Privacy Policy

1. Introduction

SoundOps ("we", "us", "our") operates the SoundOps platform (soundops.io) and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including any features that integrate with third-party services such as Facebook, Instagram, and other Meta products.

2. Information We Collect

2.1 Information You Provide

• Account registration details (name, email address, password)
• Profile and business information (label name, artist details, branding assets)
• Content you create or upload (releases, images, blog posts, event listings)
• Communications you send through our platform (messages, comments, support requests)
• Payment and billing information (processed securely via Stripe)

2.2 Information from Third-Party Services

When you connect third-party accounts (e.g. Instagram, Facebook, Spotify), we may receive:

• Your public profile information (name, profile picture, account ID)
• Page and business account details you grant us access to
• Content engagement data (comments, messages, post metrics) as permitted by the platform
• Access tokens required to operate features on your behalf (stored encrypted)

2.3 Automatically Collected Information

• Device and browser information (IP address, browser type, operating system)
• Usage data (pages visited, features used, timestamps)
• Cookies and similar tracking technologies

3. How We Use Your Information

• To provide, maintain, and improve our platform and services
• To process transactions and send related notifications
• To enable integrations with third-party services you connect (e.g. Instagram posting, DM management)
• To send marketing communications you have opted into
• To respond to your enquiries and provide customer support
• To monitor and analyse usage trends and improve user experience
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal data. For our full list of sub-processors and the transfer mechanism in place for each, see /sub-processors. We may share information with:

• Service providers — trusted third parties that help us operate our platform (e.g. AWS, Stripe, Vercel, MongoDB Atlas)
• Third-party integrations — services you explicitly connect (e.g. Meta/Instagram, Spotify) receive only the data necessary to provide the requested functionality
• Legal requirements — when required by law, regulation, or legal process
• Business transfers — in connection with a merger, acquisition, or sale of assets

5. Data from Meta Products (Facebook & Instagram)

When you connect your Instagram or Facebook account to SoundOps, we access data through the Meta Graph API in accordance with Meta's Platform Terms. Specifically:

• We access your Instagram Business Account data only with your explicit authorisation
• We use this data solely to provide the features you have enabled (content publishing, DM management, comment moderation, analytics)
• We do not share Meta-sourced data with other third parties except as required to operate the service
• Access tokens are encrypted at rest using AES-256-GCM and are never exposed to the frontend
• Instagram messages and comments are subject to 30-day data retention and are automatically deleted after this period
• You can disconnect your Instagram/Facebook account at any time from your SoundOps admin settings, which revokes our access

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. For the full retention table see our _LEGAL.md sub-readme or contact privacy@soundops.io.

7. Your Rights

Under UK GDPR you can access (Article 15), correct (Article 16), erase (Article 17), restrict (Article 18), port (Article 20), or object to (Article 21) our processing. To exercise any of these contact privacy@soundops.io.

8. Contact

privacy@soundops.io