← Back to sign in

⚠ Draft for legal review. This is starter language and is not final. Have counsel confirm it matches your actual data practices and applicable law (e.g. GDPR/CCPA) and replace the highlighted placeholders before launch.

Privacy Policy

Last updated: [date]

This Policy explains how [Legal entity name] ("Arson Theory", "we") collects and uses personal information through the ATLAS publishing portal.

1. Information we collect

Account: name, email, company/label, and password (stored only as a salted hash).
Catalogue: compositions, songwriter names, roles, splits, society affiliations, and IPI/CAE numbers you enter.
Payout: payout method and limited identifiers (e.g. PayPal email, bank name, last 4 digits of an account). We do not store full bank credentials.
Usage: log and device data needed to operate and secure the Service.

2. How we use it

To register and administer your works, collect and reconcile royalties, calculate splits and fees, issue statements and payouts, secure your account, and communicate with you about the Service.

3. Who we share it with

We share information only as needed to provide the Service:

Collection & rights partners — e.g. Word Collections and performing-rights organizations, to register works and collect royalties.
Service providers (processors) — hosting and database (Vercel, Neon), email delivery (Resend), and any payment/payout processor we use.
Bandmates / collaborators — members of a band account can see their own share of shared royalties.
Legal — where required by law.

We do not sell your personal information.

4. Retention

We keep information for as long as your account is active and as needed to meet royalty, accounting, and legal obligations.

5. Security

Passwords are salted and hashed; sessions and secrets are stored in managed, access-controlled infrastructure. No system is perfectly secure, but we take reasonable measures to protect your data.

6. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal information. To exercise them, contact us at [contact email].

7. Cookies & sessions

We use a session token to keep you signed in. We do not use third-party advertising cookies.

8. Children

The Service is not directed to children under [age], and we do not knowingly collect their data.

9. Changes

We may update this Policy; material changes will be communicated through the Service or by email.

10. Contact

Privacy questions: [contact email].