Privacy Policy

When you create a Glissando Studio account, we collect information you directly provide through Clerk (our authentication provider):

• Full name
• Email address
• Password (hashed and securely managed by Clerk)
• Avatar image
• Account creation and modification timestamps

You may optionally provide additional profile details:

• Handle/username
• Avatar color preference
• Pronouns
• Bio or professional description
• Links to external profiles or websites

ProducerOS includes a contacts feature that allows you to create and manage contact records. For contacts you add, we store:

• Contact names
• Email addresses
• Phone numbers
• Company names and roles/job titles
• Physical addresses
• Social media usernames and URLs
• Notes and custom fields you add

When you upload audio files and other media to the Service, we collect and store:

• Audio files (WAV, MP3, AIFF, and other formats)
• Waveform data and visual representations
• File metadata (duration, sample rate, bit depth, format)
• Artwork and cover images
• Associated file references and version histories

Audio files are stored in Cloudflare R2 object storage. We retain audio files as long as your account is active. When you delete files from the Service, they are removed from storage.

As you use ProducerOS to manage music projects, we collect and store:

• Song titles and descriptions
• Song versions and version metadata
• Client associations and relationships
• Task lists and task details (status, assignees, deadlines, descriptions)
• Playlists and playlist organization
• Work blocks (time allocation and scheduling)
• Projects and categorization
• Project relationships and dependencies
• Timestamps for all project activities

When you communicate through the Service, we collect:

• Comments on songs, versions, and projects
• Whisper notes (private internal notes)
• Comment timestamps and author information
• Message content and metadata
• Email notifications we send on your behalf

If you have a paid subscription, we collect billing-related information:

• Billing profile information (name, billing address)
• Invoice records and payment history
• Subscription tier and billing cycle information
• Payment processing records (managed by our payment processor)

Note: We do not store complete credit card numbers. Payment processing is handled by third-party payment processors who comply with PCI DSS standards.

We automatically collect information about how you interact with the Service:

• Pages and features you access
• Feature usage patterns and frequency
• Version plays and playback data
• Last seen timestamps and session information
• Search queries and filters applied
• Export requests and downloads

When you access our Service, we automatically collect technical information:

• IP address and approximate geolocation (inferred from IP)
• Browser type, version, and user agent string
• Operating system and version
• Device type (desktop, mobile, tablet)
• Screen resolution and viewport dimensions
• Referring website and navigation path
• Timestamps of requests and responses

If you authorize ProducerOS to integrate with Google Calendar, we collect:

• Calendar event titles, descriptions, and dates
• Event attendees and organizers
• Event locations and time zones
• Calendar identifiers and metadata
• OAuth refresh tokens used to access your calendar

Important: We use this data only to sync work blocks and support scheduling features within ProducerOS. We do not use your calendar data for marketing, analytics, or any other secondary purpose. See Section 6 (Google Calendar Integration) for more details.

If you enable push notifications, we collect and store:

• Push subscription endpoints
• Public encryption keys for push notifications
• Device identifiers for notification targeting
• Notification preferences and opt-out settings

We process your account information, project data, and usage information to perform our contract with you and provide the Service you've requested.

We process information for analytics, security, fraud prevention, service improvement, and legal compliance where our legitimate interests in operating and improving the Service outweigh your privacy interests.

For certain optional features (like Google Calendar integration and push notifications), we process data based on your explicit consent, which you may withdraw at any time.

We may process information when required by law, court order, or government authority.

Information you mark as shared within your team is visible to team members with appropriate access permissions. This includes project data, comments, and task information that you configure to be team-visible.

When you invite clients to the client portal, they can view songs, versions, and comments that you have explicitly marked as client-visible. Clients receive limited visibility into your project data based on your sharing configuration.

If you enable song sharing between teams, songs marked for sharing are visible to designated teams and their members.

We share necessary information with third-party service providers who perform functions on our behalf and are contractually obligated to maintain the confidentiality and security of your information:

• <strong>Clerk:</strong> Authentication and user management
• <strong>Supabase:</strong> Database hosting and data persistence
• <strong>Cloudflare:</strong> CDN, R2 file storage, and infrastructure services
• <strong>Google:</strong> Calendar API access and integration services
• <strong>Resend:</strong> Email delivery and transactional communications. Resend retains the subject, body, and delivery metadata of emails we send for up to 30 days for deliverability monitoring and bug diagnosis (see Section 9: Data Retention).
• <strong>Anthropic:</strong> Claude API, which powers our in-product AI assistant and our automated comment classifier (see Section 7: AI-Powered Features)
• <strong>Vercel:</strong> Application hosting and deployment

Glissando staff do not access, listen to, or download your audio files, project data, or other content unless specifically required to resolve a support request you have initiated or to comply with a legal obligation. We do not browse, review, or monitor your creative work.

