Privacy Policy

1. Scope & Controller

TrapRoyaltiesPro (TRP) is the data controller for personal data collected through our website, API, node network, and legal portals. Our data protection officer can be reached at dpo@traproyaltiespro.com.

2. Data We Collect

2.1 Account & Profile Data
When you register for an attorney or label account, we collect name, email, firm/company name, and professional credentials. Payment information is processed by Stripe and not stored by us.

2.2 Metadata & Catalog Data
All ISRCs, ISWCs, split sheets, contracts, and royalty statements you upload are processed solely for your internal use. This data remains yours and is never shared with third parties without your explicit instruction.

2.3 Node Operator Data
If you run an SMPT verification node, we collect node ID, IP address, stake wallet address (public), and uptime statistics — all used to maintain network integrity.

2.4 Technical Data
IP addresses, browser fingerprints, and usage logs are collected for security and performance monitoring. Logs are anonymized after 14 days.

3. Legal Basis (GDPR)

• Contract performance — Providing the forensic tools you request.
• Legitimate interest — Network security, fraud prevention, product improvement.
• Legal obligation — Compliance with court orders, anti‑money laundering checks.
• Consent — Marketing communications (opt‑in only).

4. Data Sharing & Third Parties

We do not sell your data. We share only as necessary for:

• PRO databases — When you initiate a cross‑reference check (e.g., ASCAP, BMI).
• Legal authorities — If required by subpoena or court order.
• Service providers — Hosting (Hostinger), email (SendGrid), payments (Stripe) — all GDPR‑compliant.

5. International Data Transfers

Your data is primarily processed on servers in the EU (Frankfurt/London). For transfers outside the EEA, we rely on Standard Contractual Clauses and adequacy decisions. Node operators outside the EU explicitly consent to cross‑border data transmission.

6. Your Rights (GDPR / CCPA)

You have the right to:

• Access — Request a copy of your personal data.
• Rectification — Correct inaccurate information.
• Erasure — Request deletion (subject to legal holds).
• Restriction / Portability — Limit processing or receive data in machine‑readable format.
• Object — Object to processing based on legitimate interests.

To exercise rights, contact privacy@traproyaltiespro.com. We respond within 30 days.

7. Data Retention

• Account data: retained until account deletion + 30 days grace.
• Uploaded royalty statements: 7 years (legal statute of limitations).
• Node operator logs: 90 days.
• On‑chain data (hashes) are permanent and cannot be deleted.

8. Cookies

We use only essential cookies for authentication and security. No tracking or advertising cookies are used. See our Cookie Policy for details.

9. Children's Privacy

TRP is not directed at individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

Material changes will be announced via email and website notice. Continued use after changes constitutes acceptance.