Privacy Policy
This Privacy Policy explains how TMC Publishing Limited (“Musicsesame”, “we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, create an account, purchase a subscription, or contact us. We are the data controller under UK GDPR and the Data Protection Act 2018.
1) Contact & Controller
Controller: TMC Publishing Limited
Email: info@musicsesame.com
2) Data We Collect
- Account data: name, email, password (hashed), plan, and subscription status.
- Billing & transactions: subscription plan, payment status, refunds/chargebacks. Card details are processed by Stripe; we do not store full card numbers.
- Communications: emails and messages you send us (licensing, custom requests, claim removals).
- Usage & device data: IP address, browser/OS, pages viewed, actions (e.g., wishlist, downloads).
- Cookies: essential cookies for login and security; non-essential analytics cookies if you consent.
3) How We Use Personal Data
- Provide, operate, and secure accounts, subscriptions, and whitelisting requests.
- Process payments, prevent fraud, and manage entitlements.
- Support enquiries, licensing confirmations, and Content ID claim removals.
- Improve the site and catalogue (analytics and performance).
- Send essential service messages (receipts, account notices). Marketing only with consent where required.
4) Legal Bases (UK GDPR)
- Contract — to provide your account, subscription, and licensed services.
- Legitimate interests — site security, fraud prevention, service improvement.
- Consent — non-essential cookies/analytics and optional communications.
- Legal obligation — tax, accounting, and compliance requirements.
5) Sharing & Processors
We share personal data with trusted service providers strictly for the purposes above, including: payments (Stripe), membership/subscriptions, hosting/infrastructure, analytics, and customer support. Providers are bound by contracts to protect data and act only on our instructions. We do not sell personal data.
6) International Transfers
Where data is transferred outside the UK/EEA, we use appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses or adequacy decisions, as applicable.
7) Retention
- Account data: kept for the life of the account and up to 24 months after closure (unless legal obligations require longer).
- Transaction records: kept for at least 6 years for tax/accounting.
- Support emails/claims: typically up to 36 months for reference and compliance.
- Analytics data: kept in aggregate or anonymised form where feasible and for limited periods.
8) Your Rights
You have the right to access, rectification, erasure, restriction, objection, and data portability, and to withdraw consent where processing relies on consent. To exercise rights, email info@musicsesame.com. You can also lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.
9) Cookies & Analytics
We use essential cookies for authentication, security, and core functionality. With your consent, we use analytics cookies to understand usage and improve performance. You can manage non-essential cookies via our banner or your browser settings; disabling essential cookies may affect site functionality.
10) Payments
Payments are processed by Stripe. Stripe handles card data in accordance with PCI-DSS. We receive transaction metadata (e.g., last 4 digits, card type, expiry, status) to manage your subscription.
11) Security
We implement technical and organisational measures appropriate to risk, including access controls, encryption in transit, least-privilege access, and monitoring. No method is 100% secure; we continuously improve safeguards.
12) Children
Our services are not directed to children under 16. If you believe a child has provided personal data, contact us and we will delete it.
13) Changes
We may update this policy. The “Last updated” date reflects the current version. Material changes will be highlighted on the site or via email where appropriate.
14) Contact
Privacy enquiries and rights requests: info@musicsesame.com