data Protection Officer: Not required under GDPR Article 37(1) (company does not meet DPO designation threshold: fewer than 250 employees, and data processing is not core activity involving regular and systematic monitoring of data subjects on a large scale).

For privacy matters, contact: sales@inbestudio.com

National Authority: ANPD (Autoridade Nacional de Proteção de Dados)

15.4 Other Jurisdictions

If you are in another jurisdiction, you may have additional rights under local laws. Contact us for more information.

16. Data Processing Agreement (DPA)

For enterprise customers who need a Data Processing Agreement (GDPR Article 28), please contact sales@inbestudio.com.

DPA includes:

• Scope of processing
• Duration of processing
• Nature and purpose of processing
• Type of personal data
• Categories of data subjects
• Rights and obligations

17. Transparency Report

We may publish an annual transparency report disclosing:

• Number of government requests for data
• Number of accounts affected
• Number of requests we complied with

Currently: We have received 0 government requests (as of [DATE]).

18. Your California Privacy Rights

18.1 Shine the Light Law

California residents may request information about data shared with third parties for direct marketing.

We do NOT share data for direct marketing purposes.

18.2 CCPA Metrics (if applicable)

In the past 12 months:

• Requests to know: [NUMBER]
• Requests to delete: [NUMBER]
• Average response time: [DAYS]
• Requests denied: [NUMBER]

19. Glossary

Personal Information - Data that identifies or can identify you

Processing - Any operation performed on data (collection, storage, use, deletion)

Data Controller - Entity that determines purposes and means of processing

Data Processor - Entity that processes data on behalf of controller

Cookies - Small text files stored on your device

Encryption - Converting data into unreadable format for security

Anonymization - Removing identifying information permanently

Pseudonymization - Replacing identifying information with pseudonyms

20. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT:

1. You have read and understood this Privacy Policy
2. You consent to the collection and use of your information as described
3. You understand your rights and how to exercise them
4. You consent to international data transfers (if applicable)

If you do not agree, do not use the Service.

Version: 1.0

Effective Date: November 9, 2025