Privacy Policy

Effective date: March 23, 2026

BDM Royalties ("we," "us," or "our") operates the BDM Royalties platform at www.bdmroyalties.com (the "Service"). This Privacy Policy describes how we collect, use, store, and share information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider, Clerk. Authentication is handled via third-party identity providers (Google, Apple, or Microsoft). We do not store your password.

Business Information

You may provide business details including your business name, owner name, mailing address, phone number, and email address. This information is used to generate royalty letters and correspondence.

Composer and Payee Information

You enter information about your composers and payees, which may include names, email addresses, mailing addresses, phone numbers, PayPal email addresses, and tax identification numbers (SSN or EIN). Tax identification numbers are stored encrypted at rest in our production database. We also collect copyright owner contact information for NOI (Notice of Intent) generation purposes.

Sales and Financial Data

You upload CSV files containing sales data from music distributors (such as TuneCore, CD Baby, and SongCast). This data includes song titles, album titles, ISRC codes, UPC codes, artist names, store names, countries, unit sales, pricing, and revenue figures.

Automatically Collected Information

We collect standard server logs including IP addresses, browser type, and access timestamps. We use these for security monitoring and service reliability.

2. How We Use Your Information

  • To provide the Service: importing sales data, matching songs, calculating royalties, generating letters, processing payments, and tracking tax reporting.
  • To generate Notice of Intent documents for mechanical licensing compliance.
  • To authenticate your identity and maintain your account security.
  • To send royalty letters to your composers via email on your behalf.
  • To look up composer credits from third-party music databases using ISRC codes from your imported sales data, when the auto-enrichment feature is enabled.
  • To provide AI-powered analytics and insights through our Maestro feature, which analyzes your sales data to generate revenue insights, forecasts, and business strategy recommendations.
  • To send you service notifications (import completions, enrichment results, system alerts).
  • To maintain audit logs of actions taken within your account.

3. Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States. We use the following AWS services:

  • Encrypted PostgreSQL databases for structured data.
  • Encrypted object storage for uploaded CSV files and generated royalty letters.
  • Encrypted caching layer for session management.

Tax identification numbers are encrypted at rest. All data transmission between your browser and our servers uses TLS encryption.

4. Multi-Tenancy and Data Isolation

BDM Royalties is a multi-tenant platform. Each artist account (tenant) has its data isolated at the database level. Every query is scoped to your tenant identifier. Your data is never accessible to other tenants.

5. Third-Party Services

We share data with the following third-party services only as necessary to operate the Service:

  • Clerk — authentication and identity management. Clerk processes your login credentials and session tokens. See Clerk's Privacy Policy.
  • Cloud Infrastructure Provider — we use industry-leading cloud services for hosting, email delivery, and file storage with encryption at rest and in transit.
  • Third-Party Music Databases — when auto-enrichment is enabled, we send ISRC codes and song titles to third-party music database APIs to retrieve composer credits. These are open, community-maintained music databases. No personal or financial data is sent to these services.
  • Spotify Web API and iTunes Search API — used for album and song discovery features. Only search queries (song/album titles) are sent. No personal or financial data is transmitted.
  • Anthropic (Claude AI) — powers the Maestro AI features. Your sales data summaries (aggregated, not individual transactions) may be sent to Anthropic's API to generate insights and forecasts. See Anthropic's Privacy Policy.

We do not sell your personal information or sales data to third parties.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law (such as tax records, which may be retained for up to 7 years as required by the IRS).

7. Your Rights

You have the right to:

  • Access your data through the Service dashboard and API.
  • Export your data (sales, composers, royalty calculations) via CSV export features.
  • Correct inaccurate data by editing records in the dashboard.
  • Request deletion of your account and associated data by contacting us.
  • Disable the auto-enrichment feature at any time in Settings.

8. Cookies

We use essential cookies for authentication session management (provided by Clerk) and theme preferences (light/dark mode stored in localStorage). We do not use third-party advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@bdmroyalties.com.

Privacy Policy | BDM Royalties