Privacy Policy
Last updated: 15 June 2026
This Privacy Policy describes how musicbiog ("we", "us") collects, uses, and shares
information about you when you use the musicbiog service at
musicbiog.co.uk (the "Service"). Your use of the
Service is also governed by our Terms of Service.
Who we are
The Service is operated by Colson Technologies Ltd, registered in England and Wales.
For data-protection purposes, Colson Technologies Ltd is the data controller.
Contact: [email protected].
Information we collect
- Account information. When you sign in via Microsoft, Google, or another
supported identity provider, we receive a unique identifier and your email address
from that provider. We do not receive or store your password.
- Library content. Albums, artists, concerts, ratings, comments,
purchase data, and concert photos that you choose to add to your library are stored
on our servers so the Service can show them back to you and, where you choose, so they
can be included in a share card you create (see Share cards below).
- Usage and technical data. Standard server logs (IP address, browser
type, request paths, timestamps) and basic application telemetry used for diagnostics
and security monitoring.
How we use your information
- To provide and maintain the Service.
- To authenticate you and keep your account secure.
- To enrich your library with metadata from third-party music databases.
- To diagnose problems and protect the Service from abuse.
- To communicate with you about your account when necessary.
- To generate, host, and display share cards that you choose to create and share.
Third parties
The Service uses the following third-party providers. Each operates under its own privacy policy.
- Microsoft Azure (UK South) — application hosting and database storage.
- Microsoft Entra External ID — authentication.
- Google — optional sign-in, when you choose Google as your identity provider.
- Cloudflare — DNS, content delivery, and DDoS protection.
- Discogs, MusicBrainz, Apple Music — public music metadata
lookups. Queries to these services may include album, artist, or concert
identifiers but do not include personally identifiable information about you.
- Geoapify — venue search and location data (derived from
OpenStreetMap). Venue-name and location queries are sent to Geoapify; these do
not include personally identifiable information about you.
- Wikidata and Wikimedia Commons — public artist and venue
metadata and images. Queries include artist or venue identifiers but no
personally identifiable information about you.
- Google Maps — map display. Map tiles are loaded directly by your
browser from Google, so Google may receive your IP address and the map area you
view, under Google's own privacy policy. We do not send Google any information
identifying you or your library.
- Stripe — payment processing, subscription billing, and VAT handling
(via Stripe Tax). Your payment details are collected and stored directly by Stripe
under their own privacy policy
(stripe.com/privacy). We receive a customer
reference, subscription status, invoice metadata, and tax-related amounts, but not
full payment card details.
We do not sell your personal data. We do not share your library content with advertisers
or data brokers.
Share cards
The Service lets you create "share cards": images summarising your activity that you can
publish through a unique link and share with others. This happens only when you choose to
create and share a card.
-
A share card may include a photograph you uploaded and a summary of your activity (such
as a concert, venue, or artist). When you share a card, it is published at a unique link
and can be viewed by anyone who has that link.
-
When you share a card to a third-party platform, or post its link anywhere public, the
card and the information it contains are transmitted to and may be cached by that
platform, by anyone who receives the link, and by search engines. These copies are
outside our control and may persist even after you delete the original.
-
If you delete an image or the underlying record, we stop using it when generating new
share cards. We cannot retract copies already distributed or cached elsewhere.
-
Because sharing is initiated by you, you control whether any card is made public. Do not
share cards containing anything you are not willing to make public.
Cookies
The Service uses cookies that are strictly necessary to keep you signed in and to protect
against cross-site request forgery. We do not use advertising or tracking cookies.
Data location and transfers
Your data is stored in Microsoft Azure data centres in the United Kingdom. Some metadata
lookups may involve queries to third-party services hosted outside the UK. Where data is
transferred outside the UK or EEA, it is protected by appropriate safeguards under
UK GDPR.
Retention
We retain your account information and library content for as long as your account is
active. If you delete your account, we will delete or anonymise your personal data within
a reasonable period, subject to legal retention requirements. Server logs are retained
for up to 90 days.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Request a copy of your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, email
[email protected].
You also have the right to lodge a complaint with the UK Information Commissioner's
Office (ico.org.uk) if you believe we have not handled
your data properly.
Children
The Service is not directed at children under 18 and we do not knowingly collect personal
data from children under that age. If you believe a child has signed up, please contact
us and we will remove the account.
Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top
of this page indicates when it was last revised. Material changes will be communicated
via the Service or by email.
Contact
Questions about this Privacy Policy:
[email protected].