Privacy Policy

1) Who we are

This Privacy Policy explains how Bole-Bole LLC, a Wyoming, USA LLC ("Company", "we", "us"), processes personal data when providing the [App/Website/Services] (the "Services"). The Company is the data controller for the processing described here unless stated otherwise.

2) Scope

This policy applies to visitors, registered users, collaborators, and other individuals whose data are processed in connection with the Services, including business contacts and support requesters.

3) Categories of personal data

• Account and identity: name, display name, handle, email, password hash, country, language, age verification data.
• Profile and creator meta: role (artist, producer), biography, avatar, social links, credits, contribution history, split preferences.
• Collaboration content: project titles, messages, comments, file names and versions, technical file attributes; note: audio files and project files may contain personal data in metadata or voiceprints if uploaded.
• Transactional and plan: subscription tier, invoices, VAT ID where applicable, payment status (processed by third-party processor; we do not store full card details).
• Usage and device: app telemetry, IP address, device identifiers, OS/browser info, log events, crash data, cookie IDs, cookie preferences.
• Marketing and communications: preferences, consents, email engagement, referral information.

4) Sources of personal data

We collect data directly from individuals (registration, uploads, settings), automatically via the Services (cookies, SDKs, telemetry), and from third parties (payment processors, single sign-on, distribution partners, or sample/library providers as enabled).

5) Purposes and legal bases

We process personal data for the following purposes and legal bases:

• Provide and secure the Services: account creation, authentication, collaboration tools, storage, versioning, security monitoring; legal basis: performance of a contract and legitimate interests in securing the service.
• Facilitate collaboration: credits, split tools, project workflows, notifications; legal basis: performance of a contract.
• Payments and billing: subscription management, fraud prevention; legal basis: performance of a contract and legitimate interests in preventing abuse.
• Customer support: responding to requests, incident handling; legal basis: performance of a contract and legitimate interests in service quality.
• Product improvement: analytics, crash diagnostics, feature development with aggregated/de-identified measures; legal basis: legitimate interests, with cookies/SDKs set on consent where required.
• Marketing communications: newsletters, campaigns, promotions; legal basis: consent for electronic marketing; legitimate interests for B2B soft opt-in where permitted; opt-out available at any time.
• Legal compliance: tax, accounting, record-keeping, law enforcement requests; legal basis: legal obligation.
• AI-assisted features (if applicable): transcription, stem separation, noise reduction or recommendation; processed under performance of a contract; model training only with explicit, granular consent and robust opt-out controls.

6) Cookies and similar technologies

We use necessary cookies for core functionality and, with consent, use analytics and advertising cookies. A Cookie Banner and Preference Center allow granular choices and withdrawal at any time. Details of cookie types, purposes, retention, and third parties are set out in our Cookie Policy, incorporated by reference.

7) Data sharing and recipients

We share personal data with:

• Processors/service providers: hosting, storage/CDN, email/SMS, analytics, error logging, customer support, payment processing, identity verification, and fraud prevention, bound by DPAs.
• Collaboration recipients: project collaborators see content and profile data necessary for collaboration; private projects limit visibility to invited users.
• Integrations (optional): distribution partners, DSP delivery, cloud storage, SSO providers, sample libraries; sharing occurs only when enabled by the user or required to fulfill selected features.
• Corporate and legal: professional advisors, auditors; authorities where legally required; in restructuring or acquisition, data may transfer subject to safeguards.

8) International transfers

Where data are transferred outside the EEA/UK/Switzerland, we implement appropriate safeguards such as EU Standard Contractual Clauses (and UK IDTA/Addendum where applicable), and conduct transfer impact assessments. Additional technical and organizational measures are applied as needed.

9) Retention

We retain personal data only as long as necessary for the purposes stated or as required by law, then delete or anonymize. Examples: account data retained for the life of the account; billing records kept for statutory periods; logs retained for a limited period for security and audit; backups for limited cycles.

10) Security

We implement appropriate technical and organizational measures, including encryption in transit, access controls, least-privilege, monitoring, vulnerability management, and incident response. No system can be 100% secure; risk-based safeguards are reviewed periodically.

11) Data subject rights

Under GDPR (and similar laws), individuals have rights to:

• Access and obtain a copy of their data; rectify inaccurate data; erase data in certain circumstances; restrict processing; data portability; object to processing based on legitimate interests or direct marketing; withdraw consent at any time without affecting prior processing.

How to exercise: Use in-product privacy controls or contact us at privacy@bole-bole.com. We will verify identity and respond within one month (extendable per GDPR in complex cases). Individuals have the right to lodge a complaint with a supervisory authority (such as their local DPA).

12) Children's data

Our Services are not intended for children under the age required by local law to consent to data processing. Where permitted accounts are created for minors, we obtain and verify parental consent and apply age-appropriate protections.

13) Automated decision-making

We do not engage in decisions producing legal or similarly significant effects solely based on automated processing, including profiling. If this changes, we will provide meaningful information about the logic involved and the significance and envisaged consequences, and enable rights to obtain human review.

14) Joint controllers and collaborators

Where features enable co-managed spaces with partners (e.g., distribution), we will clearly identify roles (controller/processor/joint controller) and make the essence of any joint controller arrangement available as required by GDPR Article 26.

15) Processor obligations (for business features)

For enterprise/workspace customers where we act as processor, we process personal data on written instructions under a Data Processing Addendum (DPA), including confidentiality, subprocessor controls, security, assistance with data subject requests, and deletion/return of data after termination.

16) Lawful requests and user notice

We may disclose data when required by law or valid legal process. Unless legally prohibited or where notice would be futile or harmful, we will attempt to notify affected users before disclosure and may challenge overbroad or unlawful requests.

17) How to contact us and the DPO

Questions, requests, or complaints: privacy@bole-bole.com

18) Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the Services or email and will take effect upon posting unless otherwise stated. Continued use after the effective date constitutes acceptance; consent choices can be revisited at any time.