Privacy policy

1. Introduction

Welcome to Memory in Sound. Memory in Sound is operated by Brocode Group Lda, a company registered in Portugal under NIPC/VAT PT516430106, whose registered office is:

TERINOV – Parque de Ciência e Tecnologia da Ilha Terceira, Praceta da Ilha Terceira, 9700-702 Terra Chã, Angra do Heroísmo, Azores, Portugal.

We respect your personal data and are committed to protecting it. This Privacy Policy explains how we collect, use, share, transmit, store and otherwise process personal information when you use our services (the “Services”) on our website and via our store. We also explain your rights and how you can exercise them.

By using our Services, you accept this policy. If you do not agree with any part of it, please do not use our Services.

2. Data Controller

The data controller for your personal information collected via our Services is:

Brocode Group Lda

Email: info@memoryinsound.com

Address: (see above)

VAT/NIPC: PT516430106

If you have any questions about this Privacy Policy, or wish to exercise your rights in relation to your personal data, you may contact us at the above email.

3. What Personal Data We Collect

We may collect the following categories of personal data from you, depending on how you interact with our Services:

a) Account & Order Data

Name, billing address, shipping address, email address, telephone number
Payment information (via third-party payment processors)
Order history, order status, product preferences

b) User-Uploaded Content

Audio files, images, text, names, voice recordings, audio metadata, other digital files that you upload in order to create your personalised product
Metadata associated with those uploads (file names, timestamps, device information)
If included in your upload, potentially personal data of other individuals (voice recordings, images)

c) Website Visit & Device Data

IP address, device type, browser, operating system
Usage data: pages visited, time on site, referring/exit pages, interactions
Cookies and tracking technologies (see our Cookie Policy)

d) Communications Data

Your communications with us (via email, contact form, chat)
Feedback, reviews, suggestions

4. Why We Collect & Use Your Data; Legal Basis

We use your personal data for the following purposes:

To perform a contract: When you place an order, we need your data to process payment, fulfil your order, ship it, provide customer service. (Legal basis: Art 6(1)(b) GDPR)
To comply with legal obligations: e.g., tax, accounting, consumer protection, exports. (Art 6(1)(c) GDPR)
For our legitimate interests: such as improving our Services, prevention of fraud, maintaining security, analytics, marketing. (Art 6(1)(f) GDPR)
With your consent (where required): e.g., for direct marketing, for non-essential cookies. (Art 6(1)(a) GDPR)

Note: Because you upload personal, voice or image data (including data belonging to third-parties), you represent that you have all necessary consents to provide that data to us and for its processing.

5. How We Store, Process & Transfer Your Data

Storage & third-party infrastructure

Your data, including uploads, are stored, processed, backed up and transmitted using third-party infrastructure such as:

Amazon Web Services (AWS)
Shopify
Other cloud services, print on demand services (e.g., Printify)
Other sub-processors hired by us or by those third-parties

Because of the use of such services, your data may be stored or transferred to servers in jurisdictions outside the European Economic Area (EEA). While we take reasonable measures to ensure appropriate safeguards (such as standard contractual clauses) are in place, we cannot guarantee absolute data residency or protection equivalent to your home jurisdiction.

Risk disclaimer

By uploading your content and using the Services, you acknowledge and accept that:

Data in transit or at rest may be subject to unauthorized access or breach despite our best efforts.
We cannot guarantee that the Services will be uninterrupted, error-free, or fully secure.
We are not liable for any third-party access, leaks, or data loss beyond our direct control.

6. Sharing Your Data

We may share your personal data with:

Payment processors (to complete your purchase)
Logistics/shipping providers (to deliver physical products)
Print-on-demand / fulfilment providers (to manufacture personalized items)
Cloud-hosting, storage, backup providers, analytics providers
Law enforcement, regulators, courts if required by law or to enforce our rights
Any successor entity in the event of a merger, acquisition or sale of our business

We do not sell your personal data to third parties for marketing purposes.

7. Retention of Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, tax or reporting obligations. After that, we either securely delete or anonymise your data.

For example order and billing data may be retained for [set number of years – e.g., 7 years] in line with Portuguese tax law. User-uploaded content used in fulfilling your order may be retained for longer if needed for internal analysis or backup, but in any case we review such retention periodically.

8. Your Rights

Under the GDPR, you have the following rights (subject to certain limitations):

Right of access: to obtain a copy of your personal data we hold.
Right to rectification: to correct inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): to request deletion of your data (subject to legal obligations).
Right to restriction of processing: ask us to restrict how we process your data.
Right to data portability: receive your data in a structured, commonly used format.
Right to object: object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: where processing is based on consent, you may withdraw it (this does not affect processing done prior).
Right to lodge a complaint: you may complain to the Portuguese Data Protection Authority (Autoridade Nacional de Proteção de Dados – ANPD) or other relevant supervisory authority.

To exercise your rights, please contact us at info@memoryinsound.com. We may need to verify your identity. We will respond within one month in accordance with GDPR; in some cases this may be extended.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our website to:

Enable site functionality (necessary cookies)
Analyse website use and performance (analytics cookies)
Support marketing and remarketing (where consented)

For more detail, see our Cookie Policy [LINK]. You can control cookies through your browser settings and any cookie-banner preference centre we provide.

10. Uploads & Third-Party Content Liability

Because our business model centres on you uploading content (audio files, images, voice recordings), you acknowledge and accept that:

You are solely responsible for the content you provide.
You have obtained all necessary rights, licenses and consents (including from people depicted or recorded) for use in connection with our Services.
We are not responsible for any legal or regulatory claims, liabilities or damages arising from your uploads (for example copyright infringement, privacy violations, defamation, criminal content).
We reserve the right to refuse to process, delete, or not accept any upload that violates these terms or applicable law.

11. Security Measures

We implement commercially reasonable technical and organisational measures to protect your data, including encryption, access controls, backups, and using reputable third-party infrastructure. However, due to the nature of the internet and cloud services, we cannot guarantee absolute security.

12. Children’s Privacy

Our Services are not directed at children under the age of majority in their jurisdiction. We do not knowingly collect personal data from minors without verifiable parental consent. If you believe a child has provided us data without consent, please contact us and we will take steps to delete it.

13. International Transfers

Your data may be transferred outside the EEA, including to countries that do not provide the same level of data protection. When such transfers occur, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised. We encourage you to review this page periodically. Your continued use of our Services after changes constitutes acceptance of the updated policy.

15. Contact Information

If you have any questions about this Privacy Policy or your personal data, contact us at:

Brocode Group Lda (Memory in Sound)