Privacy Policy
What we collect and why
- Account data — your email address and a salted hash of your password (we cannot see the password itself). Needed to operate your account. Kept until the account is deleted.
- Certified audio — the watermarked master of each track you certify, so you can download it and so exact-match verification works. Kept until the certificate is revoked. The original file you upload is deleted after processing; only its cryptographic fingerprint is kept.
- Certificate records — artist name, track title, fingerprints, timestamps, and signatures on the ledger. Certificate pages are public by design: that is what a certificate is for.
- Verification uploads — files submitted for verification are analyzed and deleted immediately. They are never stored.
- Payment data — payments are processed by Stripe. VMI never sees or stores card numbers. We keep a record of credits purchased and consumed.
- Technical data — IP addresses are held briefly in memory for rate limiting and appear in standard server logs.
What we don't do
We do not sell or share your data, use your audio for anything other than the service itself (no training of AI models on your music), or use third-party analytics or advertising trackers.
Your rights (GDPR)
You can request access to, correction of, or deletion of your personal data at any time via [contact email]. Note the append-only ledger: revoking a certificate removes the stored audio and ends its public validity, while the minimal signed record of its existence remains, as is necessary for the integrity of the ledger (legitimate interest). Account deletion removes your email and credentials.
Where data lives
Data is stored on VMI's server within the EU. Backups are retained for up to [30] days.
Contact
Data controller: [Company name, org. number, address, Sweden]. Questions and requests: [contact email]. You also have the right to lodge a complaint with IMY (Integritetsskyddsmyndigheten).