Privacy Policy

Last updated: January 23, 2025

Table of Contents

1. Overview

Copyright.sh ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for AI content licensing and creator compensation.

Key Points:
  • We only collect data necessary for our licensing platform
  • We never sell your personal information
  • You have full control over your data and can delete it anytime
  • We comply with GDPR, CCPA, and other privacy regulations

2. Data We Collect

2.1 Information You Provide Directly

Data Type Purpose Legal Basis
Account Information Name, email, password for account creation Contract performance
Payment Information Bank details, tax ID for creator payments Contract performance, legal obligation
Content Metadata URLs, licensing terms, content descriptions Contract performance
Support Communications Help requests, feedback, bug reports Legitimate interest

2.2 Information We Collect Automatically

  • Usage Data: API calls, dashboard interactions, feature usage
  • Technical Data: IP address, browser type, device information
  • Performance Data: Page load times, error logs, system metrics
  • Analytics Data: User behavior patterns, feature adoption rates

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations from Stripe
  • Identity Verification: KYC data for compliance purposes
  • API Integrations: Content metadata from integrated platforms

3. How We Use Your Data

3.1 Primary Purposes

  • Platform Operation: Providing licensing verification and payment processing
  • Account Management: Creating and maintaining user accounts
  • Payment Processing: Calculating royalties and processing payments to creators
  • Compliance: Meeting legal obligations including tax reporting and KYC

3.2 Secondary Purposes

  • Product Improvement: Analyzing usage to enhance features
  • Customer Support: Responding to help requests and technical issues
  • Security: Detecting fraud and preventing abuse
  • Communication: Sending important updates and notifications

3.3 Marketing Communications

We may send you marketing emails about new features, industry updates, and promotional offers. You can opt out at any time using the unsubscribe link in our emails or by contacting us directly.

4. Data Sharing

We never sell your personal data. We only share data in the following limited circumstances:

4.1 Service Providers

  • Payment Processing: Stripe for payment processing and KYC verification
  • Cloud Infrastructure: AWS for hosting and data storage
  • Analytics: Aggregated, anonymized data for platform improvement
  • Customer Support: Support ticket systems and communication tools

4.2 Legal Requirements

We may disclose your information when required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

If copyright.sh is acquired or merged, your data may be transferred to the new entity, subject to the same privacy protections.

5. Data Storage & Security

5.1 Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Annual security assessments and penetration testing
  • Incident Response: 24/7 monitoring and rapid incident response procedures

5.2 Data Location

Your data is primarily stored in secure data centers within the European Union. Some data may be processed in the United States by our service providers under appropriate safeguards.

5.3 Backup and Recovery

We maintain encrypted backups of your data for disaster recovery purposes. Backups are retained for 90 days and then securely deleted.

6. Your Rights

6.1 GDPR Rights (EU Residents)

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Delete your personal data ("right to be forgotten")
  • Right to Portability: Export your data in a machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Opt out of certain data processing activities

6.2 CCPA Rights (California Residents)

  • Right to Know: Information about data collection and sharing
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

6.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@copyright.sh or use the self-service options in your account dashboard. We will respond within 30 days (or as required by applicable law).

7. Cookies & Tracking

7.1 Cookie Types

Cookie Type Purpose Retention
Essential Platform functionality, security, authentication Session/1 year
Analytics Usage statistics, performance monitoring 2 years
Preferences User settings, language preferences 1 year

7.2 Managing Cookies

You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling essential cookies may affect platform functionality.

8. Data Retention

8.1 Retention Periods

  • Account Data: Retained while account is active + 3 years after closure
  • Payment Data: 7 years for tax and legal compliance
  • Usage Logs: 2 years for security and analytics
  • Support Communications: 5 years for reference and training

8.2 Deletion Process

When data reaches its retention limit or you request deletion, we permanently remove it from our active systems within 30 days. Some data may remain in encrypted backups for up to 90 days before automatic deletion.

9. International Transfers

When we transfer your data outside the EU/EEA, we use appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Certification schemes and binding corporate rules

For transfers to the United States, we rely on the EU-US Data Privacy Framework and additional contractual protections.

10. Children's Privacy

Copyright.sh is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

If you believe we have collected information from a child, please contact us immediately at privacy@copyright.sh.

11. Policy Changes

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email if you have an account with us
  • Display a prominent notice on our website
  • For significant changes, request your consent where required by law

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact Information

Data Protection Officer

Email: privacy@copyright.sh

Address: Copyright Technologies Ltd.
123 Innovation Street
Dublin 2, Ireland

Response Time: Within 30 days of your request

Supervisory Authority

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

  • EU/EEA: Your national data protection authority
  • Ireland: Data Protection Commission (dataprotection.ie)
  • California: California Attorney General (oag.ca.gov)