Privacy Policy 2025-01-31

Privacy policy

Introduction

This privacy policy outlines how Cadenzabox collects, processes, stores, and protects personal data when using our SaaS platform for music publishers. We are committed to compliance with UK GDPR, EU GDPR, and other relevant data protection laws.

We are registered with the UK Information Commissioner’s Office (ICO), reference: ZB859695.

Our Privacy Policy serves as our Data Processing Agreement, outlining our responsibilities as a Data Processor when handling personal data on behalf of clients and our obligations as a Data Controller for our own business operations.

Cadenzabox is a trading name of Idea Junction Ltd., a company registered in England and Wales (Company No. 7213611, VAT GB988 2282 69). Under UK law, Cadenzabox is not a separate legal entity but operates as a brand of Idea Junction Ltd. As such, all references to ‘we,’ ‘us,’ or ‘our’ in this policy refer to Idea Junction Ltd., which is the data controller responsible for processing personal data under UK GDPR, EU GDPR, and other relevant laws.

1. What we do

1.1 Our services

We provide a content hosting and delivery platform for music publishers, enabling them to upload, store, and distribute audio, metadata, and related content.

1.2 Our role in data processing

  • We act as a Data Processor when processing personal data on behalf of our clients.
  • We act as a Data Controller for our own client relationships, support activities, and marketing.
  • Any personal data we process is handled in compliance with UK GDPR, EU GDPR, and other relevant data protection laws.

2. The information we collect

We collect and process personal data based on user interactions with our platform. This includes:

2.1 Information you provide

As part of our services, we collect and process various types of personal data from users. These details help facilitate account creation, authentication, customer support, and platform functionality.

  • Identity information: Name, email address, telephone number.

  • Professional information: Job title, company name, tax ID, business type.

  • Location information: Address, country, postcode.

  • Profile information: Preferred language, profile image.

  • Authentication & security: Password (never stored as plain text), login attempts.

It is important to note that we act as a Data Processor for personal data collected and managed by our clients on behalf of their users. Our clients, as Data Controllers, determine the specific data they collect, how it is used, and for what purpose. We process this data strictly in accordance with our clients’ instructions, contractual obligations, and applicable data protection laws.

Additionally, we may collect certain personal data directly from clients for business operations, such as customer support and billing, where we act as the Data Controller. However, the scope of our data collection and processing activities remains limited to the essential purposes required to deliver our services effectively.

  • Account information: Name, email address, and passwords.
  • Client communication: Any data shared via email, customer support, or inquiry forms.

2.2 Information we collect automatically

  • Device & usage data: IP address, browser type, operating system, device identifiers.
  • Log & analytics data: Pages visited, session duration, referral sources.
  • Cookies & tracking technologies: See Section 5 for details.

2.3 Application data (where applicable)

If you use our mobile or desktop applications, we may collect additional device-related data, including app interactions and error reports.

3. How we process your information

We process personal data to:

  • Provide our services – Allow account access, manage user preferences, and ensure platform functionality.
  • Enhance security – Detect fraud, prevent unauthorised access, and protect user accounts.
  • Improve user experience – Analyse usage trends, improve features, and fix bugs.
  • Legal & compliance – Meet regulatory requirements and protect legal interests.

We do not process sensitive personal information.

4. Legal basis for processing

Under UK GDPR & EU GDPR, we process personal data based on:

  • Legitimate Interests – To improve services, security, and ensure platform functionality.
  • Performance of a Contract – To provide services requested by users.
  • Consent – For marketing communications (users may opt out at any time).
  • Legal Obligation – Where required by tax, regulatory, or compliance laws.

5. Cookies & tracking technologies

We use cookies and similar technologies to enhance the user experience, improve platform performance, and track analytics. By using our platform, you consent to our use of cookies in accordance with this policy. If you do not consent, you may disable cookies via your browser settings.

5.1 Types of cookies we use

  • Site Performance Cookies: Store user preferences, such as volume settings and content sorting preferences.
  • Anonymous Analytics Cookies: Track user visits, page views, and interactions to improve service quality.
  • Geo-Targeting Cookies: Detect user location to personalise content delivery.
  • Registration Cookies: Keep users signed in and allow access to relevant account settings.
  • Third-Party Cookies: Used by external services for analytics and tracking, subject to their respective privacy policies.
  • Advertising Cookies: Our platform does not add targeted advertising cookies. However, SaaS clients may integrate additional tracking scripts, such as CRM tools, support chat, or other third-party services. While targeted advertising cookies are rare, we recommend reviewing each client’s privacy policy for further details.

5.2 Managing cookies

  • Users can manage cookie settings through their browser or platform settings.
  • Blocking or disabling cookies may impact platform functionality, including sign-in capabilities and content preferences.

6. Data retention policy

We retain personal data only as long as necessary for:

  • Providing services to users.
  • Meeting legal or regulatory requirements.
  • Security and fraud prevention.

When no longer needed, data is securely deleted or anonymised.

7. Data security measures

We implement robust security measures to protect personal data:

  • Encryption – Data encrypted in transit and at rest.
  • Access Controls – Restricted access to authorised personnel only.
  • Regular Audits – Security reviews and vulnerability assessments.
  • Incident Response – Procedures to detect and address data breaches.

8. International data transfers

  • Data may be processed outside the UK/EU in compliance with Standard Contractual Clauses (SCCs) and other legal safeguards.
  • We ensure that third-party providers outside the UK/EU maintain GDPR-level security and data protection standards.

9. Data sub-processors

To provide our services, we rely on third-party sub-processors that handle personal data under strict GDPR-compliant agreements:

Cloud providers

Provider Purpose Location Privacy policy
Google Cloud Hosting & infrastructure USA Google Cloud
Amazon AWS Hosting & infrastructure USA AWS
Heroku Hosting USA Heroku
Render Hosting USA Render
Vercel Hosting USA Vercel
Fly.io Hosting USA Fly.io
Supabase Database & hosting USA Supabase
Postmark Email delivery USA Postmark
CloudAMQP Message queue service Sweden CloudAMQP
MongoDB Atlas Database USA MongoDB
ElasticSearch Cloud Search & indexing USA ElasticSearch
Cloudflare Network services USA Cloudflare

Analytics & logging

Provider Purpose Location Privacy policy
Google Analytics Website analytics USA Google Analytics
Google Tag Manager Tracking management USA Google Tag Manager
DataDog Performance monitoring USA DataDog
Sentry Error tracking USA Sentry

Payment processing

Provider Purpose Location Privacy policy
Stripe Payment processing USA Stripe
PayPal Payment processing USA PayPal

Support & communication

Provider Purpose Location Privacy policy
Gmail Email communication USA Google Privacy
Slack Support and internal communication USA Slack
Zendesk Customer support USA Zendesk
Mailchimp Email marketing USA Mailchimp

10. Contact information

Email: support@cadenzabox.com

Phone: +44 (0)20 3239 8888

Website: cadenzabox.com

11. Company legal entity

Cadenzabox is a wholly-owned product of Idea Junction Ltd.

Idea Junction Ltd.
The Production Suite, 2 Oak Place
Rosier Business Park, Coneyhurst Road
West Sussex, RH14 9DE
United Kingdom

Registered in England and Wales: 7213611
VAT: GB988 2282 69
ideajunction.uk