Privacy

Privacy Policy

Last updated: December 26, 2024

At Celestial Interactive, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use MandoScribe. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Celestial Interactive (Sole Proprietorship)

Owner: Alexander Adam Laurence

Address: 〒220-0072 Kanagawa-ken, Yokohama-shi, Nishi-ku, Sengen-cho 1-4-3, Wizard Building 402

Email: privacy@celestialinteractive.com

2. Personal Data We Collect

We collect the following types of personal data:

Account Information

  • Email address
  • Name (if provided)
  • Profile picture (if using OAuth)
  • Authentication credentials

Usage Data

  • Songs and musical content you create
  • Feature usage patterns
  • Device information and IP address
  • Browser type and version

Payment Information

Payment details are collected and processed by Lemon Squeezy, our Merchant of Record. We do not store your credit card information on our servers.

3. How We Use Your Data

We process your personal data for the following purposes:

Authentication & Service Delivery

Provider: Supabase (USA/EU)
Purpose: Account creation, login, and storing your songs securely.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

AI-Powered Features

Provider: Google Gemini API (USA)
Purpose: Generating lyric suggestions and chord recommendations.
Data Sent: Lyric context and chord progressions (anonymized).
Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

Payment Processing

Provider: Lemon Squeezy (USA)
Purpose: Processing subscription payments, handling taxes and invoicing.
Legal Basis: Contract performance (Art. 6(1)(b) GDPR)

Analytics (Optional)

Provider: PostHog (EU)
Purpose: Understanding how users interact with our service to improve it.
Legal Basis: Consent (Art. 6(1)(a) GDPR) — Only activated if you accept analytics cookies.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

5. International Data Transfers

Your data may be transferred to and processed in countries outside Japan, including the United States and European Union. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Use of service providers with adequate data protection certifications
  • Data Processing Agreements with all third-party processors

6. Your Rights Under GDPR

If you are in the EU/EEA, you have the following rights:

Right of Access

Request a copy of your personal data.

Right to Rectification

Request correction of inaccurate data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your account and all associated personal data. Contact us at privacy@celestialinteractive.com to exercise this right.

Right to Data Portability

Request your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time (e.g., for analytics).

7. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality.
  • Analytics Cookies: Used only with your consent to understand usage patterns.

You can manage your cookie preferences at any time through our cookie banner or by clearing your browser's local storage.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row Level Security (RLS) on our database
  • Regular security reviews and updates
  • Access controls and authentication requirements

9. Children's Privacy

MandoScribe is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the service after such changes constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions or to exercise your data rights, please contact us:

Celestial Interactive

Owner: Alexander Adam Laurence

Address: 〒220-0072 Kanagawa-ken, Yokohama-shi, Nishi-ku, Sengen-cho 1-4-3, Wizard Building 402

Email: privacy@celestialinteractive.com

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.