Bots for Music

Privacy Policy

Effective Date: February 25, 2026

At Bots for Music ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music transcription service, website, mobile applications, and related services (collectively, the "Service").

This Privacy Policy is incorporated into and forms part of our Terms of Service (available at botsformusic.com/terms). Capitalized terms not defined here have the meanings given in the Terms of Service.

1) Information We Collect

1.1 Information you provide

  • Account information: email address, username, and password.
  • Payment information: payment card details and billing address, processed securely by our third-party payment processors (e.g., Stripe). We do not store full card numbers on our servers.
  • Audio files and links you submit for transcription ("User Content"), which may include metadata and, where audio contains vocals or speech, incidental personal information embedded in the audio.
  • Communications: messages, feedback, and attachments you send to our support team or provide through surveys.

Note on User Content: If your audio submissions contain personal information (e.g., spoken names, vocals, or speech), that information will be processed as part of the transcription. Personal information may appear in the resulting outputs.

1.2 Information collected automatically

  • Usage data: features used, transcription history, interaction patterns, and session activity.
  • Device information: browser type, operating system, device identifiers, screen resolution, and language settings.
  • Log data: IP address (which may indicate your approximate geographic location), access times, referring URLs, and pages viewed.
  • Cookies and similar technologies: see Section 8 below.
  • Demo usage data: when you use our free transcription feature, we assign a session identifier (stored as a first-party cookie) and collect transcription metadata (song titles, file names) and feature interactions to understand usage patterns and improve our service.

1.3 Service Data and Derived Data

As described in Section 4 of our Terms of Service, we generate two categories of operational data:

  • Service Data: usage events, feature interactions, device/browser information, crash logs, performance metrics, and billing/plan events.
  • Derived Data: data produced from processing User Content that is not intended to be a replacement for the original content, such as model error metrics, timing/notation statistics, aggregated audio characteristics, and system evaluation labels. Derived Data is generated in a manner intended to prevent identification of individual users or reconstruction of original User Content. Where applicable data protection law treats any Derived Data as personal data, we process it as pseudonymized data with appropriate safeguards.

2) How We Use Your Information

We use the information we collect to:

  • Provide the Service: process transcription requests, deliver results, manage your account, and handle billing.
  • Maintain and improve the Service: analyze usage patterns, debug issues, monitor performance, and develop new features.
  • Improve our AI models: use Derived Data (as defined above) to enhance transcription quality, latency, and reliability. We do not use your raw audio files or transcription outputs for model training — only non-reversible Derived Data.
  • Communicate with you: send service-related notices (e.g., receipts, security alerts, product updates) and, with your consent, promotional communications.
  • Ensure security and prevent abuse: detect fraud, enforce our Terms of Service, and protect the rights and safety of our users and third parties.
  • Comply with legal obligations: respond to lawful requests from authorities and meet applicable regulatory requirements.
  • Track email engagement: when we send emails, we may use tracking technologies (e.g., open/click tracking) to understand engagement and improve our communications.

3) Legal Basis for Processing (GDPR / EEA Users)

For users in the European Economic Area (EEA) and Norway, we process personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): to provide the Service you requested, including processing your transcription requests, managing your account, and handling payments.
  • Legitimate interests (Art. 6(1)(f) GDPR): to improve and secure the Service, generate and use Derived Data for model improvement, prevent fraud, perform analytics, and send you service-related communications. We balance these interests against your rights and freedoms and provide opt-out mechanisms where appropriate.
  • Consent (Art. 6(1)(a) GDPR): for marketing communications, non-essential cookies, and optional features. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with applicable laws, including Norwegian bookkeeping requirements and responses to lawful government requests.

4) Data Sharing and Disclosure

We do not sell your personal information.

We may share your data with the following categories of recipients:

  • Service providers: third parties that help us operate the Service, including hosting and infrastructure (e.g., cloud providers), payment processing (e.g., Stripe), analytics (e.g., Google Analytics — see Section 8), email and communications (e.g., transactional email providers), and customer support tools. These providers process data on our behalf under contractual obligations that include data protection safeguards.
  • Law enforcement or government agencies: when required by applicable law, regulation, legal process, or enforceable governmental request.
  • Professional advisors: lawyers, auditors, and insurers where necessary for the provision of their services.
  • Successors: in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to a successor entity. We will notify you of any such transfer.
  • With your consent: where you have given explicit consent for a specific disclosure.

We do not share personal data with advertising networks or data brokers.

5) YouTube Integration

When you submit YouTube links, the Service connects to YouTube's servers to extract audio for transcription. This may involve the YouTube Data API (v3).

  • Submitting a YouTube link may establish a connection to YouTube's servers, which may log your activity.
  • If you are logged into a YouTube/Google account, your activity may be linked to your profile. To avoid this, log out before using the feature.
  • Our use of YouTube integration is based on legitimate interests to provide the Service (Art. 6(1)(f) GDPR).

