PRIVACY POLICY

TuneScore — AI-Powered Music Analysis Platform

Effective Date: March 20, 2026 | Last Updated: March 20, 2026

Operated by: SOLD OUT MEDIA SOLUTIONS - FZCO


1. INTRODUCTION AND SCOPE

1.1. This Privacy Policy ("Policy") is issued by SOLD OUT MEDIA SOLUTIONS - FZCO, a company incorporated and registered in the United Arab Emirates, operating the TuneScore platform accessible at tune-score.com and app.tune-score.com (collectively, the "Platform"). References to "TuneScore," "we," "us," or "our" throughout this Policy shall mean SOLD OUT MEDIA SOLUTIONS - FZCO and its affiliates.

1.2. This Policy describes how we collect, use, store, share, and protect personal data and other information when you access or use the Platform, create an account, upload audio files for analysis, generate reports, or otherwise interact with our services (collectively, the "Services").

1.3. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any provision of this Policy, you must discontinue use of the Platform immediately.

1.4. This Policy applies to all users of the Platform worldwide. Where you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or any other jurisdiction with specific data protection legislation, additional provisions set forth in Section 12 shall apply to the extent required by applicable law.

2. DEFINITIONS

For the purposes of this Policy, the following terms shall have the meanings set out below:

"Audio Files" means any music tracks, sound recordings, or audio content uploaded by you to the Platform for the purpose of analysis.

"Analysis Report" means the output generated by the Platform following the processing of an Audio File, including but not limited to technical scores, commercial assessments, genre classifications, mood profiles, and strategic recommendations.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection legislation.

"Processing" means any operation performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, or erasure.

"Third-Party Service Providers" means external entities engaged by TuneScore to perform specific functions in connection with the Services, including but not limited to audio intelligence providers, AI model providers, payment processors, and hosting infrastructure providers.

"Account Data" means information you provide during registration and account management, including email address, name, profile picture, and authentication credentials.

3. DATA CONTROLLER

3.1. The data controller responsible for the processing of your Personal Data under this Policy is:

SOLD OUT MEDIA SOLUTIONS - FZCO Email: legal@tune-score.com Website: tune-score.com

3.2. For all inquiries related to data protection, privacy rights, or this Policy, please contact us at: privacy@tune-score.com.

4. INFORMATION WE COLLECT

4.1. Account Data

When you create an account on the Platform, we collect the following information:

  • Email address (required for account creation and authentication);

  • Full name (optional, used for personalization of the Platform experience);

  • Profile picture (optional, uploaded at your discretion);

  • Authentication credentials (passwords are cryptographically hashed using industry-standard algorithms and are never stored in plain text).

4.2. Audio Files and Music Data

4.2.1. To provide our analysis Services, we collect and process Audio Files that you voluntarily upload to the Platform. Audio Files are securely stored on our encrypted servers for as long as your account remains active, enabling core Platform features including but not limited to:

  • Your personal Library of analyzed tracks;

  • The ability to re-access and re-download Analysis Reports;

  • The generation of Promo Plans and promotional strategies based on previously analyzed content;

  • Cross-track comparison and portfolio analysis features.

4.2.2. In connection with Audio Files, we also collect and store:

  • Song titles, artist names, and related metadata you provide during the upload process;

  • Social media handles and publicly available follower count data for artists associated with the uploaded track;

  • Generated Analysis Reports, including all scores, classifications, and strategic recommendations;

  • Generated Promo Plans and promotional timelines.

4.2.3. Audio Files are never shared with other users of the Platform, are never made publicly accessible, and are never used for any purpose other than delivering the Services to you. Audio Files are not used to train, fine-tune, or improve any machine learning models.

4.2.4. You may delete any individual Audio File and its associated Analysis Report from your Library at any time through the Platform interface. Deletion is permanent and irreversible. Upon account deletion, all associated Audio Files are permanently removed from our servers within thirty (30) days, subject to any retention obligations set forth in Section 8.

4.3. Usage and Technical Data

We automatically collect certain technical and usage information when you access the Platform:

  • Device information, including browser type and version, operating system, and screen resolution;

  • Internet Protocol (IP) address and approximate geolocation derived therefrom;

  • Pages visited, features used, and interactions with Platform elements;

  • Date, time, and duration of access sessions;

  • Referring URL and exit pages;

  • Error logs and performance data.

