Privacy Policy

Magpie Standard ("we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data. We are the data controller for data collected directly. Societies are controllers for their member data.

We collect: - Account information (name, email, organisation) - Work metadata (titles, descriptions, not the works themselves) - ISCC fingerprints (cryptographic hashes only) - Transaction records - Usage analytics

We use your data to: - Provide and improve our services - Process licensing transactions - Generate certificates and reports - Communicate service updates - Comply with legal obligations

We share data with: - Your collecting society (for member data) - AI companies (for licence verification) - Service providers (hosting, payments) - Regulators (when legally required) We never sell your personal data.

Under UK GDPR, you have the right to: - Access your personal data - Rectify inaccurate data - Erase your data (subject to legal retention) - Restrict processing - Data portability - Object to processing - Withdraw consent

We retain data for: - Active accounts: Duration of account plus 2 years - Transaction records: 7 years (legal requirement) - ISCC fingerprints: Indefinitely (for verification)

We protect your data with: - Encryption (TLS 1.3 in transit, AES-256 at rest) - Access controls and authentication - Regular security audits - Incident response procedures

For privacy queries: Data Protection Officer Magpie Standard Email: privacy@magpiestandard.co.uk You also have the right to lodge a complaint with the ICO.