In this privacy policy, we explain how your personal data is collected, used, stored, and protected at Clave de Mi, both on the main website and on the web version of the player as well as the Android app linked to the project.
This policy applies to the use of services available at clavedemi.com, its pages, associated functionalities, the web version of the player, and the Android app related to Clave de Mi, unless a specific additional policy or clause is indicated in any particular form, service, or process.
We also recommend reading the Legal Notice, the Cookie Policy and the Terms and Conditions.
1. Data Controller
Controller: Ismael Vallejo Ruiz
Tax ID (NIF): 52900192P
Address: C/ Playa de Zarauz, 26, Madrid, Spain
Email: info@clavedemi.com
Website: https://clavedemi.com/
2. What personal data may be processed
Depending on how you use Clave de Mi, we may process different types of personal data, for example:
- Identifying and contact data, such as name, surname, email address, or username.
- Account, access, and service usage data, such as credentials, login records, basic activity within the service, and usage preferences.
- Order, subscription, and payment-related data, such as billing information, contracted products or services, payment status, and renewals. Payments are processed through specialized third parties, so Clave de Mi does not need to store your full bank card details.
- Data included in contact forms, transcription request forms, or communications you send us by email.
- Files and content you upload to the service, such as scores, MIDI files, MusicXML, or other materials related to platform use.
- Technical and navigation data, such as IP address, device or browser identifiers, server logs, cookies, and similar technologies, according to the Cookie Policy.
- Data associated with comments posted on the website, such as the name or alias you provide, the content of the comment, the IP address, and technical browser data necessary for moderation, security, and spam prevention.
3. How we obtain your data
Personal data is primarily obtained when:
- you browse the website or use the player and app;
- you create a user account or log in;
- you make a purchase or subscribe;
- you fill out the contact form or write to us by email;
- you request a transcription service;
- you subscribe to the newsletter or informational/commercial communications;
- you upload files or content to the platform;
- you post comments on the website.
4. Purposes of processing and legal bases
We process your personal data for the following purposes and under the following legal bases:
| Purpose | Data processed | Legal basis | Retention criteria |
|---|---|---|---|
| Manage navigation, the technical operation of the site, security, abuse control, and incident prevention | IP, technical logs, identifiers, browser/device data, basic usage activity | Legitimate interest of the controller in ensuring service security, stability, and improvement | For as long as necessary for security, technical diagnosis, fraud prevention, and handling possible incidents or responsibilities |
| Handle inquiries, requests, and communications sent via forms or email | Name, email, phone if provided, message content, and data associated with the inquiry | Consent of the data subject or application of pre-contractual measures at the request of the data subject, as appropriate | For as long as necessary to handle the request and afterward, as long as related liabilities may arise |
| Create and manage user accounts, access to the private area, and service use | Registration data, credentials, username, basic activity, preferences, and account status | Execution of the contractual or pre-contractual relationship with the user | While the account remains active and subsequently, for as long as necessary to meet legal obligations, security needs, and possible claims |
| Manage purchases of digital content, orders, billing, and premium subscriptions | Identification, contact, billing, orders, renewals, incidents, and payment status data | Execution of the contract and compliance with applicable legal obligations | During the contractual relationship and, subsequently, during the periods required by tax, accounting regulations and other applicable legal obligations |
| Manage payments through Stripe and PayPal | Data necessary to identify the operation, amount, payment status, and transaction references | Contract execution | For the time necessary to manage collection, incidents, refunds, fraud prevention, and associated legal obligations |
| Provide the transcription service requested by the user | Contact data, order information, submitted files, remarks, and data necessary for billing and service tracking | Application of pre-contractual measures at the request of the interested party and, if applicable, contract execution | During the order management and afterwards while legal obligations or associated claims may arise |
| Manage files and content uploaded by users, including their reproduction, viewing, technical conversion, and availability according to the service configuration | Uploaded files, metadata, associated technical data, public or private status of the content, and relationship with the user’s account | Execution of the contract or service terms; legitimate interest in the technical management and security of the platform | While the content remains linked to the service and afterward, for the technically necessary time for backups, continuity, security, or liability management |
| Send newsletters, updates, promotional or informational communications | Name and email, and where appropriate, tags or communication preferences | Consent of the data subject | Until you withdraw consent, unsubscribe, or they are no longer necessary for the corresponding purpose |
| Manage published comments on the website and their moderation | Name or alias, email, comment content, IP, and associated technical data | Consent of the data subject when posting the comment; legitimate interest in moderation, security, and spam prevention | While the comment remains published or until its removal is justified by a legitimate request, moderation, or legal need |
| Display advertisements and monetize services through Google AdSense and Google AdMob, as well as measure advertising performance | Technical data, advertising identifiers, IP, browsing and usage data, cookies or similar technologies, depending on the service and applicable consent/configuration | Consent when legally required; legitimate interest or technical execution of the service for strictly necessary operations | According to the technical validity of identifiers, consent configuration, and policies of involved providers |
| Fulfill legal obligations, respond to authorities’ requirements, and defend possible claims | The necessary data in each case | Fulfillment of legal obligations and legitimate interest in the legal defense of the controller | During the legally required periods or as long as necessary for the formulation, exercise, or defense of claims |
5. User-uploaded content and public or private visibility
Clave de Mi allows users to upload files and content related to the use of the service.
Depending on the type of account or service plan, certain content may be visible to the community or kept private. Currently:
- in certain non-premium plans, uploaded content may be accessible to the community as part of the service operation;
- in premium plans, the user may have additional options to decide whether certain content is public or private.