When administrative access is necessary, it is limited to:

• Responding to a support request you have made
• Investigating security incidents or suspected violations of our Terms of Service
• Performing system maintenance and database administration
• Complying with legal obligations and law enforcement requests

Access to your data through the Glissando application is recorded in our security audit log. Access to underlying infrastructure (database and file storage) is governed by our infrastructure providers' own access logs and is restricted to the minimum personnel necessary to operate the Service.

Activity log visibility. Our administrative console contains an activity log showing metadata about actions taken inside your workspace (e.g. "song created", "comment added"). Before any administrator can view this log, the system requires them to (1) declare a written reason for access (such as a support ticket or incident identifier) and (2) scope the view to a specific team, unless a cross-team review is expressly required for an incident. By default, the free-text descriptions attached to each entry (which can include song, client, or task names) are redacted; revealing them requires an explicit opt-in that is recorded in the audit log as a separate event. Each view of the activity log — including the declared reason, the scope, and whether descriptions were revealed — is written to our security audit log and retained for 90 days.

We may disclose information when required by:

• Law enforcement requests, subpoenas, or court orders
• Applicable laws and regulations
• Protection of our legal rights, privacy, safety, or property
• Business transfers (merger, acquisition, asset sale). You will be notified and given the opportunity to opt-out if applicable.

We do not sell your personal information to third parties for monetary consideration. We also do not "share" personal information for cross-context behavioral advertising as defined under CCPA/CPRA.

When you authorize ProducerOS to access your Google Calendar, we can read and create calendar events. We access:

• Calendar event titles and descriptions
• Event dates, times, and durations
• Event locations and attendee information
• Recurring event patterns
• Calendar metadata and identifiers

We use Google Calendar data exclusively for:

• Syncing work blocks with your calendar events
• Enabling scheduling features within ProducerOS
• Preventing double-booking and scheduling conflicts
• Displaying your calendar availability in the Service

Important Disclosure: OAuth refresh tokens used to access your Google Calendar are stored in our Supabase database. These tokens allow us to access your calendar on your behalf.

Token Scope: Our integration uses Google's calendar.events scope, which allows read and write access to calendar events.

ProducerOS complies with the Google API Services User Data Policy, including the Limited Use requirements. We:

• Use Google Calendar data only for the stated purpose of calendar synchronization and work block scheduling
• Do not transfer Google Calendar data to third parties (except our service providers who assist with calendar functionality)
• Do not use Google Calendar data for advertising or other secondary purposes
• Maintain appropriate security safeguards for OAuth tokens and calendar data

You can disconnect your Google Calendar from ProducerOS at any time through your account settings. When you disconnect:

• We revoke our access to your Google Calendar
• We delete stored OAuth tokens
• New calendar syncs will not occur
• Existing work blocks are retained but will not sync further changes

You can also revoke ProducerOS access through your Google Account settings at https://myaccount.google.com/permissions.

When you interact with the AI assistant, or when a portal comment is classified, we send the following to Anthropic's Claude API:

• Your chat messages to the assistant, and the assistant's replies
• Relevant excerpts of your project data (song titles, task details, contact names, workflow notes, stored user memory) when the assistant needs them to answer a request
• The text of portal comments submitted by clients or team members, for the purposes of classification and prioritization
• The system prompts and tool schemas that define the assistant's behavior

We do not send audio files, waveform data, payment information, authentication credentials, or the contents of your Google Calendar events to Anthropic.

Under Anthropic's Commercial Terms of Service, data sent through the Claude API is:

• <strong>Not used to train Anthropic's models.</strong> Inputs and outputs submitted via the API are not used for model training by default.
• <strong>Retained for up to 30 days</strong> by Anthropic for trust-and-safety and abuse-monitoring purposes, after which they are automatically deleted (shorter retention may apply to zero-data-retention tiers).
• <strong>Processed in the United States</strong> under Anthropic's security and data-processing commitments.

