Privacy Policy

Last updated: June 18, 2026

Overview

bigcut is a desktop-first music analysis service for similarity search, analysis, curation, and shortlist workflows. Our default data posture is not to retain customer audio or Embedding Data as long-term server-side product storage.

Controller and Privacy Contact

  • Controller: bigcut Systems.
  • Representative and privacy lead: Gun Woo Park, Representative / Privacy Officer.
  • Address: Room 48, M-Peace Cheonan Center, 5F Rodem City Bldg, 47 Cheongsu 9-ro, Dongnam-gu, Cheonan-si, Chungcheongnam-do, 31198, Republic of Korea.
  • Privacy inquiries: [email protected].

Original Audio Files — Core Promise

We do not retain your original audio files as long-term server-side product storage after processing.

When you import a song, the audio is transmitted temporarily to our embedding infrastructure to extract numerical embeddings. Some import queue paths may also place the audio in short-lived temporary object storage so workers can process, retry, or recover the job. Current code defaults make import queue upload and download signed URLs valid for 900 seconds, and the temporary audio object expiry target defaults to 3600 seconds, although deployment configuration may change these values. We may process temporary object keys, content checksums, audio size, MIME type, import item IDs, status, error codes, and result references for integrity checks, retries, billing integrity, and failure recovery. After processing or recovery, original audio is not retained as long-term server-side product storage, database content, backup content, or other persistent product storage. The resulting embeddings are returned to your device and are not retained server-side as part of our normal product operation.

What We Process

  • Account information: Email address, display name, sign-in provider metadata, subscription state, Bigcut user ID/public handle, optional account profile fields such as company, phone number, role, genre, nationality, and use case, marketing email opt-in or withdrawal records, and limited account governance records needed to authenticate, secure, suspend, close, and operate the Service.
  • Operational data: Device or app identifiers, software version, device timezone when submitted by the login flow, limited access logs, consent records, suspension or closure records, and diagnostic data needed for licensing, security, abuse prevention, service reliability, support, and legal claims defense.
  • Import queue operational data: When you use import queue processing, we may process temporary audio object keys, content SHA-256/checksums, audio size, MIME type, import item IDs, upload/result object references, expiry timestamps, retry state, error codes, and processing result references. These records support integrity checks, duplicate prevention, retries, failure recovery, billing integrity, and cleanup. The temporary audio object is not long-term product storage.
  • Browser storage and necessary cookies: The website may use cookies, localStorage, and sessionStorage for sign-in, session continuity, password recovery, security, checkout flow, language, and necessary interface preferences. We do not use these mechanisms for behavioral advertising by default.
  • Enterprise inquiries and support forms: If you submit an enterprise inquiry or support form, we process the fields you provide, such as contact name, work email, company name, role, team size, monthly volume, message, locale, source, idempotency metadata, and rate-limit metadata, so we can respond, prevent abuse, and keep submission records consistent.
  • Diagnostics and operational monitoring: Desktop error reporting is designed to operate only when you explicitly enable it. Web, server, and internal operational monitoring may run when configured for security, reliability, incident response, and abuse prevention. Internal activity alerts may include minimized operational summaries, masked email references, or compact user references where needed to investigate signup, security, or incident events. We apply redaction and sanitization so customer audio, embeddings, auth tokens, secrets, DB URLs, and raw provider payloads are not included.
  • Country-level aggregate usage statistics: For service reliability, fraud prevention, capacity planning, and operator visibility, we may derive country- or broad-region-level counts from access events, such as signup counts, active-user counts, login counts, and job or activity counts. We do not use these aggregates to show individual user location histories.
  • Billing metadata: Plan, billing cycle, invoice state, processor customer references, limited payment method references, and related billing metadata needed for subscription support, fraud review, chargeback handling, and legal compliance.
  • Dispute and copyright response records: We may preserve minimum records needed to investigate unauthorized uploads, process copyright notices, enforce repeat-infringer policy, respond to chargebacks, apply legal holds, and defend legal claims.
  • Optional Selection Proof data: If you choose to create a Selection Proof or Final Cut proof, we process the note text you type long enough to create proof hashes and save a proof record linked to your account and demo. The server record includes your account/user ID, submission ID, demo song ID, submission time, session/shortlist/Final Cut counts, proof hashes, proof status, schema version, and privacy model. It may also include an organization ID, demo title, Merkle batch/proof records, blockchain receipt details, and release-track link records if you later submit Release Complete with the proof attached to a release track. We do not store the note text you type in the server database, and Selection Proof does not include your audio or embeddings. The note text may still remain in the app on your device. Approved teammates may see limited server proof metadata such as demo title, proof ID, proof status, proof hashes, and release-lineage evidence through accepted team authority, but Bigcut does not provide them with your note text from the server. Later team membership or organization lifecycle changes affect future access and future submissions only; they do not delete or rewrite already valid Selection Proof, Release Complete, or Dossier lineage receipts. Submitted proofs are added to Bigcut's weekly Merkle proof tree, and the weekly proof is recorded on the blockchain. The blockchain record does not contain your note text, account ID, demo ID, audio, or embeddings.
  • Release Complete song recommendation API productization data: Release Complete is an optional workflow. When you submit Release Complete, you confirm release and rights approval for those tracks and agree that approved song information, rights-approval fields, released-track embeddings/music feature data, productized recommendation descriptions and signals derived from submitted curation, and limited source-confidence signals for the A&R users who submitted or approved that track may be processed into Bigcut song recommendation API and Dossier candidate data. Final external Dossier/Agent API publication requires Bigcut review/approval and suppression gates; approved data may then be provided through Dossier publication, the Agent API, paid song recommendation API services, approved AI OS / Agent Platform Provider integrations, and substantially similar public agent-facing recommendation channels. Submitted curation content is not exposed as raw text. If a Selection Proof is attached to a Release Complete track, its proof metadata or evidence claim may be used as lineage verification for that productized track, but standalone Selection Proof submission is not public recommendation consent. Private demos, raw audio, raw lyrics, private shortlists, unpublished evaluation records, and individual detailed activity logs are not included.

