Privacy Policy – Crown Booth®: iconic British red telephone boxes into modern recording spaces — capture your voice, story, or message with studio-grade clarity.

Version 1.1
Effective date: 13 October 2025
Last updated: 13 October 2025

This Privacy Policy explains how Crown Booth Company (“Crown Booth”, “we”, “our”, or “us”) collects, uses, shares, and protects information when you visit crownbooth.co.uk (the “Site”), use our mobile or web applications, book or use a Crown Booth recording space, interact with our marketplace or content services (including any digital service provider functionality, the “DSP Services”), or otherwise communicate with us (collectively, the “Services”). It also describes your rights and choices.

Quick summary
We collect account details, usage data, and—if you record audio or video—content you create. We use this to deliver the Services, personalise your experience, keep things secure, and comply with law. We don’t sell your personal information. You have rights to access, delete, or object to certain processing. See the US State Privacy Notice and EEA/UK Rights sections for region‑specific rights.

1) Who we are & how to contact us

Data Controller: Crown Booth Ltd, a company registered in England and Wales. Company number: 16719138.
Registered address: 86–90 Paul Street, London, England, United Kingdom, EC2A 4NE.
Email: support@crownbooth.co.uk

Affiliates/Parent: Crown Booth Company (USA) may provide support services as our processor. For UK users, the controller is Crown Booth Ltd.

Commitment: We are committed to protecting your privacy and processing personal data lawfully, fairly, and transparently in accordance with UK GDPR and the Data Protection Act 2018.
EU Representative (for EU GDPR): [INSERT REPRESENTATIVE NAME & CONTACT] (if applicable).
Data Protection Officer (DPO): [INSERT DPO OR “Not required under GDPR”].

2) Scope

This Policy applies to information we process about:

Visitors to the Site and app users;
Customers and end users who book, enter, or use a Crown Booth recording space;
Marketplace participants (e.g., engineers, producers, vocalists) and buyers;
Artists and rights‑holders who use our DSP Services; and
People who contact us or engage with our social media or events.

This Policy does not apply to third‑party websites, services, or integrations that we do not control. Their privacy practices are governed by their own policies.

3) Information we collect

a) Information you provide

Account & profile: name, display name/alias, email, phone, country, billing details, marketing preferences, identity verification data (where required by law or marketplace rules), and any professional profile elements (skills, portfolio links, bios).
Bookings & access: booking history, booth location and session time, access codes, guest lists, and special access needs.
Recordings & creative content: audio/video captured in a Crown Booth session; file metadata (duration, format, sample rate); optional transcripts/lyrics; stems; edits; comments; project titles.
Marketplace & DSP: submissions, uploads, licensing preferences, credits/attribution data, payout details, tax information (where required), and distribution settings.
Support & communications: messages to our support team, feedback forms, surveys, or user research.
Promotions: contest entries, event RSVPs, referral details.

b) Information we collect automatically

Usage & device data: IP address, device IDs, browser/app version, OS, language, time zone, referrer/UTM, pages/screens viewed, clicks, session length, crash logs.
Location data: coarse location from IP; optional precise location if you enable it.
Cookies & similar technologies: see Cookies & similar technologies below.
Booth telemetry: booth ID, door state, fault/error codes, environmental sensors (e.g., temperature, humidity, noise level), and anonymised utilisation metrics.

c) Information from third parties

Payments: limited payment details and status from our payment processor (e.g., Stripe)—we do not store full card numbers.
Identity/verification & fraud prevention: from service providers and, if applicable, Know‑Your‑Customer (KYC) / anti‑money‑laundering (AML) partners.
Rights data: public performance rights, mechanical rights, ISRC/ISWC/UPC, and fingerprint or content‑ID matches from music tech partners (only if you opt into DSP Services).
Professional data: references and credentials you choose to share; ratings/reviews on the marketplace.

Special category/sensitive data. We do not seek to collect sensitive personal data. However, your recorded voice may be processed with AI‑powered tools (e.g., denoising, diarisation, or transcription). If local law treats voice as biometric data, we will process it only with your explicit consent and for clearly described purposes, or as otherwise permitted by law.

4) How we use information

We process personal information for the following purposes and legal bases (UK/EU legal bases in brackets):

Provide the Services: create and manage accounts, enable bookings and access, capture and store recordings, power collaboration tools, facilitate marketplace transactions, and deliver DSP Services ([contract]).
Processing & enhancement of recordings: rendering, mastering, transcription, noise reduction, and optional AI‑assisted features you activate ([contract / consent]).
Payments & payouts: process fees and subscriptions; calculate and remit marketplace payouts; tax reporting ([contract / legal obligation]).
Safety, security, and integrity: authenticate users; prevent fraud, spam, abuse, or unauthorised access; enforce terms and acceptable use ([legitimate interests / legal obligation]).
Analytics & product improvement: usage analytics, quality assurance, debugging, feature development ([legitimate interests / consent for cookies where required]).
Marketing & communications: send service messages and, if you opt in, marketing about new features or events ([legitimate interests / consent where required]).
Legal compliance: record‑keeping, responding to lawful requests, and compliance with IP and financial regulations ([legal obligation]).