Anthropic acts as a subprocessor for this limited purpose. Their current commercial terms and privacy policy are available at https://www.anthropic.com/legal/commercial-terms and https://www.anthropic.com/legal/privacy.

When you ask the assistant to modify your workspace (for example, "reschedule this song to next Friday" or "add a task to follow up with this client"), the assistant will summarize the proposed change and wait for your explicit confirmation before executing any write. Every AI-initiated write is recorded in your team's AI actions log, which team administrators can review and, where supported, reverse.

The AI assistant is opt-in: it is not invoked unless you open the chat drawer and send a message. The comment classifier runs automatically on comments submitted through the client portal for automated triage purposes; if you do not wish your portal comments to be classified, please contact us at legal@glissando.studio and we will disable classification for your team.

Database: Structured data (accounts, projects, contacts, metadata) is stored in Supabase, a cloud-hosted PostgreSQL database.

File Storage: Audio files and media are stored in Cloudflare R2, object storage with geographic redundancy.

Geographic Location: Data is stored in the United States. If you are located outside the US, your data will be transferred to and processed in the US (see Section 13: International Data Transfers).

We employ the following security practices:

• <strong>HTTPS Encryption:</strong> All data in transit is encrypted using TLS/SSL
• <strong>Authentication:</strong> User accounts are secured through Clerk with email/password and SSO options
• <strong>Team-Scoped Access Controls:</strong> Project data and resources are restricted to authorized team members based on role and permissions
• <strong>Presigned URLs:</strong> File downloads are provided through time-limited, presigned URLs rather than direct file access
• <strong>Access Logging:</strong> Administrative access is logged for audit purposes
• <strong>Regular Updates:</strong> We maintain up-to-date server software and security patches

Transparency: While we implement standard security practices, we do not currently offer the following advanced features:

• Per-team encryption keys (data is not encrypted separately for each team)
• End-to-end encryption (data is encrypted in transit and at rest, but we hold encryption keys)
• AES-256-GCM encryption at the application layer

No perfect security: No security system is completely impenetrable. We are continuously working to improve our security practices and consider additional protections as the Service grows.

Account information (name, email, avatar) is retained while your account is active and for a reasonable period afterward to support account recovery and legal obligations. You may request deletion of your account and associated data (see Section 10: Your Rights).

Project data, contacts, comments, and audio files are retained as long as your account is active. When you delete files or projects, they are immediately removed from the Service. Soft-deleted data (marked for deletion but not permanently removed) may be retained for up to 30 days to allow for recovery.

Technical logs, usage data, and activity records are retained for 90 days for security, troubleshooting, and service improvement purposes. After 90 days, log data is aggregated and anonymized.

Transactional emails we send on your behalf (notifications, invitations, password resets, client-portal alerts) are delivered through our email subprocessor, Resend. Resend retains the subject, body, and delivery metadata of those emails for up to 30 days to support deliverability troubleshooting and bug diagnosis, after which the content is purged from their logs. Basic delivery events (e.g. sent, delivered, bounced, complained) may be retained for a longer period in aggregate form for reporting and fraud-prevention purposes. Access to this data within Glissando Studio is limited to personnel investigating delivery issues or security incidents.

Data sent to Anthropic's Claude API — as described in Section 7 — is retained by Anthropic for up to 30 days for trust-and-safety and abuse-monitoring purposes, after which it is automatically deleted. Assistant conversation history that we store on our side (within Supabase, to let you resume past conversations) is retained while your account is active and deleted when you delete a conversation or your account.

OAuth tokens are retained as long as your Google Calendar integration is active. When you disconnect Google Calendar, tokens are deleted within 24 hours. Cached calendar event data is retained for up to 7 days to support offline functionality and is deleted when you disconnect the integration.

We maintain backups of our systems for disaster recovery and business continuity. Deleted data may persist in backups for up to 90 days before being purged.

If you are a California resident, you have the following rights under the CCPA and CPRA:

• <strong>Right to Know:</strong> You can request what personal information we collect, use, share, and sell about you.
• <strong>Right to Delete:</strong> You can request deletion of personal information we have collected from you.
• <strong>Right to Correct:</strong> You can request correction of inaccurate personal information.
• <strong>Right to Opt-Out:</strong> You can opt out of the "sale" or "sharing" of your personal information (we do not currently sell or share in this manner).
• <strong>Right to Limit Use:</strong> You can request that we limit our use and disclosure of your personal information.
• <strong>Right to Portability:</strong> You can request a copy of your personal information in a portable format.
• <strong>Right to Non-Discrimination:</strong> You have the right not to be discriminated against for exercising your privacy rights.

