Privacy Policy
Last updated: 6 July 2026
Musical Focus is a workflow app that helps music creators finish more music. This policy explains what personal data we collect, why, what we do with it, and the rights you have over it. We've tried to write it the way we write everything else: plainly.
1. Who we are
The data controller — the party responsible for your personal data — is Musical Focus Ltd, a company registered in England and Wales (company no. 17322522), whose registered office is at 128 City Road, London, United Kingdom, EC1V 2NX.
For anything about your data, contact us at privacy@musicalfocus.com. We aim to respond to all requests within one month.
2. Who this service is for
Musical Focus is for adults and young people aged 16 and over. It is not directed at children, and we do not knowingly collect personal data from anyone under 16. If we learn that an account belongs to someone under 16, we will delete the account and its personal data. If you believe a child has created an account, contact us at privacy@musicalfocus.com.
3. What we collect and why
Account and profile data
When you sign up we collect your email address and your creator role(e.g. songwriter, producer, mixing engineer). You can optionally add profile details: experience level, commitment level, weekly hours, main goal, genre focus, hardware and software you use, and a personal “North Star” mission. Profiles are private by default.
Why: to provide the service, sign you in, and tailor the app to how you work. Lawful basis: performance of our contract with you; the optional profile fields rest on our legitimate interest in making the product work better for you.
Your projects and workflow data
The substance of the app: your projects, tasks, ideas, notes, progress, goal dates, session recaps, statuses, and the reasons you record when you park or retire a project. Free-text content you write (titles, notes, reasons, ideas, lyrics) is treated as personal content: it is never included in aggregated insights, never appears in analytics events, and is erased when your account is deleted.
Why: this is the service. Lawful basis: performance of our contract with you.
The optional insight programme (your choice at onboarding)
If you opt in, your workflow patterns — templates used, stage durations, where projects slow down, completion rates — are used only in anonymised, aggregated form to produce product insights (for example, “the stage where most songs stall”). Until it is aggregated, the underlying data is held pseudonymised under your account identifier and is protected as personal data throughout. The programme is opt-in, you can withdraw at any time in your settings, and it is never sold. Declining changes nothing about how the app works for you.
Lawful basis: your consent, which you can withdraw at any time.
The Unfinished Song Audit (the public quiz)
You can take the audit without an account. It asks about your unfinished songs, where you get stuck, your DAW, active projects, and release goals. Providing an email address is optional and used only, with your consent, to personalise your setup if you later sign up. If you don't sign up within 6 months, we delete the email. Audit answers without an email are anonymous.
Lawful basis: consent (for the email); legitimate interest in understanding creator workflows (for the anonymous answers).
Payments
Purchases are processed by Paddle, our merchant of record — Paddle is the seller for payment purposes and handles your payment details under its own privacy policy (see paddle.com/legal). We never see or store your card details. We receive from Paddle the subscription status information needed to run your account (plan, status, renewal dates).
Lawful basis: performance of contract; legal obligations around financial records.
Product analytics and error reporting
We use privacy-first product analytics to understand how the app is used (events like “project created” or “task completed”) and error monitoring to fix crashes. This is configured deliberately: EU hosting, no session recording, no personal information in any event — events are keyed to a random internal identifier, not your email. This operational analytics runs for all users and is separate from the optional insight programme above.
Lawful basis: legitimate interest in operating, securing, and improving the service.
Feedback and support
If you send feedback or contact support, we keep the message and basic context (which screen, your role, your DAW) to act on it. Erased with your account.
Lawful basis: legitimate interest in acting on feedback and supporting you.
Emails we send
Transactional emails (sign-in links, receipts, account notices) are necessary to run the service. Lifecycle emails (welcome, gentle activation nudges) relate to your use of the product; you can opt out of non-essential email at any time via the unsubscribe link or your settings.
4. What we never do
- We never sell your personal data.
- We never share your individual data with advertisers.
- We never host your audio — links you save point to services you control.
- We never include your free-text content (notes, lyrics, ideas, reasons) in any aggregated dataset.
