Back to REPORTwise

Privacy Policy

Last updated: April 2026

1. Data Controller

REPORTwise is a Matrix product of IDCIC, developed and operated by Industry Developer CIC Limited (Company No. 14468201), registered in England and Wales with its principal place of business in London, UK. We are the data controller for personal data processed through the REPORTwise platform as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Legal Basis for Processing

We process your personal data on the following lawful bases under Article 6 of the UK GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary for the performance of our contract with you when you create an account and use the Service.
  • Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate interests in improving the Service, ensuring security, and preventing fraud, where not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations to which we are subject.
  • Consent (Art. 6(1)(a)): Where we rely on consent, you may withdraw it at any time by contacting us.

3. Information We Collect

We may collect and process the following categories of data:

  • Account information: Name, email address, and hashed password when you register.
  • Catalogue data: Song metadata, royalty figures, and related information that you upload or enter into the Service.
  • Usage data: Information about how you interact with the Service, including pages visited, features used, and timestamps.
  • Technical data: IP address, browser type, operating system, and device information collected automatically.

4. How We Use Your Information

We process your data for the following purposes:

  • Providing, maintaining, and improving the Service.
  • Authenticating your identity and managing your account.
  • Processing your uploads and generating reports.
  • AI-assisted data extraction and analysis (using third-party AI providers).
  • Communicating with you about service updates or support.
  • Complying with legal obligations.
  • Protecting against fraud, abuse, and security threats.

5. AI Processing & Third-Party Sub-processors

When you use AI-assisted features (such as PDF extraction or the Reporting Assistant), portions of your uploaded data may be transmitted to third-party AI service providers (“sub-processors”) for processing. These sub-processors are bound by data processing agreements that ensure compliance with UK GDPR requirements, including appropriate technical and organisational security measures.

We maintain a record of sub-processors and ensure they provide sufficient guarantees regarding data protection. You may request details of our current sub-processors by contacting us.

6. International Data Transfers

Some of our sub-processors may be located outside the United Kingdom. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO) or transfers to countries with an adequacy decision, in accordance with Articles 46–49 of the UK GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Account data: Retained while your account is active and for a reasonable period thereafter for legal compliance.
  • Catalogue and import data: Retained until you delete them or request their removal.
  • Audit logs: Retained for a minimum of 6 years to comply with applicable record-keeping requirements.
  • Technical/usage data: Retained for up to 12 months from collection.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in compliance with Article 32 of the UK GDPR. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training. However, no method of transmission over the internet or electronic storage is 100% secure.

9. Your Rights Under UK GDPR

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of access (Art. 15): Obtain confirmation of whether we process your data and request a copy.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
  • Right to restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal effects.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details below. We will respond within one month of receiving your request, as required by law.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay (Article 34).

11. Cookies & Tracking

The Service uses essential cookies for authentication and session management. These are strictly necessary for the operation of the platform and do not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR). We do not use third-party advertising or tracking cookies.

12. Complaints

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Website: ico.org.uk

Helpline: 0303 123 1113

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page with an updated “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact & Data Protection Enquiries

For privacy-related enquiries, data protection requests, or to exercise your rights under UK GDPR, please contact:

Industry Developer CIC Limited

Company No. 14468201 | London, UK

Email: [email protected]

© 2026 Industry Developer CIC Limited. All rights reserved.