If you are located in the European Union or United Kingdom, you have the following rights under GDPR and UK GDPR:

• <strong>Right of Access:</strong> You can request access to your personal data.
• <strong>Right to Rectification:</strong> You can request correction of inaccurate data.
• <strong>Right to Erasure ("Right to Be Forgotten"):</strong> You can request deletion of your personal data under certain circumstances.
• <strong>Right to Restrict Processing:</strong> You can request that we limit how we use your data.
• <strong>Right to Data Portability:</strong> You can request your data in a structured, commonly used format.
• <strong>Right to Object:</strong> You can object to certain types of processing.
• <strong>Rights Related to Automated Decision-Making:</strong> You have rights regarding automated profiling (we do not currently use automated decision-making).

To exercise any of these rights, please submit a request to:

Email: legal@glissando.studio
Subject Line: "[Your Jurisdiction] Privacy Right Request"

Please provide sufficient information to identify you and describe your request in detail.

Verification: We may request additional information to verify your identity before responding to your request. This helps us ensure we do not disclose personal information to unauthorized individuals.

Response Timeframes:

• <strong>CCPA/CPRA:</strong> We will respond within 45 days. We may extend this period by 45 days if necessary.
• <strong>GDPR/UK GDPR:</strong> We will respond within 30 days. We may extend this period by up to 60 additional days if necessary.

By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

For individuals in the European Union and United Kingdom, we rely on the following mechanisms to ensure adequate safeguards for international transfers:

• <strong>Standard Contractual Clauses (SCCs):</strong> We use SCCs for transfers to service providers in the United States.
• <strong>Adequacy Decisions:</strong> Where applicable, we rely on EU adequacy decisions (though limited given the US data landscape).
• <strong>Legitimate Interests:</strong> We transfer data based on legitimate interests balancing test, ensuring appropriate safeguards are in place.

You have the right to object to international transfers or to request more information about the safeguards in place. Please contact us at legal@glissando.studio to discuss your concerns.

We use essential cookies to maintain your authenticated session and provide core functionality:

• <strong>Clerk Authentication Cookies:</strong> Manage your login session and authentication state (required for the Service to function)
• <strong>CSRF Tokens:</strong> Prevent cross-site request forgery attacks
• <strong>Security Cookies:</strong> Maintain security and prevent unauthorized access

These cookies are necessary for the Service to function and cannot be disabled.

We use browser local storage for:

• <strong>UI Preferences:</strong> Storing your theme, layout, and interface preferences
• <strong>Geolocation Data:</strong> Storing your approximate location for timezone and region-aware features
• <strong>Session Data:</strong> Temporary data to enhance your current session

Local storage data is not transmitted to our servers and is stored entirely on your device. You can clear local storage at any time through your browser settings.

We do not currently use third-party tracking pixels or analytics cookies. However, we may implement basic analytics in the future. Any future analytics implementation will be privacy-respecting and will not involve tracking pixels or cross-site tracking.

Most browsers allow you to control cookies through settings. However, disabling essential cookies may prevent the Service from functioning properly. You can manage cookies through your browser settings without impacting the essential authentication cookies.

If you believe that content on ProducerOS infringes your copyright, you may submit a DMCA takedown notice to our designated copyright agent. Please include:

• A description of the copyrighted work you believe has been infringed
• The location of the infringing content on the Service
• Your contact information (name, address, email, phone)
• A statement that you have a good faith belief the use is not authorized
• Your physical or electronic signature
• A statement that the information in your notice is accurate

Please send DMCA takedown notices to:

Copyright Agent
Glissando Studio
Los Angeles County, California, United States
Email: legal@glissando.studio
Subject: "DMCA Takedown Notice"

We will respond to complete and valid DMCA notices within 10 business days. Upon receipt of a valid notice, we will remove or disable access to the infringing content and notify the user who uploaded the content.

If content you uploaded has been disabled due to a DMCA takedown notice, and you believe the content does not infringe copyright, you may submit a counter-notification providing your contact information, the location of the removed content, and a statement under penalty of perjury that you have a good faith belief the material was removed in error.

Users are responsible for ensuring that any content they upload to ProducerOS does not infringe third-party intellectual property rights. By uploading content, you represent and warrant that you own or have the right to license the content.