- Who We Are
- What Data We Collect
- How We Collect Your Data
- Why We Collect Your Data — Legal Basis
- LSPS™ Verification and Lyric Content
- How We Share Your Data
- Data Retention
- Security
- Your Privacy Rights
- California Residents — CCPA/CPRA
- Cookies and Tracking
- Children's Privacy
- International Data Transfers
- Changes to This Policy
- Contact Us and Data Requests
1. Who We Are
This Privacy Policy describes how Pro Distributor LLC ("Company," "we," "us," or "our"), operating as LyricStamp at lyricstamp.com, collects, uses, stores, and shares personal information when you use our lyric timestamping and originality verification service ("Service").
LyricStamp.com may collect your personal information and data for the purpose of processing and certifying lyrics or songs and may maintain a database of such for payment and history of use. These privacy obligations are governed by the laws of the State of Florida, United States, as the default jurisdiction. Pro Distributor LLC reserves the right to modify the governing jurisdiction of these privacy obligations by written addendum and privacy policy notification updates.
If you have any questions about this Privacy Policy or our data practices, please contact us at stamps@lyricstamp.com.
2. What Data We Collect
We collect the following categories of personal information:
| Category | Specific Data | Purpose |
|---|---|---|
| Account Information | Full name, email address, password (bcrypt hashed — never stored in plain text), account type | Account creation and authentication |
| Payment Information | Payment confirmation, transaction ID, amount, timestamp. We do NOT store full card numbers, CVV, or raw payment data — all card processing is handled by Square, Inc. | Billing and payment verification |
| Lyric Content | Song lyrics submitted for stamping, stored encrypted using AES-256-GCM encryption. Song title, artist name, ISRC, ISWC where provided. | Generating LyricStamp Certificates and LSPS™ verification |
| Stamp Records | Stamp ID, SHA-256 hash of lyrics, submission timestamp, certificate email address, conflict flag status | Certificate issuance and public verification |
| Technical Data | IP address at registration and last login, session tokens, API keys, browser type inferred from server logs | Security, abuse prevention, and authentication |
| Communications | Support ticket content, email address, category, submission timestamp | Customer support |
| Usage Data | Stamp counts, account status, subscription type, block purchase dates | Service delivery and billing |
LyricStamp does not store, log, or have access to your full credit card number, expiration date, or CVV at any point. All payment card processing is handled exclusively by Square, Inc. under PCI DSS compliance standards. We receive only a payment confirmation token and transaction ID.
3. How We Collect Your Data
We collect personal information through the following means:
- Registration forms — when you create an account on LyricStamp;
- Stamp submission forms — when you submit lyrics for stamping, either individually, via bulk CSV upload, or through the API;
- Payment processing — when you complete a payment through Square's card entry interface embedded on our site;
- Server logs — IP addresses and request metadata are recorded automatically by our servers for security and abuse prevention purposes;
- Support tickets — when you contact us through the support ticket system in your dashboard;
- API usage — when publisher accounts submit stamps programmatically via the LyricStamp API.
We do not collect data from third-party data brokers, advertising networks, or social media platforms. We do not use tracking pixels or behavioral advertising technology.
4. Why We Collect Your Data — Legal Basis
We process your personal data on the following legal bases:
- Contractual necessity. The majority of data processing is necessary to deliver the Service you have contracted for — including account management, stamp issuance, certificate delivery, and billing.
- Legitimate interests. We process IP addresses and technical data to protect the security of our platform, prevent abuse, detect fraudulent submissions, and maintain service integrity. These legitimate interests do not override your fundamental privacy rights.
- Legal compliance. We may retain certain data to comply with applicable laws, respond to lawful legal process, or enforce our Terms of Service.
- Consent. Where we rely on consent for any processing activity, you have the right to withdraw that consent at any time by contacting us at stamps@lyricstamp.com.
5. LSPS™ Verification and Lyric Content
Your submitted lyrics are your intellectual property. LyricStamp does not claim ownership of your lyrics. We process them only to provide the Service.
