Privacy policy

This Privacy Policy explains how Cantilever Music Limited ("Cantilever", "we", "us") collects, uses, discloses and protects personal data when you use the Cantilever website and apps (the "Service"). Cantilever provides high‑quality audio streaming with enhanced liner notes, accessible via web and mobile/desktop apps. The Service does not include advertising or brand placements. If you do not agree with this Policy, do not use the Service.

Who we are and legal framework

The controller is Cantilever Music Limited, 9 Eastlake Road, London, SE5 9QJ, UK. Contact: privacy@cantilever-music.com. “UK GDPR” means the UK General Data Protection Regulation as retained in UK law, together with the Data Protection Act 2018. This notice is provided in accordance with Article 13 UK GDPR.

Personal data we collect

We collect information you provide (account details, hashed login credentials, country and age confirmation, subscription and billing information processed through payment partners or app stores) and information generated when you use the Service (device/app details, IP address, language/time zone, crash logs, and usage activity such as plays, searches and liner notes viewed). We may also receive limited information from third parties (e.g., payment status from app stores and catalogue restrictions from licensors).

Purposes and lawful basis

We process personal data to provide the Service (accounts, streaming, access control, free trials, subscriptions/renewals, payments, support) under Article 6(1)(b) UK GDPR (contract). We also process data to secure and improve the Service, prevent misuse, enforce terms and protect rights and safety under Article 6(1)(f) (legitimate interests). Certain processing is necessary to comply with legal obligations under Article 6(1)(c). Where you agree to receive marketing, we process data under Article 6(1)(a) (consent), which you may withdraw at any time.

Sharing of personal data

We share personal data only with service providers under contract, with app stores when you subscribe through them, with licensors and rights holders in aggregated or de‑identified form for royalty accounting, with authorities or others when required by law, and in connection with business transactions. We do not sell personal data.

International transfers

Where personal data is transferred outside the UK or EEA, we rely on adequacy regulations or appropriate safeguards such as Standard Contractual Clauses in line with Article 46 UK GDPR.

Retention

We retain personal data only for as long as necessary to provide the Service and to meet legal and regulatory requirements. Account and subscription records are retained for the life of the account and a further period as required by law. Usage data is kept for operational needs and royalty reporting and then anonymised or aggregated. Support communications are retained for a limited period to resolve issues and protect users and the Service.

Your rights

You have rights of access, rectification, erasure, restriction, portability and objection under Articles 15 to 21 UK GDPR. Where processing is based on consent, you may withdraw consent at any time without affecting prior processing. You may also lodge a complaint with a supervisory authority, including the UK Information Commissioner’s Office, under Article 77 UK GDPR.

Children

The Service is not directed to children under 13. Users in the UK/EEA must meet local minimum age requirements or have verifiable parental consent. Accounts that do not meet these requirements will be closed and personal data deleted.

Security and breaches

We apply technical and organisational measures appropriate to the risk, as required by Article 32 UK GDPR. If a personal‑data breach creates a risk to your rights and freedoms, we will notify the Information Commissioner’s Office and, where necessary, affected users, in accordance with Articles 33 and 34 UK GDPR.

Payments and trials

When you start a free trial or subscription, we process billing data necessary to activate, manage and renew your plan. If you subscribe through an app store, that store’s terms and privacy policy apply, and we receive only limited information necessary to manage your subscription.

Communications and marketing

We send essential service communications relating to your account, receipts, changes to terms and security. Marketing communications are sent only with your consent, and you can withdraw that consent at any time.

Rights holders and reporting

For royalty accounting, we prepare reports of listening activity in aggregated or de‑identified form. We do not share your identity with rights holders unless required for legal, audit or anti‑fraud purposes and subject to safeguards.

Third‑party links

Where the Service links to third‑party sites or app stores, their handling of personal data is governed by their own policies.

Deleting data

To request erasure of your other personal data from Cantilever, please contact privacy@cantilever-music.com. This data includes your User Data, Usage Data and other data listed in ‘Personal data we collect about you.

Changes to this policy

We may update this Policy from time to time. Significant changes will be notified within the Service. The version and date above indicate the latest update.

Contact

For any questions or to exercise your rights, contact privacy@cantilever-music.com or write to Cantilever Music Limited, 9 Eastlake Road, London, SE5 9QJ, UK.