Privacy Policy
Last updated: 06/06/2026
1. Data Controller
BusinessBeats.ai is a service of:
- Printasy BV
- Address: Bulmolenweg 12, 8720 Dentergem, Belgium
- Company number: 0848.299.642
- VAT number: BE 0848.299.642
- Email: [email protected]
Printasy BV is the data controller in the sense of the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).
2. What personal data do we collect?
We collect and process the following categories of personal data:
2.1 Via the quote request form
- First name and last name
- Email address
- Company name, VAT number, and address details
- Project preferences (requested service, music style, inspiration sources)
2.2 Via the customer portal
- Email address (used for OTP authentication)
- Project-related communication and feedback
2.3 Automatically collected data & Voting data
- IP address and browser type (log files)
- Session data (functional cookies)
- For the WK Song Battle voting security: a unique, anonymous device ID (UUID) stored in a cookie (`bb_voter_id`) and a cryptographic hash of your IP address and user-agent string (no raw IP addresses are stored in public vote logs).
3. Purposes and legal grounds
We process your personal data for the following purposes:
| Purpose | Legal ground (Art. 6 GDPR) |
|---|---|
| Handling quote requests | Pre-contractual measures (Art. 6.1.b) |
| Project execution and delivery of music | Performance of contract (Art. 6.1.b) |
| Invoicing and accounting | Legal obligation (Art. 6.1.c) |
| Customer portal authentication (OTP) | Performance of contract (Art. 6.1.b) |
| Security, fraud prevention, and vote limits | Legitimate interest (Art. 6.1.f) |
4. Retention periods
- Customer data & project files: during the term of the agreement + 10 years (legal retention period for accounting documents under Belgian law).
- Quote requests without follow-up: maximum 2 years after request.
- Log files and session data: maximum 6 months.
- WK Song Battle vote logs (IP hash): maximum 24 hours (then automatically anonymized/deleted; the anonymous voter UUID remains stored for up to 5 years to ensure the integrity of the voting).
5. Sharing with third parties
We share your personal data exclusively with the following processors, with whom processing agreements have been concluded:
- Resend – email delivery (OTP codes, notifications)
- OpenAI / Google Gemini – AI lyric and style generation (no personal data in prompts)
- AI Music Generation APIs – music generation (no personal data)
- Hosting provider – server infrastructure within the EU/EEA
We never sell your data to third parties and do not use it for direct marketing unless you have given explicit consent.
6. Transfers outside the EEA
Some of our processors (OpenAI, AI partners) are located in the United States. The transfer occurs based on:
- The EU-US Data Privacy Framework (adequacy decision), or
- Standard Contractual Clauses (SCCs) approved by the European Commission.
No customer personal data is directly processed in AI prompts.
7. Cookies
BusinessBeats.ai uses only strictly necessary and functional cookies for:
- Session management and authentication
- CSRF protection
- Language preferences
- WK Song Battle vote limits: storage of the anonymous `bb_voter_id` cookie (valid for 5 years) to enforce your vote limit per browser.
We do not use tracking, analytical, or advertising cookies. Therefore, a cookie consent banner is not legally required in accordance with the Belgian implementation of the ePrivacy directive.
8. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access (Art. 15) – You can request what data we store.
- Right to rectification (Art. 16) – You can have incorrect data corrected.
- Right to erasure (Art. 17) – You can request to delete your data, as far as no legal retention period applies.
- Right to restriction (Art. 18) – You can request to temporarily suspend processing.
- Right to data portability (Art. 20) – You can receive your data in a machine-readable format.
- Right to object (Art. 21) – You can object to processing based on legitimate interest.
To exercise your rights, please send an email to [email protected] with a copy of your identity document. We will respond within 30 days.
9. Security
We take appropriate technical and organizational measures to protect your personal data, including:
- Encryption of all data traffic via HTTPS/TLS
- Passwordless authentication via one-time codes (OTP)
- Restricted access to personal data on a need-to-know basis
- Regular backups and security updates
10. Complaints
If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the Data Protection Authority (GBA):
- Drukpersstraat 35, 1000 Brussels, Belgium
- Tel: +32 (0)2 274 48 00
- Email: [email protected]
- Website: www.dataprotectionauthority.be
11. Changes
We reserve the right to modify this privacy policy. Substantial changes will be communicated via the website. We recommend consulting this policy regularly.