Privacy policy
2025-10-10
Introduction
This privacy policy outlines how Cadenzabox collects, processes, stores, and protects personal data when using our SaaS platform for music publishers. We are committed to compliance with UK GDPR, EU GDPR, and other relevant data protection laws.
We are registered with the UK Information Commissioner’s Office (ICO), reference: ZB859695.
Our Privacy Policy serves as our Data Processing Agreement, outlining our responsibilities as a Data Processor when handling personal data on behalf of clients and our obligations as a Data Controller for our own business operations.
Cadenzabox is a trading name of Idea Junction Ltd., a company registered in England and Wales (Company No. 7213611, VAT GB988 2282 69). Under UK law, Cadenzabox is not a separate legal entity but operates as a brand of Idea Junction Ltd. As such, all references to ‘we,’ ‘us,’ or ‘our’ in this policy refer to Idea Junction Ltd., which is the data controller responsible for processing personal data under UK GDPR, EU GDPR, and other relevant laws.
1. What we do
1.1 Our services
We provide a content hosting and delivery platform for music publishers, enabling them to upload, store, and distribute audio, metadata, and related content.
1.2 Our role in data processing
- We act as a Data Processor when processing personal data on behalf of our clients.
- We act as a Data Controller for our own client relationships, support activities, and marketing.
- Any personal data we process is handled in compliance with UK GDPR, EU GDPR, and other relevant data protection laws.
2. The information we collect
We collect and process personal data based on user interactions with our platform. This includes:
2.1 Information you provide
As part of our services, we collect and process various types of personal data from users. These details help facilitate account creation, authentication, customer support, and platform functionality.
- Identity information: Name, email address, telephone number.
- Professional information: Job title, company name, tax ID, business type.
- Location information: Address, country, postcode.
- Profile information: Preferred language, profile image.
- Authentication & security: Password (never stored as plain text), login attempts.
It is important to note that we act as a Data Processor for personal data collected and managed by our clients on behalf of their users. Our clients, as Data Controllers, determine the specific data they collect, how it is used, and for what purpose. We process this data strictly in accordance with our clients’ instructions, contractual obligations, and applicable data protection laws.
Additionally, we may collect certain personal data directly from clients for business operations, such as customer support and billing, where we act as the Data Controller. However, the scope of our data collection and processing activities remains limited to the essential purposes required to deliver our services effectively.
- Account information: Name, email address, and passwords.
- Client communication: Any data shared via email, customer support, or inquiry forms.
2.2 Information we collect automatically
- Device & usage data: IP address, browser type, operating system, device identifiers.
- Log & analytics data: Pages visited, session duration, referral sources.
- Cookies & tracking technologies: See Section 5 for details.
2.3 Application data (where applicable)
If you use our mobile or desktop applications, we may collect additional device-related data, including app interactions and error reports.
3. How we process your information
We process personal data to:
- Provide our services — Allow account access, manage user preferences, and ensure platform functionality.
- Enhance security — Detect fraud, prevent unauthorised access, and protect user accounts.
- Improve user experience — Analyse usage trends, improve features, and fix bugs.
- Legal & compliance — Meet regulatory requirements and protect legal interests.
We do not process sensitive personal information.
4. Legal basis for processing
Under UK GDPR & EU GDPR, we process personal data based on:
- Legitimate interests — To improve services, security, and ensure platform functionality.
- Performance of a contract — To provide services requested by users.
- Consent — For marketing communications (users may opt out at any time).
- Legal obligation — Where required by tax, regulatory, or compliance laws.
5. Cookies & tracking technologies
We use cookies and similar technologies to enhance the user experience, improve platform performance, and track analytics. By using our platform, you consent to our use of cookies in accordance with this policy. If you do not consent, you may disable cookies via your browser settings.
5.1 Types of cookies we use
- Site performance cookies — Store user preferences, such as volume settings and content sorting preferences.
- Anonymous analytics cookies — Track user visits, page views, and interactions to improve service quality.
- Geo-targeting cookies — Detect user location to personalise content delivery.
- Registration cookies — Keep users signed in and allow access to relevant account settings.
- Third-party cookies — Used by external services for analytics and tracking, subject to their respective privacy policies.
- Advertising cookies — Our platform does not add targeted advertising cookies. However, SaaS clients may integrate additional tracking scripts, such as CRM tools, support chat, or other third-party services. While targeted advertising cookies are rare, we recommend reviewing each client’s privacy policy for further details.
5.2 Managing cookies
- Users can manage cookie settings through their browser or platform settings.
- Blocking or disabling cookies may impact platform functionality, including sign-in capabilities and content preferences.
6. Data retention policy
We retain personal data only as long as necessary for:
- Providing services to users.
- Meeting legal or regulatory requirements.
- Security and fraud prevention.
When no longer needed, data is securely deleted or anonymised.
7. Data security measures
We implement robust security measures to protect personal data:
- Encryption — Data encrypted in transit and at rest.
- Access controls — Restricted access to authorised personnel only.
- Regular audits — Security reviews and vulnerability assessments.
- Incident response — Procedures to detect and address data breaches.
8. International data transfers
- Data may be processed outside the UK/EU in compliance with Standard Contractual Clauses (SCCs) and other legal safeguards.
- We ensure that third-party providers outside the UK/EU maintain GDPR-level security and data protection standards.
9. Data sub-processors
To provide our services, we rely on third-party sub-processors that handle personal data under strict GDPR-compliant agreements:
Cloud providers
| Provider | Purpose | Location | Privacy policy |
|---|---|---|---|
| Google Cloud | Hosting & infrastructure | USA | Google Cloud |
| Amazon AWS | Hosting & infrastructure | USA | AWS |
| Render | Hosting | USA | Render |
| Vercel | Hosting | USA | Vercel |
| Heroku | Hosting | USA | Heroku |
| Fly.io | Hosting | USA | Fly.io |
| Supabase | Database & hosting | USA | Supabase |
| Postmark | Email delivery | USA | Postmark |
| CloudAMQP | Message queue service | Sweden | CloudAMQP |
| MongoDB Atlas | Database | USA | MongoDB |
| ElasticSearch Cloud | Search & indexing | USA | ElasticSearch |
| Cloudflare | Network services | USA | Cloudflare |
Analytics & logging
| Provider | Purpose | Location | Privacy policy |
|---|---|---|---|
| Google Analytics | Website analytics | USA | Google Analytics |
| Google Tag Manager | Tracking management | USA | Google Tag Manager |
| Datadog | Performance monitoring | USA | Datadog |
| Sentry | Error tracking | USA | Sentry |
Payment processing
| Provider | Purpose | Location | Privacy policy |
|---|---|---|---|
| Stripe | Payment processing | USA | Stripe |
| PayPal | Payment processing | USA | PayPal |
Support & communication
| Provider | Purpose | Location | Privacy policy |
|---|---|---|---|
| Gmail | Email communication | USA | Google Privacy |
| Slack | Support and internal communication | USA | Slack |
| Zendesk | Customer support | USA | Zendesk |
| Mailchimp | Email marketing | USA | Mailchimp |
10. Contact information
Email: support@cadenzabox.com
Phone: +44 (0)20 3239 8888
Website: cadenzabox.com
11. Company legal entity
Cadenzabox is a wholly-owned product of Idea Junction Ltd.
Idea Junction Ltd.
The Production Suite, 2 Oak Place
Rosier Business Park, Coneyhurst Road
West Sussex, RH14 9DE
United Kingdom
Registered in England and Wales: 7213611
VAT: GB988 2282 69
ideajunction.uk