4.4. Payment and Transaction Data

4.4.1. Payment processing for subscription services and credit purchases is handled exclusively by third-party payment processors. We do not collect, process, store, or have access to your full credit card numbers, bank account details, or other sensitive payment instrument data at any time.

4.4.2. We receive and store only the following transaction-related data from our payment processors:

  • Transaction identifiers and confirmation numbers;

  • Subscription status (active, cancelled, expired) and plan type;

  • Billing cycle dates and renewal information;

  • Transaction amounts and currency;

  • Last four digits of the payment instrument (for your reference only).

4.5. Cookies and Tracking Technologies

4.5.1. The Platform uses cookies and similar tracking technologies to maintain session state, remember your preferences, and analyze usage patterns. The specific categories of cookies deployed are:

  • Strictly Necessary Cookies: Required for authentication, security, and core Platform functionality. These cannot be disabled.

  • Analytics Cookies: Used to understand how the Platform is accessed and used, enabling us to improve the user experience. These may be declined through your browser settings or our cookie consent mechanism.

  • Preference Cookies: Used to remember your settings and preferences across sessions.

4.5.2. We do not deploy advertising cookies or tracking pixels. We do not serve advertisements on the Platform, and we do not share your data with advertising networks.

5. THIRD-PARTY SERVICE PROVIDERS AND DATA PROCESSING

5.1. To deliver the Services, we engage Third-Party Service Providers who may process your data on our behalf. Each provider operates under contractual obligations that restrict the use of your data solely to the purposes specified by TuneScore. The categories of Third-Party Service Providers are as follows:

5.1.1. Audio Intelligence Providers. We use industry-certified audio intelligence technology to perform technical analysis of Audio Files, including BPM detection, key detection, genre classification, mood profiling, instrumentation mapping, and energy analysis. Audio data transmitted to these providers is processed solely for the purpose of generating your Analysis Report. These providers do not retain your Audio Files beyond the duration necessary to complete the analysis.

5.1.2. AI Model Providers. We use advanced artificial intelligence models to generate the commercial analysis layer of your Analysis Report, including commercial scoring, market fit assessment, strategic recommendations, comparable artist identification, and promotional strategies. Metadata derived from the technical analysis (not the Audio File itself) may be transmitted to AI model providers for this purpose. These providers process data in accordance with their own data processing agreements, which prohibit the use of your data for model training.

5.1.3. Payment Processors. Subscription payments and credit purchases are processed by PCI DSS-compliant payment processors. We do not have access to your full payment instrument data. Payment processors operate as independent data controllers with respect to the payment data they collect.

5.1.4. Cloud Infrastructure Providers. The Platform is hosted on secure, encrypted cloud infrastructure. Your data, including Audio Files, is stored on servers operated by reputable cloud infrastructure providers with industry-standard security certifications.

5.1.5. Authentication Providers. If you use third-party authentication (e.g., "Sign in with Google"), the authentication provider may share your email address and basic profile information with us in accordance with your authorization. We do not receive your password from these providers.

5.2. We do not sell, rent, lease, or otherwise commercially transfer your Personal Data or Audio Files to any third party. We do not share your data with third parties for their own marketing or advertising purposes.

6. HOW WE USE YOUR INFORMATION

6.1. We process your Personal Data and other information for the following purposes:

  • Service Delivery: To provide, maintain, and operate the Platform, including processing Audio Files, generating Analysis Reports and Promo Plans, managing your Library, and maintaining your account.

  • Payment Processing: To process subscription payments, credit purchases, and manage billing cycles through our third-party payment processors.

  • Communication: To send you service-related notifications, including account confirmations, subscription status updates, credit balance alerts, and material changes to the Platform or this Policy. We will not send you unsolicited marketing communications without your explicit prior consent.

  • Platform Improvement: To analyze aggregated, anonymized usage data to understand how the Platform is used and to improve its functionality, performance, and user experience. Individual Audio Files are never used for this purpose.

  • Security and Fraud Prevention: To detect, prevent, and respond to fraud, unauthorized access, security incidents, and other potentially prohibited or illegal activities.