Purposes and Legal Bases

  • Service operation: We process account, desktop-session, import-queue, and operational data to perform the service contract, provide requested features, maintain security, and support reliability.
  • Billing and tax: We process checkout consent receipts, Paddle provider metadata, invoices, subscription states, refunds, chargebacks, and tax records to perform the subscription contract, comply with legal obligations, and protect against fraud or disputes.
  • Security, abuse, copyright, and disputes: We process limited access, consent, suspension, closure, copyright-response, and dispute records based on legal obligations and legitimate interests in protecting the service, users, rights holders, and Bigcut.
  • Optional submissions and publication: Selection Proof and Release Complete data are processed only when you choose those workflows. Release Complete song recommendation API publication relies on your explicit submission, rights approval, the related service terms, and Bigcut review/approval and suppression gates.
  • Marketing email: Marketing email is based on your opt-in choice where required. You may withdraw that choice at any time.

What We Do Not Retain As Product Data

  • Original audio files as long-term server-side product storage after processing
  • Embedding vectors or copies of Embedding Data as normal server-side product storage, except for released-track embeddings included in a Release Complete submission
  • Search queries, shortlist movements, curation notes, ratings, session contents, or local library structure as long-term server-side product analytics, except for productized recommendation descriptions and signals derived from Release Complete curation information
  • The note text you type for Selection Proof as server database product data; if you create a Selection Proof, we store proof records and hashes instead
  • Workflow patterns, processing counts, or similar behavioral data as normal long-term product analytics, except for limited Release Complete submission counts for A&R users who submitted or approved a Release Complete track
  • Raw IP addresses as long-term product analytics or precise city/GPS-level location history for individual user tracking
  • Precise GPS location, contacts, or data from other applications

Local Analysis Data

Embeddings, search results, shortlist movements, notes, ratings, palette state, folder structure, and similar workflow data are designed to remain on your device or within your organization’s managed local environment. If you choose to export or share local files, that sharing is under your control.

Security and Restricted Retention

We use TLS 1.2 or higher for data in transit and maintain commercially reasonable technical and organizational safeguards. Although customer audio and Embedding Data are not retained as product data, we may preserve minimum account, profile, billing, access, consent, suspension, case-management, import-queue receipt, and dispute-response records when needed for security, fraud prevention, copyright response, legal compliance, dispute handling, or legal claims defense.

Third-Party Services

We use third-party infrastructure for authentication, OAuth sign-in, payment processing, web hosting, DNS/edge protection, origin tunneling, static asset CDN/cache, temporary object transfer, rate limiting, queueing and recovery, key management, remote embedding execution, error monitoring, copyright badge delivery, email delivery, and limited operational alerts. The current provider inventory explains provider roles, data categories, purposes, and control boundaries, including providers such as Supabase, enabled Google/Apple OAuth providers, Paddle, Vercel, Cloudflare, Redis REST rate-limit providers when configured, AWS SQS/Lambda/KMS where the import-queue or billing-recovery paths are enabled, S3-compatible temporary object storage, Modal remote embedding infrastructure, Sentry, DMCA.com badge infrastructure, Mattermost, and SMTP/email providers. These providers operate under their own terms and privacy policies and do not receive long-term copies of your original audio as part of our normal service design.

View subprocessor and provider inventory

International Transfers and External Recipients

We use providers and, for optional publication workflows, external recipients that may operate outside your country. Transfer locations depend on provider infrastructure, project region, edge routing, customer configuration, and order forms. Where required, we use contracts, provider terms, transfer safeguards, or user-requested service flows before the transfer.

