Privacy Policy (European based)

Last updated: November 2025

This updated Privacy Policy apply for our company headquartered in EU and incorporates GDPR.

1. Introduction

We respect your privacy and are committed to protecting personal data. This Privacy Policy explains how we collect, use, store, disclose, and safeguard personal data when you use our SaaS platform, associated applications, or visit our website.

All processing complies with EU data protection laws, including the General Data Protection Regulation (GDPR) and any applicable national legislation.

2. Data Controller

The data controller for personal data processed through our SaaS platform and website is:

MusiMap
Email: privacy@musimap.ai
Postal address: Splügenstrasse 6 8002 Zürich Switzerland

If you use our services as part of a business relationship with a partner, reseller, or customer, that organization may also act as a data controller for certain processing activities.

3. Categories of Personal Data We Process

Depending on how you interact with our platform, we may process the following categories of personal data:

  • Identification and contact details

    Name, email address, phone number, company name, job title, login credentials.

  • Account and usage data

    Login timestamps, session logs, feature usage, preferences, settings, clickstream data.

  • Device and technical information

    IP address, browser type, OS version, device identifiers, cookies and similar technologies.

  • Billing and transaction data

    Payment details, VAT numbers, billing address.

  • Customer communications

    Support tickets, emails, chat interactions, form submissions.

  • Optional profiling data

    Feedback, surveys, analytics patterns, inferences about usage preferences.

We do not process special categories of personal data unless explicitly required and lawful.

4. How We Collect Personal Data

We collect personal data from the following sources:

  • Directly from users (account creation, communication, contracts).
  • Automatically via the SaaS platform and website (cookies, logs, analytics).
  • From commercial partners or customers you are associated with.
  • From publicly available business sources when relevant.

5. Purposes and Legal Bases for Processing

A. Service delivery and account management

To operate our SaaS platform, authenticate users, manage subscriptions, provide support.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

B. Platform security and fraud prevention

Monitoring logs, preventing misuse, maintaining infrastructure integrity.

Legal basis: Legitimate interests (Art. 6(1)(f)).

C. Product improvement and analytics

Aggregate analytics, performance metrics, feature optimization.

Legal basis: Legitimate interests (Art. 6(1)(f)).

Where cookies require consent, we rely on consent (Art. 6(1)(a)).

D. Marketing and newsletters

Sending platform updates, product news, or event invitations.

Legal basis: Consent (Art. 6(1)(a)) or Legitimate interests when permitted (Art. 6(1)(f)).

Users may unsubscribe at any time.

E. Compliance with legal obligations

Accounting, audits, regulatory reporting, data protection duties.

Legal basis: Legal obligation (Art. 6(1)(c)).

F. Contractual or organizational communications

Invoicing, onboarding, renewals, account notifications.

Legal basis: Contract performance (Art. 6(1)(b)).

6. Data Retention

We retain personal data only as long as necessary for the purposes described, or as required by applicable law. Retention periods depend on:

  • The duration of your account or subscription.
  • Legal retention requirements (e.g., accounting).
  • Limitation periods for legal claims.
  • Technical needs for system integrity (e.g., backups).

Once no longer required, data is securely deleted or anonymized.

7. Data Sharing and Transfers

We share personal data only when necessary:

  • Service providers (processors)

    Cloud hosting, email delivery, analytics, payment processors, CRM systems. All processors are bound by GDPR-compliant Data Processing Agreements.

  • Affiliates (if applicable)

    For internal administrative purposes.

  • Authorities

    Only when required by law.

  • Business transactions

    In case of merger, acquisition, or restructuring, with appropriate safeguards.

International transfers

If personal data is transferred outside the EU/EEA, we use:

  • Standard Contractual Clauses (SCCs), and
  • Additional technical and organizational safeguards.

You may request details of such safeguards.

8. Technical and Organizational Security Measures

We apply industry-standard measures including:

  • Encryption in transit and at rest.
  • Strict access control and authentication.
  • Regular audits and vulnerability management.
  • Backup and resilience procedures.

No system is 100% secure, but we continuously work to strengthen protections.

9. Your Rights Under the GDPR

You may exercise the following rights, subject to conditions:

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten").
  • Restriction of processing.
  • Data portability.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (for consent-based processing).
  • Lodge a complaint with your national supervisory authority.

To exercise rights, contact us at: [privacy email].

10. Cookies

Our website uses cookies and similar technologies. Full details are available in our Cookie Policy. Consent-based cookies are only activated after your explicit approval.

11. Changes to This Policy

We may update this Privacy Policy when necessary to reflect changes in our services or legal requirements. Significant changes will be communicated via email or platform notifications. The updated version will always be available on our website.

12. Contact

For questions about this Privacy Policy or your rights:

Musimap – Data Protection Officer (DPO)

Email: privacy@musimap.ai
Postal address: Splügenstrasse 6 8002 Zürich Switzerland