  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to establish, exercise, or defend legal claims.

6.2. Legal Bases for Processing (EEA/UK Users). Where the General Data Protection Regulation ("GDPR") or UK GDPR applies, we process your Personal Data on the following legal bases:

  • Performance of a Contract (Article 6(1)(b) GDPR): Processing necessary to perform the Services you have requested, including account creation, Audio File analysis, and report generation.

  • Legitimate Interests (Article 6(1)(f) GDPR): Processing necessary for our legitimate interests in operating, improving, and securing the Platform, provided such interests are not overridden by your fundamental rights and freedoms.

  • Consent (Article 6(1)(a) GDPR): Where you have given explicit consent, such as for the receipt of marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

  • Legal Obligation (Article 6(1)(c) GDPR): Processing necessary to comply with a legal obligation to which we are subject.

7. DATA STORAGE AND SECURITY

7.1. We implement and maintain appropriate technical and organizational measures to protect your Personal Data and Audio Files against unauthorized access, accidental loss, destruction, or alteration. These measures include but are not limited to:

  • Encryption of data at rest and in transit using AES-256 and TLS 1.2 or higher, respectively;

  • Cryptographic hashing of authentication credentials using bcrypt or equivalent algorithms;

  • Logical access controls restricting access to Personal Data and Audio Files to authorized personnel on a need-to-know basis;

  • Regular security assessments and vulnerability monitoring;

  • Secure cloud infrastructure with industry-standard certifications;

  • Automated backup and disaster recovery procedures.

7.2. Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. DATA RETENTION

8.1. We retain your Personal Data and Audio Files for the following periods:

Data CategoryRetention PeriodAccount DataDuration of account activity plus 30 days following account deletionAudio FilesDuration of account activity, or until individually deleted by you, whichever occurs first. Upon account deletion, removed within 30 days.Analysis Reports & Promo PlansDuration of account activity, or until individually deleted by you. Upon account deletion, removed within 30 days.Usage and Technical DataUp to 24 months from the date of collection, in aggregated or anonymized formPayment and Transaction DataAs required by applicable tax, accounting, and financial reporting obligations (typically 5-7 years)Communication RecordsUp to 24 months from the date of the communication, or as required for legal compliance

8.2. Upon expiration of the applicable retention period, or upon your valid request for erasure (subject to legal exceptions), we will securely delete or anonymize the relevant data. Data residing in encrypted backup systems will be overwritten in accordance with our standard backup rotation cycle, not to exceed ninety (90) days following the deletion from primary systems.

9. YOUR RIGHTS

9.1. Subject to applicable law, you have the following rights with respect to your Personal Data:

  • Right of Access — You have the right to request confirmation as to whether your Personal Data is being processed, and if so, to obtain a copy of such data and information about the processing.

  • Right to Rectification — You have the right to request correction of inaccurate Personal Data and completion of incomplete Personal Data.

  • Right to Erasure ("Right to be Forgotten") — You have the right to request deletion of your Personal Data, including all Audio Files, Analysis Reports, and account information. You may exercise this right by deleting individual items through the Platform interface or by requesting full account deletion. We will process account deletion requests within thirty (30) days, subject to any legal retention obligations.

  • Right to Restriction of Processing — You have the right to request restriction of processing of your Personal Data in certain circumstances, such as when you contest the accuracy of your data or object to processing based on legitimate interests.

  • Right to Data Portability — You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This includes the ability to download your Analysis Reports in PDF format.

  • Right to Object — You have the right to object to processing of your Personal Data based on legitimate interests. Upon such objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

  • Right to Withdraw Consent — Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

  • Right to Lodge a Complaint — You have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.

9.2. To exercise any of the above rights, please submit a request to privacy@tune-score.com. We will respond to verified requests within thirty (30) days of receipt, or within the timeframe required by applicable law. We may request additional information to verify your identity before processing your request.

10. INTERNATIONAL DATA TRANSFERS

10.1. TuneScore is operated by an entity registered in the United Arab Emirates. Your Personal Data and Audio Files may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that differ from those in your jurisdiction.

