Music Intel Pro
live · 14:02:07 GMT
Legal · GDPR & Compliance

Compliance without the headache.

Last updated 27 April 2026

We built Music Intel to be privacy-first by design. Here's how we keep you, and your visitors, safe under UK GDPR for 2026 and beyond.

01 / Isolation

Data isolation.

No ad-network sharing. Visitor data stays in dedicated environments. Customers own their data; we are a processor under UK and EU GDPR.

02 / Retention

The 30-day rule.

Raw visitor telemetry is capped at 30 days then aggregated. Security logs up to 90 days. Billing and account data retained per statutory requirements.

03 / No tracking

No cross-site tracking.

No third-party tracking cookies or ad pixels. We only measure on-site behaviour for your properties to calculate attention and momentum.

04 / Sovereignty

UK / EU data sovereignty.

UK company, UK and EU primary hosting. Transfers outside the UK or EU use SCCs or the IDTA with risk assessments. Lawful bases: legitimate interests for artist promotion; contract for account services.

Detail

Data subject rights.

Access, rectification, erasure, restriction, objection, portability. Because we don't keep direct identifiers for visitors, we may request IP and timestamp to locate data. Submit requests to legal@musicintel.co.uk.

Subprocessors (2026).

  • IP-API Pro (geolocation)
  • Brandfetch (logo resolution)
  • People Data Labs (optional enrichment)
  • Revolut (payments)
  • Cloud and CDN providers (UK / EU first; SCCs or IDTA for any third countries)

Security controls.

  • TLS 1.2+ in transit, encrypted storage for customer data.
  • Role-based access, least privilege, regular key rotation.
  • Rate limiting and bot filtering on ingestion endpoints.
  • Data minimisation by design; no unnecessary identifiers.

DPA and documentation.

We provide a Data Processing Addendum (UK and EU GDPR) with SCCs or the IDTA where required. Our security overview, subprocessor list, and incident-response playbook are available on request.

Third-party platform integrations.

The Musicata platform allows users to connect their own social and streaming accounts via OAuth 2.0 to aggregate audience metrics. We comply with platform-specific data-use policies and apply the following safeguards:

  • Meta (Facebook and Instagram): read-only access to page followers and Instagram business insights. We do not access, store, or process posts, messages, or non-public content. Users can disconnect at any time; cached data is deleted within 24 hours.
  • Google (YouTube and Search Console): read-only access to subscriber counts and search performance. No access to private videos or email.
  • Spotify: public follower and listener counts only via the Web API.

Lawful basis: contract (Article 6(1)(b)) - providing the aggregated dashboard service you requested. Disconnection: Dashboard Settings > Connected Accounts. Retention: aggregate metrics retained while the account is active; raw tokens encrypted at rest and cleared on disconnect.

Read Privacy Policy → Read Cookie Policy → Read Terms →