  • Authentication and OAuth: Supabase, Google OAuth, and Apple OAuth may process account identifiers, email addresses, sign-in metadata, tokens, and security logs in their operating countries and configured project regions to authenticate users and maintain sessions.
  • Billing: Paddle may process buyer, customer, subscription, transaction, invoice, payment-method reference, country, tax, refund, chargeback, and webhook event metadata in its operating countries for checkout, renewals, refunds, taxes, fraud review, and support. If Bigcut changes the active billing provider, the public provider inventory will be updated before or with that change where required.
  • Hosting, edge, storage, rate limiting, and monitoring: Vercel, Cloudflare, Redis REST rate-limit providers, AWS SQS, AWS Lambda, AWS KMS, S3-compatible temporary object storage, Modal, Sentry, DMCA.com badge infrastructure, SMTP/email providers, and Mattermost alert providers may process request metadata, hashed rate-limit subjects, queue message metadata, key references and ciphertext metadata, temporary object references, remote embedding job metadata, redacted logs, masked operational alert references, static asset cache metadata, badge request metadata, and email delivery metadata in provider operating countries or configured project regions.
  • Release Complete and Selection Proof: If you submit Release Complete, approved song recommendation API candidate data may be provided to Agent API, paid song recommendation API customers, or approved AI OS / Agent Platform Provider integrations according to the service terms or a written order form after Bigcut review/approval and suppression gates. Selection Proof weekly Merkle roots and chain receipts may be recorded on public blockchain networks, where deletion or reversal can be difficult or impossible.

Payments and Billing Processors

  • Processor role: Subscriptions, renewals, invoices, and refunds are processed by Paddle. We do not store full payment card numbers on our own systems. If checkout configuration changes to another billing provider, the public provider inventory and applicable checkout notices will be updated where required.
  • What we may receive: We may receive processor customer IDs, payment method references, invoice state, country, tax state, webhook event fields, provider custom data, and billing metadata required to verify, replay, and settle checkout, subscription, refund, chargeback, support, fraud-review, tax, and legal-compliance events.
  • Checkout consent receipts: Before opening Paddle checkout, we record a Bigcut checkout consent receipt containing the selected plan, billing cycle, Paddle price ID, displayed price/currency, immediate paid-feature start acknowledgement, refund-limitation acknowledgement, annual refund acknowledgement when applicable, locale, legal-copy versions, and timestamp.

Retention, Account Closure, and Legal Hold

  • Routine billing records: Receipts, invoices, subscription state, and tax-related records may be retained for the period required by applicable law.
  • Account closure: When you request account deletion, service access ends immediately. Minimum account, access, consent, suspension, and dispute-response records for accounts without billing-defense history are retained by default for 180 days before deletion or minimization. If the account has billing-defense history, such as a paid plan, provider customer, subscription, transaction, invoice, Paddle event, chargeback, or refund context, the default defensive retention window is 548 days. Legal holds, unresolved disputes, tax duties, chargebacks, copyright-response cases, or other legal obligations may require longer retention.
  • Legal hold: If a copyright dispute, chargeback, abuse investigation, repeat-infringer review, or legal claim is active, deletion or minimization of retained records may be postponed until the matter is resolved and the applicable retention window ends.
  • Import queue temporary objects: Temporary audio objects and embedding-result objects are not long-term product storage. Import queue signed URLs are short-lived by design, and temporary objects are cleanup targets after processing, retry, or recovery windows end. Object-storage lifecycle, worker cleanup, and database receipt cleanup may affect the exact deletion time.
  • Selection Proof records: Selection Proof records may be retained as proof, lineage, dispute, and legal-defense records. The note text you type is not stored in the server database, but proof hashes, linked account/demo identifiers, context counts, team-authority link records, Merkle proof records, release-track link records, and blockchain receipt details may remain. Later team membership, organization, or account lifecycle changes affect future access and submissions only; they do not delete or rewrite already valid proof, Release Complete, or Dossier lineage receipts. Blockchain records are difficult or impossible to delete or reverse.

Your Rights

  • Access, export, and correction: You may request access to, correction of, or a copy of Bigcut server data we hold about your verified account. An export is not a raw database dump and may omit or redact other people’s data, security secrets, internal legal or security notes, raw logs, provider internals, sealed legal-defense material, raw contracts, model internals, and data we no longer hold.
  • Account deletion: You may request account closure. Closure ends service access immediately and starts deletion or minimization of account data. Some minimum records may remain for legal compliance, billing, security, fraud prevention, copyright response, dispute handling, or legal claims defense. Accounts without billing-defense history use a default 180-day defensive retention window; accounts with billing-defense history use a default 548-day defensive retention window. Legal holds, unresolved disputes, tax duties, chargebacks, copyright-response cases, or other legal obligations may require longer retention.
  • Local data portability: Your local libraries, analysis data, embeddings, and workflow files remain under your control on your own device or managed environment. Bigcut server export does not include files or workflow data that were stored only on your device and never submitted to Bigcut.
  • Marketing email choices: If you opt in to product updates or Bigcut news, you may withdraw that choice through the unsubscribe method provided in the message or by contacting us.
  • Regional privacy rights: Depending on where you live, applicable law may also give you rights to deletion, portability, restriction of processing, objection to certain processing, withdrawal of consent, appeal of a privacy decision, or complaint to your local privacy regulator.

To exercise these rights, contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. If a change materially expands how we collect, retain, use, or disclose data, we will provide prior notice and any consent required by law before applying the change.

Contact

For privacy questions, contact [email protected].

For billing, renewal, withdrawal, refund, or account-closure questions, contact [email protected].