Skip to main content

Privacy Policy

Last updated: 2026-05-07. Plain-English summary of what data ArrangementLabs.ai collects and why.

1. Controller

The data controller for arrangementlabs.ai is ArrangementLabs.ai, registered office: [Controller registered office: TBD] .

2. Data we collect on public pages

On the landing page, login, register, and this Privacy page, we use Plausible Analytics (operated by Plausible Insights OU, Estonia, EU) to count anonymous page views and a single event (waitlist sign-up). Plausible is cookieless: it does not set any cookie, does not track you across sites, and does not collect personal data. The IP address is hashed in-memory and discarded after one day; only an aggregate page-view counter remains.

3. Data we collect when you are signed in

Once you sign in to the app, we use PostHog (operated by PostHog Inc., hosted in the European Union, Frankfurt) to record product-usage events that help us improve the arrangement workflow: when you select a preset, start an arrangement, and whether it completed or failed. Each event is bound to your Firebase user ID (a random string) and your email address. Legal basis: DSGVO art. 6.1.b (performance of a contract — improving the service you signed up for) and art. 6.1.f (legitimate interest in product improvement). Session replay is disabled. The browser Do Not Track signal is honoured.

4. Cookies

The public pages set zero cookies. Inside the signed-in app, PostHog stores a single functional cookie (its persistence default, used to remember your distinct ID across page reloads) and your browser stores a sidebar-state preference. We do not set advertising, tracking, or marketing cookies anywhere on the site.

5. Your rights

Under the General Data Protection Regulation (DSGVO art. 15-22) you have the right to access, rectify, erase, restrict processing of, and port your data, as well as to object to processing and to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at the address in section 8 below.

6. Data retention

Generated arrangement files (MIDI, MusicXML, PDF) are stored for 3 days then automatically deleted from object storage. Account data (email, Firebase user ID) is retained for the duration of your account; on account deletion request, all account data is removed within 30 days. Plausible aggregates have no retention limit (page-view counters only). PostHog product events are retained for 12 months for trend analysis, then deleted.

7. Sub-processors

We share data with the following processors to deliver the service:

  • Google Cloud Platform (Frankfurt region, EU) — application hosting, database, file storage
  • Firebase (Google Ireland Ltd) — authentication
  • Brevo (formerly Sendinblue, Paris, EU) — transactional email
  • Plausible Insights OU (Estonia, EU) — anonymous web analytics on public pages
  • PostHog Inc. (data processed in EU, Frankfurt region) — product analytics for signed-in users

8. Contact

For data-protection enquiries, contact our Data Protection Officer at [DPO contact: TBD] . For all other questions, write to hello@arrangementlabs.ai .