1. Who we are
Over Seas Rights & Royalties ("OSRR", "we", "us") is the controller of personal data processed through this website. Contact: registry@osrr.org · (310) 905-7115 · 1624 S. Hope St. STE 301, Los Angeles, CA 90015, United States.
2. Data we collect
Account data: name, email, hashed password, country, role (composer/songwriter/etc.), bio, genres, avatar URL.
Networking data: connection requests and saved/favourite agencies you bookmark.
Payment data: when you purchase Complete Access we receive from Stripe a session ID, the amount, currency, and payment status. We do NOT receive or store your full card number, CVV, or expiry — those remain with Stripe.
Usage data: standard server logs (IP address, user-agent, timestamp, requested URL) used for security and analytics.
Translation Hub data: text you submit to the Translation Hub is sent to Anthropic (Claude) via Emergent integrations for the sole purpose of returning a translation; we do not retain the input or output beyond the lifetime of the request.
3. How we use your data
To provide and operate the service (account, login, directory, networking, translation).
To process your $2 Complete-Access purchase through Stripe.
To respond to support requests sent to registry@osrr.org.
To monitor, secure, and improve the service.
4. Legal bases (GDPR / EEA users)
Performance of a contract: account creation, paywall purchase, directory access.
Legitimate interest: security logging, fraud prevention, product analytics.
Consent: optional features such as translation submissions, marketing emails (if any).
Legal obligation: tax/accounting retention of payment records.
5. Sharing & sub-processors
We share data only with sub-processors that help us operate the service:
• Stripe Inc. — payment processing (USA).
• MongoDB Atlas / Emergent infrastructure — database & hosting.
• Anthropic (Claude) via Emergent — Translation Hub processing only when you submit text.
• Clearbit Logo API — automatically derives agency logos from public domain names.
We do not sell your personal data to anyone.
6. Cookies & local storage
We use a single httpOnly authentication cookie to keep you signed in. We also use local storage for UI preferences (language selector, search history within the session). We do not use third-party advertising cookies.
7. International data transfers
Our servers and sub-processors are located primarily in the United States. By using the service from outside the U.S., you consent to the transfer of your data to the U.S. and other countries that may not provide the same level of protection as your home jurisdiction.
8. Data retention
Account data: kept while your account is active and for up to 24 months after closure for legal/accounting purposes.
Payment records: retained for the minimum period required by law (typically 7 years in the U.S.).
Translation Hub submissions: not retained.
9. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to processing or withdraw consent. Submit any request to registry@osrr.org and we will respond within 30 days.
California residents (CCPA/CPRA): you may request the categories of personal information collected, and request deletion. We do not sell personal information.
EEA/UK residents (GDPR): you may lodge a complaint with your local data-protection authority.
10. Security
Passwords are hashed with bcrypt; sessions use httpOnly cookies served over HTTPS. We take reasonable technical and organisational measures, but no internet service is 100% secure.
11. Children
OSRR is not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, contact registry@osrr.org and we will delete it.
12. Changes
We may update this Privacy Policy. Material changes will be announced on the site, and the effective date below will be updated.
