Privacy Policy

§1.1This Privacy Policy explains how Lumoza, Inc. ("Lumoza," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our websites, applications, and services (collectively, the "Service").

§1.2By using the Service, you consent to this Policy. If you do not agree, do not use the Service.

§1.3This Policy is designed to satisfy applicable data protection laws including, where relevant, the EU/UK General Data Protection Regulation (GDPR). Additional disclosures for certain jurisdictions appear in Section 10.

§2.1Lumoza, Inc. is the controller of personal data processed in connection with the Service unless stated otherwise.

§2.2You may contact us at legal@lumoza.io for any privacy questions, requests, or complaints.

§2.3If you are located in the EU/UK, you also have the right to lodge a complaint with your local supervisory authority.

§3.1Information You Provide: account details (name, email), profile information, payment details (handled by our processor), content and metadata you submit (e.g., song titles, ISRC/ISWC, collaborators), support requests, forms, and communications.

§3.2Automatic Data: IP address, device identifiers, browser type/version, operating system, language settings, pages viewed, time on page, referrer URL, and diagnostic/log data collected via cookies and similar technologies (see Section 4).

§3.3Third-Party Sources: performing rights organizations (PROs), identity verification providers (if used), analytics partners, and service providers that supply information to help us deliver the Service.

§3.4Blockchain/Smart Contract Data: transaction hashes, contract addresses, on-chain timestamps, and other public blockchain data related to your on-chain actions. Such data may be publicly accessible and immutable.

§3.5AI Interaction Data: we may collect and retain information you provide through our AI features (e.g., prompts, inputs, and outputs), and related technical logs, for operational, security, and compliance purposes. Do not include sensitive personal data in prompts.

§3.6Children: The Service is not intended for children under 16. If we learn we have collected personal data from a child under 16 without appropriate consent, we will delete it promptly. In the U.S., users under 13 are strictly prohibited, consistent with COPPA (see ToS §2.1).

§4.1We use cookies and similar technologies (pixels, local storage, SDKs) to operate and secure the Service, remember preferences, measure performance, and understand usage.

§4.2You can control cookies through your browser settings and, where available, site-level controls. Disabling cookies may affect functionality.

§4.3In the EU/UK, non-essential cookies are used only with your consent via cookie banners. We also honor Global Privacy Control (GPC) signals and legally required "Do Not Track" signals where applicable.

§4.4We use third-party analytics and advertising tools, including Google Analytics, Meta (Facebook/Instagram), TikTok, LinkedIn, and Reddit, to measure usage, understand engagement, and support marketing activities. These providers may collect information such as device identifiers, IP address, pages visited, and interactions with the Service.

§5.1For certain features, Lumoza may temporarily download and process audio files for the limited purpose of metadata extraction and proof of creation.

§5.2Temporary copies are deleted promptly after processing. We do not operate as a permanent data warehouse for audio files unless expressly agreed in writing.

§5.3License: You grant Lumoza a non-exclusive, worldwide, royalty-free license to temporarily reproduce, access, and process your audio or other content solely to provide the Service (including extracting metadata and creating proofs of creation), at no cost to Lumoza.

§6.1Provide and improve the Service, including account creation, feature delivery, customer support, and product development.

§6.2Facilitate smart contracts and related records, including generating and maintaining on-chain entries.

§6.3Submit and manage registrations with PROs on your behalf where authorized (see ToS/LoD).

§6.4Personalize content and measure engagement (e.g., analytics).

§6.5Maintain the safety and integrity of the Service, prevent fraud and abuse, and enforce terms and policies.

§6.6Comply with legal obligations, respond to lawful requests, and resolve disputes.

§6.7Legal bases (GDPR): performance of a contract; legitimate interests (e.g., securing and improving the Service); consent (where required, e.g., certain cookies/marketing); compliance with legal obligations.

§6.8We may track user interactions across different parts of the Service, including transitions between our marketing site and application environment, to understand user behavior and improve the Service.

§7.1Service Providers and Subprocessors: we share personal data with vendors (hosting, analytics, security, support, payment processing) under contractual obligations to protect your information.

§7.2PROs and Industry Partners: we may share relevant data to submit or update registrations and maintain rights information consistent with your instructions.

§7.3Public Blockchains: on-chain transactions and metadata anchors may be publicly visible and recorded permanently.

§7.4Legal and Safety: we may disclose information to comply with law, lawful requests, or to protect the rights, safety, and property of Lumoza, users, or the public.

§7.5Business Transfers: we may disclose or transfer information in connection with a merger, financing, acquisition, or dissolution.

§7.6Aggregated/De-identified Data: we may share aggregated or de-identified information that does not identify you.

§8.1Transfers to the United States rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK Addendum where applicable. Our primary data centers are located in the United States.

§8.2If you are located in the EU/UK or another region with data transfer restrictions, your personal data may be transferred to countries with different data protection laws (e.g., the United States).

§8.3Where required, we implement appropriate safeguards such as SCCs or UK-approved equivalents and conduct Transfer Impact Assessments as appropriate.

§9.1We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

§9.2Criteria include the nature of the data, the purpose of processing, and legal or operational retention needs (e.g., security logs).

§9.3Temporary audio copies are deleted promptly after processing as described in Section 5.

§10.1Cross-References: see our Terms of Service and Data Security Policy for details on arbitration, custodial key management, and security safeguards (ToS §17; Data Security Policy §3.4 and §11.3).

§10.2GDPR (EU/UK) Rights: access, rectification, erasure, restriction, portability, objection; and the right to withdraw consent where processing is based on consent.

§10.3California (CCPA/CPRA): subject to eligibility and verification, you may request access, deletion, and correction, and opt out of the sale or sharing of personal information. We do not sell personal information. We may share certain information with analytics and advertising partners for purposes such as measuring performance and delivering relevant content, consistent with applicable law. To exercise rights, contact legal@lumoza.io.

§10.4Marketing and Communication Preferences: you may opt out of non-essential emails by using unsubscribe links or contacting us.

§10.5Cookies and Tracking: manage cookies through browser settings or site controls where available (see Section 4).

§10.6To exercise rights, contact legal@lumoza.io. We may request information to verify your identity and will respond as required by law.

§10.7California "Shine the Light" Disclosure: California Civil Code §1798.83 permits residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact legal@lumoza.io.

§11.1We implement reasonable organizational, technical, and administrative measures to protect personal data, including "reasonable security procedures" consistent with California Civil Code §1798.81.5.

§11.2No system is 100% secure. If we discover a security incident affecting your personal data, we will notify you and/or regulators as required by applicable law.

§11.3Custodial Keys: under our default custodial model, Lumoza safeguards private keys for smart contracts you create; if you request full custody transfer, you assume responsibility for safeguarding keys (see ToS §6.2).

§12.1We do not engage in automated decision-making that produces legal or similarly significant effects without meaningful human involvement. If we introduce such processing in the future, we will implement required safeguards and update this Policy.

§13.1The Service may contain links to third-party sites or services. Their privacy practices are governed by their own policies, not this Policy.

§14.1We may update this Policy from time to time to reflect changes in laws, our practices, or the Service.

§14.2We will post the updated Policy and change the "Last updated" date. Where required, we will provide additional notice or seek consent.

§14.3Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

§15.1You can reach us at legal@lumoza.io for questions about this Policy or our privacy practices.

§15.2If you are in the EU/UK, you may contact your local supervisory authority to raise concerns.