This policy applies to the Marisonus website, analyzer workspace, account registration, demo upload flow, billing-related account fields, and support or security operations tied to the service.

The final production version should name the legal operating entity and the monitored contact details used for privacy or legal notices. Until that information is published in launch materials, this policy describes how the service handles data in substance but should still be finalized with operator details before paid public rollout.

We may process account identity data such as name, email address, company name, and profile preferences when you register or update your account.

We may process authentication and security data such as password changes, session identifiers, access tokens, IP-derived security signals, admin audit events, incident records, rate-limit state, and brute-force protection metadata.

We may process upload-related data such as filenames, file size, duration, format, temporary chunk identifiers, upload/session identifiers, analyzer mode, improvement-consent flags, and derived analysis results.

If paid billing is enabled later, we may also process billing contact fields, subscription state, processor IDs, and plan metadata necessary to operate recurring access.

We use personal data to create and manage accounts, authenticate users, deliver audio analysis, enforce plan limits, secure the platform, investigate failures, prevent abuse, and operate support, billing, and infrastructure workflows.

We also use operational data to monitor availability, troubleshoot analysis failures, review security incidents, and improve reliability of the upload and analysis pipeline.

Where applicable data protection law requires a legal basis, Marisonus generally relies on contract necessity to provide the requested service, legitimate interests in securing and operating the platform, consent where optional demo-retention or marketing preferences are offered, and legal obligations where records must be retained by law.

For signed-in users, the service processes the uploaded source audio, creates the analysis record, and then deletes the stored source file after the analysis completes or terminally fails. The retained account history consists of metadata, timestamps, metrics, and recommendations rather than a downloadable copy of the original upload.

For demo uploads, temporary chunk files are stored only long enough to reassemble and validate the upload. When async processing is used, the queued raw file is stored in processing storage during analysis and is then deleted after completion or terminal failure. A temporary session copy of analysis output may be stored to hand the result back to the demo user.

Derived analysis payloads, incident records, and minimal async job metadata may remain in the operational database for reliability, abuse prevention, and troubleshooting even after the raw demo file has been deleted.

Demo users must confirm they accept the governing terms and that they have the right to upload the audio. Signed-in members may also be shown a separate optional improvement-consent prompt before upload.

Declining that optional improvement consent does not block the ordinary analysis flow.

If that optional consent is not selected, the upload should be handled for the requested analysis flow only. If it is selected, Marisonus may retain the material or associated outputs longer for service improvement, calibration work, or future reference-model development, subject to internal review and security controls.

The current codebase keeps that consent separate from the core analysis flow and can route opted-in member uploads into an internal genre-based reference-library import folder. It does not automatically publish uploads into any public library, expose them to other customers, or automatically add them into a customer-visible shared reference corpus.

Opted-in internal reference imports are intended to remain stored until the uploader submits a deletion request through support or Marisonus removes them internally.

We may share data with hosting, storage, queue, cache, security, authentication, and payment infrastructure providers that process data on our behalf and under our instructions.

We may also disclose data where reasonably necessary to investigate abuse, protect the platform, comply with law, respond to valid legal process, or enforce our rights.

We do not describe customer audio as public or community-visible content. Access is intended to be restricted to the uploader, authorized staff, and infrastructure processors needed to run the service.

Account profile data is typically retained while the account remains active and for a reasonable period afterward where needed for security, billing, or legal recordkeeping.

For signed-in workspace uploads, the original source audio is not intended to remain in long-term storage after analysis. The retained account history is the analysis record and associated metadata until deleted by the user, removed through account deletion handling, or aged out under the currently configured member-history retention window.

The current launch configuration is set up for these initial windows: completed demo-derived job records for 24 hours, failed demo jobs for 72 hours, abuse and security event records for 30 days, and signed-in member analysis history for 7 days. Production should run the purge command on a scheduler and can change those windows later if infrastructure capacity or public policy commitments change.

You may be able to access, correct, update, or delete parts of your data through the product interface or by using the public support workflow on the contact page. For signed-in analysis history, the repository now supports self-service deletion of individual entries and full history removal.

Anonymous demo users who want manual deletion review should submit the request promptly through the same support path, because the normal demo-retention windows are intentionally short.

Where required by applicable law, you may also have the right to object to certain processing, withdraw consent where consent is the basis, or lodge a complaint with your local supervisory authority.

Marisonus uses technical and organizational measures intended to reduce unauthorized access, including authentication controls, admin restrictions, rate limiting, tokenized analyzer access, security logging, and infrastructure security settings.

No internet service is absolutely secure. You should upload only through trusted devices and networks and should not share account credentials or analyzer access tokens.

The service may rely on cloud providers or infrastructure located in more than one jurisdiction. If personal data is transferred across borders, Marisonus expects to rely on appropriate contractual, organizational, or statutory safeguards where required by law.

The service is not intended for children and should not be used by anyone who is not old enough to form a binding agreement under applicable law.

We may update this policy as the product, infrastructure, legal setup, or billing model changes. Material updates should be reflected on this page with a revised effective date.