Lawful basis quick map (UK/EEA)

Purpose	Examples	Legal basis
Provide the Services	accounts, bookings, booth access, recordings storage, collaboration	[contract]
Recording enhancement features you turn on	mastering, denoising, transcription, diarisation	[contract] / [consent]
Payments & payouts	Stripe payments, marketplace payouts, tax	[contract] / [legal obligation]
Safety & integrity	authentication, fraud, abuse prevention, security logging	[legitimate interests] / [legal obligation]
Analytics & product improvement	diagnostics, crash reports, feature usage (non‑essential cookies only with consent)	[legitimate interests] / [consent]
Marketing	product updates, events (where opt‑in required)	[legitimate interests] / [consent]
Legal compliance	regulatory reporting, rights‑holder queries	[legal obligation]

We conduct Legitimate Interests Assessments (LIAs) where required and balance our interests against your rights. You can object to processing based on [legitimate interests] at any time.

5) Sharing of information

We share information as follows:

Service providers/Processors: hosting and storage, communications, analytics, error monitoring, identity verification, content processing (e.g., transcription, mastering), payments, and professional services. These providers act under contract and cannot use your data for their own purposes.
Marketplace & collaboration: if you participate in the marketplace or invite collaborators, certain profile information, credits, and project metadata can be visible to others you work with.
DSP & distribution partners: if you opt into DSP Services, we will share the metadata and content you designate for distribution (e.g., track title, artist name, ISRC, artwork, territory rights) with distribution and rights‑management partners.
Legal, safety, and rights protection: to comply with law, respond to legal process, or protect our rights, users, or the public.
Business transfers: as part of a corporate transaction (e.g., merger, financing, acquisition) subject to appropriate safeguards.

We do not sell your personal information.

6) International data transfers

We operate globally and may transfer your information outside your country, including to the United States and the United Kingdom. Where required, we use appropriate safeguards such as Standard Contractual Clauses and UK Addendum/IDTA, and conduct transfer impact assessments. Copies of relevant safeguards are available on request.

7) Data retention

We retain personal information only as long as necessary for the purposes described, including to meet legal, accounting, or reporting requirements. Typical retention periods:

Account & booking records: while your account is active and up to 6 years after closure;
Recording content: per your project settings; you can delete content or request deletion; backups may persist for up to 90 days;
Marketplace/DSP records and payouts: as required by tax and financial regulations (often 7 years);
Security logs: typically up to 12 months unless needed for investigations.

8) Your rights

a) EEA/UK residents (GDPR/UK GDPR)

You may have the right to access, correct, delete, restrict, or object to processing; data portability; and to withdraw consent where we rely on consent. You may also lodge a complaint with your local data protection authority (e.g., the ICO in the UK). To exercise rights, email support@crownbooth.co.uk.

b) US residents — see US State Privacy Notice (Appendix A)

Residents of certain US states have additional rights, including to opt out of sales/sharing, targeted advertising, and profiling, and to appeal a rights request decision.

c) Global

Where local law provides additional rights, we will honour them.

8A) How to exercise your rights (process & timelines)

Submit request: email support@crownbooth.co.uk with the subject line “Privacy Request” and state your request type (access, deletion, correction, portability, objection, restriction, withdraw consent).
Verification: we may ask you to verify your email, booking details, or other reasonable identifiers. If acting as an authorised agent, provide proof of authority.
Timeline: we aim to respond within 1 month of receipt and verification (extendable by up to 2 further months for complex requests; we’ll notify you if so).
Appeals (US states): if you disagree with our decision, reply “Appeal” to the decision email. We’ll review and respond within 45 days (or as required by your state law).
Complaints (UK/EEA): you may complain to your local authority (UK ICO: ico.org.uk). We’d appreciate the chance to resolve issues first.

9) Cookies & similar technologies

We use cookies, SDKs, and similar technologies to operate the Site, remember preferences, secure accounts, analyse usage, and—if you consent—personalise content or measure marketing. You can manage preferences via our cookie banner or browser settings. Essential cookies cannot be disabled.

10) Children

The Services are not directed to children under 13 (or the age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion.

11) Recording spaces: signage, consent & bystanders

Clear signage: Crown Booth locations display notices that recording is in progress and may capture audio (and, where applicable, video for safety/operational monitoring).
Consent: The booking user is responsible for obtaining consent from all participants before recording. Where required, we may provide in‑booth consent prompts.
Bystanders: We design booths to minimise capture of bystanders. If incidental capture occurs, we will assess deletion requests case‑by‑case.

12) Security

We employ technical and organisational measures appropriate to the risk, including encryption in transit, segmented access controls, secrets management, security logging, and periodic audits. No system is perfectly secure; you are responsible for protecting your account credentials and keeping backups of your content.

