Mspire Data Privacy Policy

Effective Date: February 08, 2026

Controller and Contact

At Mspire Technology, we are committed to protect your privacy and ensure the security of your personal data. This Data Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

By using our services, you agree to the practices outlined in this policy. If you have any questions about this policy or our practices, please contact us at [email protected]

1. Introduction

We value your trust and make our best efforts to protect your personal data. This policy applies to all users of our website, apps, and services (collectively referred to as "Mspire Services").

We comply with the GDPR, which governs the processing of personal data in the European Union (EU).

2. Types of personal data we collect

We collect different types of personal data depending on how you interact with us.

Where we get your data: We collect personal data (i) directly from you (e.g., account details, email provided for beta and/or marketing), and (ii) from third parties you connect, such as Spotify (track, artist, album metadata, IDs/URLs) when you authorise that connection.

Data Requested from the User

Data from Spotify (via API)

User Interactions and Usage Data

Technical & Device Data

Location & Sensor Data

3. How we use your personal data

Mspire uses your personal data solely to operate and enhance our services, while respecting your privacy and complying with legal obligations.

3.1 To provide and maintain the Mspire Service

• Authenticate your identity and manage your account.
• Deliver personalized music-related experiences.
• Enable essential features such as playlist generation and activity tracking.

3.2 To improve and develop the platform

• Understand user behavior and preferences.
• Optimize our app's performance and usability.
• Enhance and develop new features.

3.3 To communicate with you

• Provide service-related updates.
• Respond to your inquiries or support requests.
• Send optional marketing communications, only with your explicit consent.

3.4 To fulfill legal and regulatory obligations

• Comply with applicable laws and regulations.
• Cooperate with authorities in case of legal inquiries.
• Enforce our Terms and Conditions of Use.

3.5 To ensure security and prevent misuse

• Detect and prevent fraud, abuse, or unauthorized access.
• Monitor and improve platform integrity and safety.
• Investigate breaches of our terms or violations of law.

3.6 To manage beta sign-ups and participation

We process your email and minimal account details to administer the beta. You can opt out of non-essential beta updates at any time.

Direct marketing by email (only if you allow it)

We send optional marketing emails with your consent (you can withdraw at any time via the unsubscribe link) or under the ePrivacy "soft opt‑in" where permitted by law.

Automated decision‑making

We do not use automated decision‑making (including profiling) that produces legal effects or similarly significant impacts about you.

4. Legal basis for processing personal data

4.1. Consent

We process your data based on your explicit consent when you opt in to receive marketing communications or personalized recommendations. You may withdraw your consent at any time.

4.2. Contractual necessity

We process personal data to fulfill our contractual obligations to you, including providing access to the Mspire service, authenticating your identity, and managing beta programme participation.

4.3. Legal obligation

In certain cases, we may process your personal data to comply with legal requirements, such as responding to lawful requests from public authorities.

4.4. Legitimate interests

We may process your data when necessary for our legitimate business interests (maintaining platform security, preventing fraud, improving services), provided those interests are not overridden by your rights and freedoms.

Note: Some data is necessary to use the Services (e.g., account email for signup). If you do not provide required data, we may be unable to provide the related Service feature.

5. Data Storage

We retain your personal data only for as long as necessary to provide our services and fulfill essential operational and legal purposes.

We do not sell or rent your personal data. We send marketing emails only with your consent and every message includes an easy unsubscribe option.

5.1. Categories of Data Retention

Data you can delete: You may request deletion of certain personal data at any time.

Data retained until account deletion: Most personal data is retained until you delete your Mspire account.

Data retained for limited purposes: Even after account deletion, we may retain some data to comply with legal obligations, investigate violations, or ensure user safety.

Retention periods:

• Account data: deleted within 30 days after deletion request unless law requires longer retention.
• Beta sign-up list: for beta duration and 6 months after closure.
• Marketing consent logs: up to 24 months after your last marketing interaction.

6. Sharing your personal data

We do not sell or rent your personal data. We only share your data with third parties essential to delivering the Mspire service.

6.1. Service Providers

We work with trusted third-party vendors for hosting, analytics, integrations, and customer support.

6.2. Legal Requirements

We may disclose your personal data if required by law or in response to valid legal requests.

6.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the involved parties.

7. International data transfers

Your personal data may be transferred to and processed by third-party providers located outside the EEA. We use Standard Contractual Clauses (SCCs) and conduct transfer risk assessments to ensure your data remains protected.

8. Your rights under GDPR

Right to Access: Request access to or a copy of your personal data.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your personal data.

Right to Restriction: Request limitation of processing.

Right to Data Portability: Request transfer of your data to another service provider.

Right to Object: Object to processing for direct marketing or based on legitimate interests.

Right to Withdraw Consent: Withdraw consent at any time.

Right to Information: Get information about the personal data we process.

Right not to be subject to automated decision-making: Not be subject to decisions based solely on automated processing.

How to exercise your rights

Contact us at [email protected]. You can also file a complaint with the Swedish Authority for Privacy Protection (IMY): [email protected], +46 8 657 61 00, Box 8114, 104 20 Stockholm.

9. Protection of Your Personal Data

We implement technical and organizational security measures including encryption, pseudonymization, and access controls.

To keep your account secure:

• Use a strong, unique password.
• Never share your login credentials.
• Log out when using shared devices.
• Regularly review connected apps.

While we take every precaution, no system is completely immune to breaches. If you suspect unauthorized access, contact us immediately.

10. Children's privacy

Children below the applicable digital age of consent may only use the Services with parental consent. We do not knowingly collect personal data from such children. Parents or guardians who believe a child has provided us with personal data may contact us at [email protected].

11. Changes to this privacy policy

We may update this Privacy Policy from time to time. We will notify you of any changes with an appropriate notice on the Mspire Service or via email.

12. Contact us