leadsheet.me
← Go back

Privacy Policy for leadsheet.me

This page explains what personal data we collect, why we collect it, and how you can exercise your privacy rights.

Effective date: 2026-02-12
Last updated: 2026-02-12

This Privacy Policy explains how leadsheet.me (the “Service”) collects, uses, shares, and protects personal data. By using the Service, you acknowledge this Privacy Policy.

1. Controller / Who we are

The Service is operated by Daniel Berger, a private individual, based in Austria (“we”, “us”, “our”). We act as the data controller for personal data processed through the Service.

Contact for privacy requests: office@leadsheet-app.com

2. What data we collect

2.1 Account and identity data (Google Sign-In)

We use Google Sign-In for authentication. The Google Sign-In scope is limited to the minimum necessary information:

  • Name
  • Email address

We store this data to create and maintain your user account and to authorize access to the Service.

2.2 Content you upload

When you use the Service, you may upload audio files (“Uploads”) for analysis and lead sheet generation. We process and store:

  • Audio files you upload
  • Generated outputs (e.g., PDF and MusicXML files)

2.3 Payment-related data (Stripe)

Payments are processed by Stripe. We do not store full payment card details. Depending on Stripe’s setup and the information sent back to us, we may receive and store limited payment metadata such as:

  • purchase status (successful/failed)
  • amount, currency
  • credit pack purchased (e.g., 5 or 10 credits)
  • timestamps and transaction identifiers (as provided by Stripe)

2.4 Usage and technical data

Like most online services, we may process basic technical data necessary for operation and security, such as:

  • device/browser information
  • IP address (typically via server logs)
  • timestamps, basic request logs
  • error/diagnostic information

This data is used for security, troubleshooting, and maintaining the Service.

3. Why we use your data (purposes)

We process personal data for the following purposes:

  • Authentication and account access (name/email from Google Sign-In)
  • Providing the Service: uploading, storing, processing audio files; generating lead sheets and delivering PDF/MusicXML outputs
  • Payments and billing support: handling purchases and confirming credits via Stripe
  • Security and abuse prevention
  • Customer support: responding to questions and deletion requests
  • Service maintenance and improvement (e.g., debugging, performance monitoring)

4. Legal bases (GDPR)

Where the GDPR applies, our legal bases include:

  • Contract performance (Art. 6(1)(b) GDPR): to provide the Service you request (account access, file processing, output generation, credit usage)
  • Legitimate interests (Art. 6(1)(f) GDPR): operating, securing, and improving the Service; preventing fraud/abuse; maintaining logs necessary for reliability and security
  • Legal obligation (Art. 6(1)(c) GDPR): where we must comply with applicable laws (e.g., accounting/record-keeping requirements for payments)

5. How long we keep data (retention)

We keep data only as long as necessary for the purposes described above:

  • Account data (name/email): retained while you maintain an account, and for a reasonable period thereafter if needed for security, dispute handling, or compliance.
  • Uploaded audio files and generated outputs: stored for a while to enable processing and to provide you the requested lead sheets. We may also keep them for a limited time after generation for reliability (e.g., re-download), unless you request deletion.
  • Payment metadata: retained as needed for accounting, fraud prevention, and legal compliance.
  • Logs/technical data: retained for a limited time for security and troubleshooting.

You can request deletion as described in Section 9.

6. Where data is stored

Data is stored in a database and associated storage used to run the Service. We take reasonable steps to protect stored data using appropriate technical and organizational measures (see Section 10).

7. Sharing and third parties

We share data only as needed to operate the Service:

7.1 Google Sign-In (authentication)

We use Google Sign-In to authenticate you. Google processes data according to its own privacy policies.

7.2 Stripe (payments)

We use Stripe to process payments. Stripe processes payment information according to its own privacy policies and security standards.

7.3 Service providers / hosting

We may use infrastructure providers (e.g., hosting, storage, database) to run leadsheet.me. They process data only on our instructions and to provide their services to us.

7.4 Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with a legal obligation or request,
  • enforce our terms, or
  • protect the rights, safety, and security of users, the public, or the Service.

8. International transfers

If any of our providers (e.g., Google, Stripe, infrastructure vendors) process data outside the European Economic Area (EEA), transfers may occur under appropriate safeguards (such as adequacy decisions or standard contractual clauses), depending on the provider’s setup.

9. Your rights and choices

9.1 Access, deletion, and other GDPR rights

Depending on your location (and particularly if you are in the EEA/UK), you may have rights including:

  • access to your personal data
  • correction of inaccurate data
  • deletion of your data
  • restriction or objection to certain processing
  • data portability (where applicable)
  • the right to lodge a complaint with a supervisory authority

9.2 Requesting deletion

You may request deletion of your data by emailing:
office@leadsheet-app.com

Please include the email address you use to sign in (Google account email) so we can locate your account.

10. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

11. Children’s privacy

The Service is not intended for children. If you believe a child has provided personal data, contact us at office@leadsheet-app.com.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date will reflect the latest changes. Continued use of the Service after an update means you accept the updated Privacy Policy.

13. Contact

For privacy questions or requests:

Email: office@leadsheet-app.com
Operator: Daniel Berger (Austria)

Plain-language summary (not legally binding)

  • We store your name and email from Google Sign-In to let you log in.
  • We store your uploaded audio files temporarily to generate lead sheets and deliver PDF/MusicXML outputs.
  • Stripe handles payments; we keep only basic purchase records.
  • You can request deletion anytime via office@leadsheet-app.com.