12A) Data breaches & notifications

If we discover a personal‑data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users without undue delay, including the nature of the breach, likely consequences, and measures taken.

13) Third‑party links and integrations

Our Services may link to or integrate with third‑party tools (e.g., payment processors, analytics, collaboration, cloud storage). Your use of those features is subject to the third party’s terms and privacy practices.

14) Changes to this Policy

We may update this Policy from time to time. We will post the updated version and revise the “Last updated” date. For material changes, we will provide additional notice (e.g., email or in‑app notice). Your continued use of the Services after changes take effect constitutes acceptance.

15) Contact

Questions or requests? Email support@crownbooth.co.uk or write to us at the address above.

Appendix A — US State Privacy Notice (if we target those states)

This Appendix supplements the Privacy Policy for residents of states with comprehensive privacy laws (including California, Colorado, Connecticut, Utah, and Virginia). Terms have the meanings defined in the applicable law.

A1. Categories of personal information we collect

Identifiers: name, email, phone, user IDs, IP address.
Personal records: billing address, payment status, booking history.
Protected classifications: not sought; may be inferred only if you choose to share (e.g., artist name, pronouns).
Commercial information: purchases, subscriptions, marketplace transactions.
Internet/telemetry: device info, session data, cookies, booth telemetry.
Geolocation: coarse location from IP; precise location only if you allow it.
Audio/visual: recordings you create; optional safety video at locations (if applicable).
Inferences: preferences derived from usage (e.g., genres you work with).
Sensitive information: only with consent where required (e.g., voice data treated as biometric under local law); identity verification data for payouts/AML where legally required.

A2. Sources

From you, your devices and interactions, our service providers, partners you choose (e.g., distributors), and publicly available databases.

A3. Purposes of use

See How we use information above. We use and disclose personal information for business purposes, including to provide the Services, maintain security, debug, perform analytics, process payments, and comply with law.

A4. Disclosures for business purposes

We disclose the categories above to service providers for operational purposes described in the Policy. We do not sell personal information. We do not share personal information for cross‑context behavioural advertising unless you opt in via cookie preferences, in which case you may opt out at any time.

A5. Your rights

Depending on your state, you may have the right to: (i) confirm whether we process your personal information and access it; (ii) correct inaccuracies; (iii) delete it; (iv) obtain a portable copy; (v) opt out of sales, sharing (cross‑context behavioural advertising), targeted advertising, and profiling in furtherance of decisions producing legal or similar significant effects; and (vi) appeal a decision regarding your request. Submit requests at support@crownbooth.co.uk. If you opt out of targeted advertising, we will honour Global Privacy Control (GPC) signals where legally required.

A6. Sensitive personal information

We do not use or disclose sensitive personal information for purposes requiring an additional right to limit under California law.

A7. Non‑discrimination

We will not discriminate against you for exercising any of your privacy rights.

A8. Retention & metrics

We retain personal information as described in Data retention. Where applicable, annual request metrics will be posted here.

Appendix B — Region‑specific disclosures

UK & EEA: Crown Booth Ltd is the controller. Our UK/EU Representative will be identified here once appointed. For UK users, the ICO is your supervisory authority (ico.org.uk).
Switzerland & other regions: Additional local disclosures will be added as operations launch.

Appendix C — Cookie Notice (summary)

We use: (i) essential cookies for login, security, bookings; (ii) performance cookies for analytics; (iii) functional cookies to remember preferences; and (iv) advertising/measurement cookies only with consent. Manage settings via the cookie banner or your browser. A full cookie table will be published at: crownbooth.co.uk/cookies.

Appendix D — AI & automated processing disclosure

We use automated tools to: remove noise; identify speakers; detect clipping; generate transcripts; and, if you opt in, suggest edits or metadata. These tools support—not replace—human judgement. We do not make decisions producing legal or similarly significant effects solely by automated means without human review.

Appendix E — Law enforcement requests

We require valid legal process for disclosure, assess requests for scope and legality, and push back when appropriate. We may notify affected users unless prohibited by law or where there is risk of harm.

Appendix F — Subprocessors & cross‑border safeguards (summary)

We use vetted service providers to process data on our behalf under written contracts and data‑transfer safeguards (e.g., SCCs + UK Addendum/IDTA where applicable). We maintain a current list at crownbooth.co.uk/subprocessors (or will publish prior to launch). Typical categories include: cloud hosting, storage/CDN, analytics/telemetry, payments and payouts, communications, identity verification/KYC, error monitoring, and content processing (e.g., transcription, mastering). We will provide advance notice of material changes as required.

Appendix G — Privacy by Design, DPIAs & records

We apply privacy by design and by default: data minimisation, role‑based access, encryption in transit, secure key management, and environment hardening. We conduct Data Protection Impact Assessments (DPIAs) for high‑risk processing (e.g., booth‑based recording and AI features) and keep Article 30 processing records.