Please refer to Google's Privacy Policy at policies.google.com/privacy for information about their data practices. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC.

6) Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law.

Data categoryRetention period
Audio files and transcription outputs (User Content)Demo/unregistered users: Up to 30 days, then automatically deleted.
Subscribed users: Retained while your account is active. You can delete individual transcriptions and their associated audio at any time from My Transcriptions.
Service Data (usage events, logs, performance metrics)As long as reasonably necessary for operations, security, analytics, and compliance
Derived Data (model metrics, aggregated statistics)May be retained longer than 30 days (see ToS Section 4); retained for as long as it serves a legitimate improvement purpose
Account data (email, username, preferences)Until you request account deletion, plus a reasonable wind-down period (up to 30 days)
Billing and payment recordsAs required by Norwegian bookkeeping law (currently 5 years under bokføringsloven § 13)
Support communicationsUp to 2 years after resolution, or longer if needed for ongoing disputes
Demo usage data (session identifiers, transcription metadata, feature interactions)Up to 1 year, or until linked to an account (whichever is later)

When data is no longer needed, we delete or anonymize it.

7) International Data Transfers

Your data may be transferred to and processed in countries outside Norway and the EEA by our service providers (e.g., cloud hosting, payment processors).

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission;
  • reliance on an adequacy decision where the recipient country has been recognized as providing adequate protection; or
  • other lawful transfer mechanisms as applicable.

You may request information about the specific safeguards applied to transfers of your data by contacting us (see Section 13).

8) Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service.

8.1 Categories of cookies

  • Strictly necessary cookies: required for core functionality (e.g., authentication, session management, security). These do not require your consent.
  • Analytics cookies: help us understand how users interact with the Service (e.g., Google Analytics). These are placed only with your consent.
  • Preference cookies: remember your settings and choices. These are placed only with your consent.

We do not use advertising or retargeting cookies.

8.2 Google Analytics

We use Google Analytics to collect and process usage data. Google Analytics may use cookies to track interactions. You can learn more about Google's practices at google.com/policies/privacy/partners. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

8.3 Managing cookies

When you first visit the Service, we will ask for your consent to place non-essential cookies via a cookie consent banner. You can change your preferences at any time through the cookie settings link in the Service or through your browser settings. Disabling certain cookies may limit functionality.

8.4 Do Not Track

There is no accepted standard for how to respond to "Do Not Track" browser signals. We do not currently respond to DNT signals but respect cookie preferences set through our consent mechanism.

8.5 Email tracking

Our email communications may include tracking pixels or similar technologies that record whether an email was opened and which links were clicked. You can prevent this by disabling image loading in your email client.

9) Your Rights

9.1 Rights under GDPR (EEA and Norwegian users)

Under the General Data Protection Regulation and Norwegian data protection law (personopplysningsloven), you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your personal data, subject to legal retention obligations.
  • Restriction of processing: request that we limit how we use your data in certain circumstances.
  • Data portability: receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
  • Object: object to processing based on legitimate interests (including Derived Data generation). We will cease processing unless we demonstrate compelling legitimate grounds.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Lodge a complaint: you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no or your local supervisory authority.

9.2 How to exercise your rights

To exercise any of these rights, contact us at support@botsformusic.com or use the contact details in Section 13. We will respond within one month (extendable by two additional months for complex requests) and may ask for verification of your identity.

9.3 Additional choices

  • Marketing communications: opt out of promotional emails by clicking the unsubscribe link in any marketing email. Service-related communications (e.g., billing, security) are not affected.
  • Account deletion: you may request deletion of your account and associated data at any time by contacting us.
  • Cookie preferences: manage non-essential cookies via our cookie consent tool or your browser settings.

10) Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • encryption of data in transit (TLS) and at rest;
  • secure authentication mechanisms;
  • regular security reviews;
  • limited access to personal data on a need-to-know basis; and
  • incident response procedures for data breaches.

No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security. If we become aware of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, you, in accordance with GDPR Article 33 and 34.

11) Children's Privacy

The Service is not intended for users under 18 years of age (consistent with our Terms of Service). We do not knowingly collect personal information from children under 16. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete it.

12) Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13) Contact and Data Protection Inquiries

For questions about this Privacy Policy, to exercise your data protection rights, or to raise privacy concerns:

For complaints about our handling of your personal data, you also have the right to contact:

Datatilsynet (Norwegian Data Protection Authority)
Website: datatilsynet.no

14) Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice within the Service at least 30 days before taking effect. The "Effective Date" at the top will be updated accordingly. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

By using Bots for Music, you acknowledge that you have read and understood this Privacy Policy.

Privacy Policy | Bots for Music