When you submit lyrics for stamping, the following processing occurs:
- LSPS™ verification. Your submitted lyrics are evaluated by our proprietary LyricStamp Plagiarism Screening (LSPS™) system prior to stamp issuance. This involves structured comparison against internal and third-party data sources as described in our Terms of Service Section 4. For the purposes of this LSPS™ verification, lyric content may be transmitted to third-party API services subject to their respective data handling terms.
- Cryptographic hashing. A SHA-256 cryptographic hash of your lyrics is computed and stored. This hash is a one-way mathematical fingerprint — it cannot be reversed to reconstruct your original lyrics.
- Encrypted storage. Your raw lyric text is encrypted using AES-256-GCM encryption before storage. The encryption key is stored separately in our server environment variables and is never logged or exposed.
- Vault access. Encrypted lyric content is accessible only through the LyricStamp administrative vault, which requires a separate admin session token. Vault access is restricted to dispute resolution purposes only.
- Public record. The Stamp ID, SHA-256 hash, submission timestamp, song title, and artist name associated with each stamp are stored in a publicly verifiable record accessible at lyricstamp.com/verify. Your raw lyrics are never publicly disclosed.
Third-party processing. LSPS™ verification utilizes proprietary third-party services accessed by Pro Distributor LLC. When lyrics are submitted for LSPS™ verification, lyric content is transmitted to these services solely for the purpose of originality screening. The identity of these services constitutes proprietary operational information of Pro Distributor LLC and is not disclosed. We do not authorize any third-party service used in LSPS™ verification to retain, train on, or commercially exploit submitted lyric content beyond the scope of the verification request.
6. How We Share Your Data
We do not sell your personal information. We do not share your personal information with advertising networks. We share data only in the following limited circumstances:
| Recipient | Data Shared | Purpose | Location |
|---|---|---|---|
| Square, Inc. | Email address, payment card data (entered directly into Square's secure form — we do not transmit raw card data) | Payment processing | United States |
| LSPS™ Verification Services | Submitted lyric content | LSPS™ verification of submitted lyrics | United States |
| Legal authorities | As required by law | Response to valid legal process, court orders, or regulatory requests | As applicable |
We require all third-party service providers to process your data only for the purposes we specify and in accordance with applicable data protection laws. We do not permit them to use your data for their own marketing or commercial purposes.
7. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 3 years after deletion | Legal compliance and dispute resolution |
| Stamp records and certificates | Indefinitely | Stamps are permanent public records — deletion would undermine the integrity of the timestamping service |
| Encrypted lyric content (vault) | Indefinitely while account is active; 7 years after account deletion | Dispute resolution and legal hold |
| Payment records | 7 years | Financial and tax compliance |
| IP address logs | 90 days | Security and abuse prevention |
| Session tokens | 8 hours from creation (auto-expiry) | Authentication security |
| Support tickets | 3 years | Customer service records |
| Password reset tokens | 1 hour from creation (auto-expiry) | Security |
Upon account deletion request, we will delete or anonymize your personal account information within 30 days, subject to the retention requirements noted above. Note that issued LyricStamp Certificates and their associated public records (Stamp ID, hash, timestamp, title, artist) are permanent records and cannot be deleted, as deletion would undermine the integrity and verifiability of the timestamping service.
8. Security
We implement the following technical and organizational security measures to protect your personal information:
- Lyric encryption. All submitted lyric content is encrypted at rest using AES-256-GCM encryption. Encryption keys are stored in server environment variables, not in the database.
- Password security. Passwords are hashed using bcrypt with a cost factor of 12 before storage. Plain text passwords are never stored or logged.
- Session security. Session tokens are 32-byte cryptographically random hex strings with an 8-hour expiry. Sessions are stored server-side and invalidated on logout.
- Transport security. All data transmitted between your browser and our servers is encrypted via TLS (HTTPS).
- API key security. Publisher API keys are UUID-format tokens stored in the database. We recommend users treat API keys as passwords and never expose them in client-side code.
- Access controls. Administrative functions require a separate admin session with a distinct authentication flow. Admin sessions are stored under a separate user ID and validated on every request.
- Infrastructure. Our servers are hosted on enterprise-grade cloud infrastructure in the United States with network-level access controls.