10.2. Where we transfer Personal Data originating in the EEA or UK to countries that have not been deemed to provide an adequate level of data protection by the European Commission or UK authorities, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission;

  • UK International Data Transfer Agreement or Addendum, as applicable;

  • Binding contractual commitments with Third-Party Service Providers requiring them to protect your data to a standard consistent with applicable European data protection law.

10.3. You may request a copy of the safeguards we have put in place by contacting us at privacy@tune-score.com.

11. CHILDREN'S PRIVACY

11.1. The Platform is not directed at, and is not intended for use by, children under the age of sixteen (16) in the EEA/UK, or under the age of thirteen (13) in other jurisdictions, or under the applicable minimum age in your jurisdiction of residence (collectively, "Minors").

11.2. We do not knowingly collect Personal Data from Minors. If we become aware that we have inadvertently collected Personal Data from a Minor, we will take immediate steps to delete such data from our systems. If you are a parent or legal guardian and believe that your child has provided Personal Data to TuneScore, please contact us immediately at privacy@tune-score.com.

12. JURISDICTION-SPECIFIC PROVISIONS

12.1. European Economic Area and United Kingdom

If you are located in the EEA or UK, the provisions of the GDPR and/or UK GDPR apply to our processing of your Personal Data. The legal bases for processing, your rights as a data subject, and our obligations regarding international data transfers are set forth in Sections 6.2, 9, and 10 of this Policy, respectively. Our designated contact for data protection inquiries is reachable at privacy@tune-score.com.

12.2. United States — California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including the right to know what Personal Data is collected, the right to delete, the right to opt-out of the sale or sharing of Personal Data, and the right to non-discrimination for exercising your rights. We do not sell or share your Personal Data as defined under the CCPA/CPRA. To exercise your rights, contact us at privacy@tune-score.com.

12.3. Brazil

If you are located in Brazil, the Lei Geral de Proteção de Dados ("LGPD") provides you with rights similar to those outlined in Section 9. To exercise your rights, contact us at privacy@tune-score.com.

12.4. United Arab Emirates

As an entity registered in the UAE, we comply with applicable UAE federal data protection regulations, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, to the extent applicable.

13. INTELLECTUAL PROPERTY AND OWNERSHIP OF AUDIO FILES

13.1. You retain all intellectual property rights, including copyright, in the Audio Files you upload to the Platform. Uploading an Audio File to TuneScore does not transfer any ownership rights to us.

13.2. By uploading an Audio File, you grant TuneScore a limited, non-exclusive, non-transferable, revocable license to process and store the Audio File solely for the purpose of providing the Services to you. This license terminates immediately upon deletion of the Audio File or your account.

13.3. You represent and warrant that you have the right to upload each Audio File and that such upload does not infringe the intellectual property rights of any third party.

14. DATA BREACH NOTIFICATION

14.1. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

14.2. Where a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, in accordance with Article 34 of the GDPR.

15. THIRD-PARTY LINKS AND SERVICES

15.1. The Platform may contain links to third-party websites, services, or resources that are not operated by TuneScore. We are not responsible for the privacy practices or content of such third-party services. We encourage you to review the privacy policies of any third-party services you access through links on the Platform.

16. CHANGES TO THIS POLICY

16.1. We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the revised Policy on the Platform with an updated "Last Updated" date;

  • Sending you an email notification at the address associated with your account (for material changes affecting your rights);

  • Displaying a prominent notice within the Platform interface.

16.2. Your continued use of the Platform following the posting of a revised Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you must discontinue use of the Platform and delete your account.

17. GOVERNING LAW AND DISPUTE RESOLUTION

17.1. This Policy shall be governed by and construed in accordance with the laws of the United Arab Emirates, without regard to its conflict of laws provisions, except to the extent that mandatory data protection laws of your jurisdiction of residence require otherwise.

17.2. Any disputes arising out of or in connection with this Policy shall be submitted to the exclusive jurisdiction of the courts of the United Arab Emirates, except where applicable law provides you with the right to bring proceedings in the courts of your habitual residence.

18. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

General inquiries: legal@tune-score.com

Data protection & privacy: privacy@tune-score.com

Website: tune-score.com

SOLD OUT MEDIA SOLUTIONS - FZCO | TuneScore | Effective March 20, 2026