Privacy Policy

Last updated: May 16, 2026

Overview

bigcut is a desktop-first music analysis service for similarity search, analysis, curation, and shortlist workflows. Our default data posture is not to retain customer audio or Embedding Data as long-term server-side product storage.

Original Audio Files — Core Promise

We do not retain your original audio files on our servers after processing.

When you import a song, the audio is transmitted temporarily to our embedding infrastructure to extract numerical embeddings. After extraction, the original audio is released from server memory and is not written to long-term storage, databases, backups, or other persistent server-side product storage. The resulting embeddings are returned to your device and are not retained server-side as part of our normal product operation.

What We Process

  • Account information: Email address, display name, sign-in provider metadata, subscription state, and limited account governance records needed to authenticate, secure, suspend, close, and operate the Service.
  • Operational data: Device or app identifiers, software version, limited access logs, consent records, suspension or closure records, and diagnostic data needed for licensing, security, abuse prevention, service reliability, support, and legal claims defense.
  • Country-level aggregate usage statistics: For service reliability, fraud prevention, capacity planning, and operator visibility, we may derive country- or broad-region-level counts from access events, such as signup counts, active-user counts, login counts, and job or activity counts. We do not use these aggregates to show individual user location histories.
  • Billing metadata: Plan, billing cycle, invoice state, processor customer references, limited payment method references, and related billing metadata needed for subscription support, fraud review, chargeback handling, and legal compliance.
  • Dispute and copyright response records: We may preserve minimum records needed to investigate unauthorized uploads, process copyright notices, enforce repeat-infringer policy, respond to chargebacks, apply legal holds, and defend legal claims.
  • Optional Agent API published recommendation data: If you explicitly approve specific curation information and embeddings for Agent API publication, we may process that approved information into AI-agent recommendation data and provide it through the Agent API, related partner channels, and paid service operations as described in the Terms. Private demos, private shortlists, and unpublished evaluation records are not included in that approval.

What We Do Not Retain As Product Data

  • Original audio files after processing
  • Embedding vectors or copies of Embedding Data as normal server-side product storage, except for specific embeddings you explicitly approve for Agent API publication
  • Search queries, shortlist movements, curation notes, ratings, session contents, or local library structure as long-term server-side product analytics, except for specific curation information you explicitly approve for Agent API publication
  • Workflow patterns, processing counts, or similar behavioral data as normal long-term product analytics
  • Raw IP addresses as long-term product analytics or precise city/GPS-level location history for individual user tracking
  • Precise GPS location, contacts, or data from other applications

Local Analysis Data

Embeddings, search results, shortlist movements, notes, ratings, palette state, folder structure, and similar workflow data are designed to remain on your device or within your organization’s managed local environment. If you choose to export or share local files, that sharing is under your control.

Security and Restricted Retention

We use TLS 1.2 or higher for data in transit and maintain commercially reasonable technical and organizational safeguards. Although customer audio and Embedding Data are not retained as product data, we may preserve minimum account, billing, access, consent, suspension, case-management, and dispute-response records when needed for security, fraud prevention, copyright response, legal compliance, dispute handling, or legal claims defense.

Third-Party Services

We use third-party infrastructure for authentication, payment processing, and limited operational delivery. The current provider inventory explains provider roles, data categories, purposes, and control boundaries. These providers operate under their own terms and privacy policies and do not receive long-term copies of your original audio as part of our normal service design.

View subprocessor and provider inventory

Payments and Billing Processors

  • Processor role: Subscriptions, renewals, invoices, and refunds are processed by Paddle or a comparable payment processor. We do not store full payment card numbers on our own systems.
  • What we may receive: We may receive processor customer IDs, payment method references, invoice state, country, tax state, and limited billing metadata required for support, fraud review, chargeback handling, and legal compliance.

Retention, Account Closure, and Legal Hold

  • Routine billing records: Receipts, invoices, subscription state, and tax-related records may be retained for the period required by applicable law.
  • Account closure: When you request account deletion, service access ends immediately. Some minimum account, billing, access, consent, suspension, and dispute-response records may remain for a limited retention period before the remaining account records are deleted or minimized so we can meet legal, security, fraud, chargeback, copyright-response, and dispute-handling obligations.
  • Legal hold: If a copyright dispute, chargeback, abuse investigation, repeat-infringer review, or legal claim is active, deletion or minimization of retained records may be postponed until the matter is resolved and the applicable retention window ends.

Your Rights

  • Access and correction: You may request access to and correction of account data we hold about you.
  • Account deletion: You may request account closure. Closure ends service access immediately, but some minimum records may remain for legal compliance, security, fraud prevention, copyright response, dispute handling, or legal claims defense before retained account records are deleted or minimized.
  • Local data portability: Your local libraries, analysis data, embeddings, and workflow files remain under your control on your own device or managed environment.

To exercise these rights, contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. If a change materially expands how we collect, retain, use, or disclose data, we will provide prior notice and any consent required by law before applying the change.

Contact

For privacy questions, contact [email protected].

For billing, renewal, withdrawal, refund, or account-closure questions, contact [email protected].