Currently, public display of such content does not necessarily imply that personal identifying data of the user who uploaded it is shown. If optional features are enabled in the future to show the username of the author, this policy will be updated and appropriately communicated in the service interface.
If a user deletes their account or requests cancellation, content that had already been publicly shared may remain visible to the community when it forms part of the service operation, unless it must be removed for legal, technical reasons, or a specific request is deemed appropriate.
Content configured as private will not be publicly accessible. However, it may remain temporarily stored in internal systems, backups, or technical processes necessary for service continuity, security, information integrity, or compliance with legal obligations and claims.
When the user uploads content to Clave de Mi, they are responsible for having the necessary rights, permissions, or authorizations for it and for ensuring that such content does not infringe the rights of third parties.
6. Technical conversion of MIDI files and service operation
In certain cases, MIDI files sent by the user may be technically processed using a MuseScore instance hosted on Google Cloud solely for the purpose of converting them to MusicXML and returning the result to the service. According to the current configuration indicated by the responsible party, this instance is used for technical processing and not as permanent storage of the converted file.
7. Newsletter and commercial communications
If you subscribe to the newsletter or agree to receive communications, we may send you news, content, commercial notices, or information related to Clave de Mi.
These communications are managed through Mailchimp. You can unsubscribe at any time using the link included in each email or by writing to info@clavedemi.com.
8. Comments on the website
If you post comments on the website, we will process the necessary data to manage their publication, moderation, and security. The name or alias you provide in the comment may be publicly visible alongside the comment itself.
Additionally, the IP address and certain technical data from the browser or device may be processed for moderation, spam prevention, security, and abuse detection purposes.
9. Advertising, cookies, and similar technologies
Clave de Mi monetizes part of its services through Google AdSense on the website and Google AdMob on the mobile app. These services may process technical data, identifiers, cookies or similar technologies, and other information related to browsing or use of the service, according to consent settings and the policies of their respective providers.
On the website, consent management for cookies and similar technologies is conducted through the Google Privacy & Messaging tool and mechanisms available on the website itself.
You can find more information in the Cookie Policy and, if applicable, review your preferences from Cookie Settings.
10. Recipients, processors, and providers who may be involved in processing
Your data may be communicated to or accessible, to the extent necessary for service provision or to comply with legal obligations, to the following types of providers or recipients:
- Hostinger, as the hosting and web infrastructure provider.
- Google, in relation to services such as Google AdSense, Google AdMob, Google Privacy & Messaging, and Google Cloud in cases necessary for the indicated operation of the service.
- Stripe, as a payment processing provider.
- PayPal, as a payment processing provider.
- Mailchimp, as an email marketing and newsletter management provider.
- Public authorities, courts, tribunals, administrations, or other third parties when there is a legal obligation or it is necessary for the formulation, exercise, or defense of claims.
Additionally, certain embedded or linked third-party content may involve additional processing carried out by those third parties according to their own policies.
11. International data transfers
Some of the providers used by Clave de Mi may be located outside the European Economic Area or may perform access, processing, or international data transfers within the framework of their services.
When this occurs, such transfers will be carried out based on the mechanisms each provider has enabled according to applicable regulations, such as adequacy decisions, standard contractual clauses, or other valid legal instruments at any given time.
We recommend consulting the privacy policies or legal information of these providers for further information about their data processing and international transfers:
12. Data retention
We do not retain personal data longer than necessary for each purpose. Specific periods may vary depending on the type of relationship you maintain with Clave de Mi, the service used, the existence of legal retention obligations, and the need to address possible liabilities.
Generally speaking:
- contact and support data is retained as long as necessary to address the inquiry and for the subsequent time needed for possible liabilities;
- account and usage data is retained while the account remains active and, afterwards, for a reasonable time for security, service continuity, legal obligations, or claims;
- order, payment, subscription, and billing data is retained during the contractual relationship and for legally required periods;
- data processed on the basis of consent, such as newsletters, is retained until you withdraw such consent or request cancellation;
- public content shared by users may remain visible according to the service’s operation;
- technical logs, backups, and activity traces may be kept for the strictly necessary time for security, maintenance, fraud prevention, service continuity, and integrity.
13. Rights of the data subjects
You may exercise, where applicable, the following rights:
- access to your personal data;
- rectification of inaccurate or incomplete data;
- deletion of your data when appropriate;
- objection to processing in certain cases;
- restriction of processing;
- data portability when legally applicable;
- withdrawal of consent at any time, when processing is based on it.
To exercise your rights you can write to info@clavedemi.com. We may request reasonable additional information to verify your identity when necessary.
You also have the right to file a complaint with the Spanish Data Protection Agency if you consider that the processing of your data does not comply with applicable regulations.
14. Data accuracy
The user agrees to provide truthful, accurate, and updated data, and not to impersonate third parties or use others’ information without sufficient authorization.
15. Security measures
Clave de Mi adopts reasonable technical and organizational measures to protect personal data against loss, alteration, unauthorized access, improper disclosure, or abusive use, taking into account the nature of the data and the risks of processing.
However, no system connected to the Internet offers absolute security guarantees. If you detect any issues related to your data or account, you can write to info@clavedemi.com.
16. Changes to this policy
This privacy policy may be updated to reflect legal, technical, or service operation changes. When such modifications are relevant, the updated version will be published on this same page.
17. Contact
If you have questions about this privacy policy or the processing of your data, you can write to info@clavedemi.com or use the contact page: https://clavedemi.com/contacto/.