While we employ commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.
9. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Right of access. You may request a copy of the personal information we hold about you.
- Right to rectification. You may request correction of inaccurate or incomplete personal information.
- Right to erasure. You may request deletion of your personal information, subject to our legal retention obligations and the permanent nature of issued stamp records.
- Right to restriction. You may request that we restrict processing of your personal information in certain circumstances.
- Right to data portability. You may request a machine-readable copy of personal information you have provided to us.
- Right to object. You may object to processing based on legitimate interests.
- Right to withdraw consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please submit a written request to stamps@lyricstamp.com with the subject line "Privacy Rights Request." We will respond within 30 days. We may require identity verification before processing your request.
10. California Residents — CCPA/CPRA
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know. You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct. You have the right to request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing. We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is required.
- Right to Limit Use of Sensitive Personal Information. We do not use sensitive personal information for purposes beyond those necessary to provide the Service.
- Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
Categories of personal information collected in the past 12 months: identifiers (name, email, IP address); commercial information (payment records, subscription type); internet or electronic network activity information (session tokens, API usage); and the contents of communications (support tickets, submitted lyric content).
Categories of personal information disclosed for a business purpose: identifiers and commercial information shared with Square, Inc. for payment processing; lyric content shared with proprietary third-party services for LSPS™ verification; all categories shared with our cloud hosting infrastructure provider.
To submit a CCPA rights request, contact us at stamps@lyricstamp.com with subject line "CCPA Request" or by writing to Pro Distributor LLC, stamps@lyricstamp.com. We will respond within 45 days as required by law.
11. Cookies and Tracking
LyricStamp uses minimal browser storage for functional purposes only:
- sessionStorage. We use browser sessionStorage to store your authentication token, account type, and display name during your active session. This data is cleared automatically when you close your browser tab or sign out. We do not use localStorage for persistent tracking.
- No advertising cookies. We do not use advertising cookies, tracking pixels, or behavioral analytics tools. We do not participate in cross-site tracking or retargeting advertising.
- No third-party analytics. We do not use Google Analytics, Mixpanel, or similar third-party analytics services that track individual user behavior.
- Google Fonts. Our pages load fonts from Google Fonts (fonts.googleapis.com), which may result in Google receiving your IP address as part of the font request. This is a standard web technology practice. You can review Google's privacy policy at policies.google.com/privacy.
- Square Web SDK. Payment pages load Square's Web Payments SDK from sandbox.web.squarecdn.com (sandbox) or web.squarecdn.com (production). Square may set cookies for fraud prevention and payment security. These are functional, not advertising cookies.
12. Children's Privacy
LyricStamp is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.
Users between the ages of 13 and 17 may only use LyricStamp with verifiable parental or legal guardian consent, as described in our Terms of Service. If you believe we have inadvertently collected information from a minor, please contact us at stamps@lyricstamp.com.
13. International Data Transfers
LyricStamp is operated from the United States. Our servers are located on enterprise-grade cloud infrastructure within the United States. All personal data is stored and processed within the United States.
If you are accessing LyricStamp from outside the United States, including from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, please be aware that your personal information will be transferred to, stored, and processed in the United States. The United States may not provide the same level of data protection as your home jurisdiction.
By using LyricStamp, you consent to the transfer of your personal information to the United States. If you do not consent to this transfer, please do not use the Service. We apply the same security standards and privacy protections described in this policy to all data regardless of origin.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the Service. We will notify you of material changes by posting the revised policy at lyricstamp.com/privacy.html with an updated effective date and, for registered users, by sending an email notification to the address associated with your account at least fourteen (14) days prior to the effective date of material changes.
Your continued use of the Service following the effective date of any update constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.
15. Contact Us and Data Requests
For any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
Pro Distributor LLC
Operating as: LyricStamp
Email: stamps@lyricstamp.com
Subject line for privacy requests: "Privacy Rights Request" or "CCPA Request"
Website: lyricstamp.com
We will acknowledge receipt of your request within 5 business days and respond fully within 30 days (45 days for CCPA requests). This Privacy Policy was last updated on April 8, 2026.