5. Who we share data with (sub-processors)
We use a small number of service providers to run Musical Focus. Each receives only what its function requires:
| Provider | What it does | Data it processes | Location / safeguards |
|---|---|---|---|
| Supabase | Database, authentication, storage — the app's backend | Sign-in identifiers (email, credentials), profile and creator-segment data, all workflow content (projects, tasks, notes, ideas, recaps), consent records, subscription-status mirrors, and consented audit-quiz emails | Hosted in London, UK (region eu-west-2) |
| Google (Sign in with Google) | Optional sign-in method | Only if you choose it: Google processes the sign-in handshake and passes your email and basic profile to our authentication system | US; standard OAuth sign-in under Google's own policy |
| Paddle | Merchant of record — Paddle is the legal seller of the subscription, not merely our processor | Your email (pre-filled into checkout), payment details you enter directly into Paddle's own checkout (they never touch our database), and our internal account identifier | Paddle.com Market Ltd, UK; own privacy policy (paddle.com/legal) |
| PostHog | Product analytics | Fixed-vocabulary usage events keyed to a random internal identifier only — never your email, name, or any content you write; session recording and auto-capture are switched off | EU Cloud (Frankfurt, Germany) |
| Sentry | Error monitoring | Error reports carrying the random internal identifier only; the “send personal information” setting is off | Ingest in Germany (ingest.de.sentry.io) |
| Loops | Lifecycle email (welcome, gentle nudges) | Your email, internal account identifier, signup source, and three product-milestone fields (first project, first task, latest focus activity) — the allowed field set is enforced by our test suite | US — transfers protected by the safeguards described below |
| Resend | Transactional email (sign-in links, account notices) | Your email address and the content of the message — for a sign-in email, that is a one-time sign-in link | Resend, Inc., US (sending region: EU — Ireland) — transfers protected by the safeguards described below |
| Vercel | Application hosting (from launch) | Request traffic passing through the app, including IP addresses. The one place we use your IP ourselves — rate-limiting the public audit quiz — stores it only as a keyed hash, never raw | Global edge network |
Where a provider processes data outside the UK, transfers are protected by UK-recognised safeguards such as adequacy decisions or the International Data Transfer Agreement / EU Standard Contractual Clauses with the UK addendum.
Planned addition. Tolt (affiliate tracking) will join this list when the affiliate programme launches, and this policy will be updated when it does.
6. How long we keep things
| Data | Retention |
|---|---|
| Your account and its content | While your account is active, plus 12 months after cancellation or your last activity — then deleted or anonymised |
| Audit-quiz email (if you never sign up) | 6 months, then deleted |
| Anonymised per-project workflow records (incl. coarse creator segment: role and experience level) | Indefinitely — no identity, no free text; used only to produce aggregated product insights. Once genuinely anonymised, this cannot be traced to you and is no longer personal data |
| Billing records | As required by law and by Paddle as merchant of record |
| Feedback and support messages | While relevant; erased with your account |
When you delete your account, your identifiable data is erased. What we retain are anonymised per-project workflow records — including your coarse creator segment (role and experience level), but no identity and no free text — used only to produce aggregated statistics. Once genuinely anonymised, they cannot be traced back to you.
7. Your rights
Under UK GDPR you can:
- Accessyour data — the app includes a “download your data” export;
- Correct anything inaccurate;
- Delete your account and data — self-serve, in your settings;
- Port your data (the export is machine-readable);
- Object to processing based on legitimate interests;
- Withdraw consent at any time (insight programme, audit email) without affecting anything that ran on consent before withdrawal;
- Complainto the Information Commissioner's Office (ico.org.uk) — though we'd appreciate the chance to fix things first at privacy@musicalfocus.com.
Exercising any of these is free. We may need to verify your identity first.
8. Cookies and similar technologies
We use essential cookies only: the sign-in session cookies that keep you logged in. The app sets no cookies of its own beyond these, our analytics runs cookieless by configuration, and our error monitoring sets none. We do not use advertising cookies or trackers of any kind. One exception to know about: the Paddle checkoutis Paddle's own embedded frame, and while it is open it may set Paddle's cookies within that checkout context, under Paddle's own cookie policy.
9. Security
Data is encrypted in transit, access to your data is enforced at the database level so accounts can only ever read their own rows, and secrets are never stored in client-side code. No system is perfectly secure, but security is designed in, not bolted on.
10. Changes to this policy
If we change this policy materially, we'll tell you in the app or by email before the change takes effect, and update the date at the top. Continued use after the effective date means the updated policy applies.