Privacy & Cookie Policy

BMLN ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy & Cookie Policy explains how we collect, use, store, and protect your personal information when you use our Business Music Licensing Network service.

This policy applies to all users of the BMLN platform, including business administrators, managers, and members.

By using BMLN, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

3.1. Service Delivery: To provide and maintain the BMLN music streaming service, including authentication, playlist management, and music playback.

3.2. Account Management: To create and manage your account, process registrations, and handle business approvals.

3.3. Billing and Payments: To process subscriptions, handle payments, generate invoices, and manage billing cycles.

3.4. Analytics and Improvements: To analyze service usage, improve platform performance, and develop new features.

3.5. Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance.

3.6. Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of our users.

3.7. Communications: To send service-related notifications, subscription updates, and important announcements (we do not send marketing emails without consent).

BMLN uses cookies and similar tracking technologies to enhance your experience and analyze service usage. You can manage your cookie preferences using our cookie banner.

We do not sell your personal data. We share data only with trusted service providers necessary for service delivery:

We implement industry-standard security measures to protect your personal data:

• Encryption: HTTPS/TLS for data transmission, encrypted storage for sensitive data
• Access Controls: Role-based access, multi-tenant isolation via Row Level Security (RLS)
• Authentication: Secure password hashing, optional two-factor authentication
• Monitoring: Regular security audits and vulnerability assessments
• Infrastructure: Enterprise-grade cloud providers (Supabase, Vercel, AWS)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7.1. Active Accounts: We retain your personal data as long as your account is active or as needed to provide services.

7.2. Inactive Accounts: Data from inactive accounts (no login for 24+ months) may be deleted after notification.

7.3. Closed Accounts: When you close your account, we delete or anonymize your personal data within 90 days, except:

• Data required for legal compliance (billing records, transaction history)
• Aggregated, anonymized analytics data
• Data in backup systems (automatically purged within 30 days)

7.4. Legal Holds: We may retain data longer if required by law or for legal proceedings.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise these rights, contact us at privacy@bmln.app. We will respond within 30 days.

BMLN is based in Estonia (EU), but our service providers may process data in other countries:

• Supabase: EU data centers (GDPR-compliant)
• Vercel: Global CDN, EU data residency available
• AWS: EU-North-1 region (Stockholm, Sweden)
• Stripe: EU operations, GDPR-compliant

All data transfers comply with GDPR requirements through Standard Contractual Clauses (SCCs) or adequacy decisions.

BMLN is a B2B service intended for business use only. We do not knowingly collect personal data from individuals under 16 years of age.

If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@bmln.app.

We may update this Privacy & Cookie Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements

We will notify you of material changes via:

• Email notification to your registered email address
• Prominent notice on our platform
• Updated "Last Updated" date at the top of this policy

Your continued use of BMLN after changes take effect constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy & Cookie Policy or your personal data, please contact us:

We aim to respond to all inquiries within 5 business days.