The Musical Form Institute
Legal

Privacy Policy

Effective Date: April 26, 2026

1. Introduction

This Privacy Policy describes how Muse Foundry LLC, doing business as Musical Form Institute ("MFI," "we," "our"), collects, uses, and protects information when you interact with our websites, including musicalform.org and registry.musicalform.org (collectively, the "Site"), and when you participate in MFI certification processes.

MFI administers two certification programs: the Certificate of Embodied Production (CEP) and Certified Significant Form (CSF). This policy applies to general Site visitors, to certification participants (artists and label representatives), and to any person who submits a recording for review through a public submission form on the Site.

2. Information We Collect

2.1 Website and Registry Browsing (All Visitors)

When you visit the Site or browse the public Registry, we collect limited information:

  • Google Analytics data. We use Google Analytics to measure Site usage (for example, pages viewed, time spent on pages, referral sources, browser type, device information, and approximate location derived from IP address). Google Analytics typically uses cookies and similar technologies to collect this information.
  • Google Ads conversion measurement. We run paid advertising campaigns through Google Ads. When the Site is visited from a Google Ads click, or when a visitor completes a measured action (such as submitting a recording for review), Google Ads may set cookies to attribute that action to the originating ad. This is used solely to measure the effectiveness of our advertising. We do not build advertising audiences from Site visitors and we do not run remarketing campaigns.
  • Server and security logs. Like most websites, our servers may receive information such as your IP address, browser type, and the date and time of your request.
  • No user accounts are required to view the public Registry.

Choices and controls. When you first visit the Site, a cookie consent banner appears. Clicking Reject blocks both Google Analytics and Google Ads cookies; clicking Accept permits both. You can change your choice by clearing this Site's storage in your browser. You can also opt out of Google Analytics directly by installing Google's opt-out browser add-on at https://tools.google.com/dlpage/gaoptout, and you can manage Google Ads personalization settings at https://adssettings.google.com. If your browser sends a Global Privacy Control (GPC) signal, the Site treats it as a Reject choice without showing the banner.

If our analytics or advertising configuration changes materially, we will update this policy.

2.2 Certification Process — Label-Based Workflow

When a label submits a batch of recordings for review and the corresponding artist or producer signs an attestation through our clickwrap system, we collect the following:

  • Full name (as entered by the signer)
  • Email address (provided by the submitting label or entered directly)
  • Attestation selections (which tracks were attested and which were withdrawn)
  • Signature timestamp (date and time of signing)
  • IP address at the time of signing
  • Browser user agent string at the time of signing
  • Token identifier linking the signing event to a specific certification batch

From the submitting label, we also collect a primary contact name and email address for batch communication.

2.3 Certification Process — Public Submissions

When you submit a recording for review through a public submission form on the Site, we collect:

  • Your name
  • Your email address
  • Information you provide about the recording, including title, artist, and a public source link
  • Server log information (such as IP address and browser user agent) associated with the submission

Where MFI conducts review based on automated analysis of publicly available catalog data, MFI may also retrieve and store publicly available metadata about a recording (such as title, artist, release information, and identifiers) from third-party catalog and recording sources. This data is associated with the corresponding Registry entry.

2.4 Audio Files

Master audio files may be submitted to MFI by label partners as part of the CEP review process. Audio files are submitted via secure file transfer links provided to label contacts. Audio files are not collected from artists directly through the Site.

For CSF review based on public submissions or automated catalog scanning, MFI typically works from publicly available recordings rather than master audio files.

2.5 Information We Do Not Collect

  • We do not collect payment or financial information through the Site.
  • We do not collect DAW session files or stems. At most, a session screenshot may be requested from the submitting label.
  • We do not require user accounts or passwords for Registry access.

3. How We Use Your Information

3.1 Certification Processing

We use information collected through certification processes:

  • To verify the identity of a signer or submitter and associate the submission with the correct recordings.
  • To create a durable, tamper-evident audit trail for each certification decision. The attestation or submission record serves as evidence supporting the decision.
  • To send invitation, status, and decision communications to the relevant artist, label contact, or submitter.
  • To communicate with label contacts and submitters regarding batch status, certification decisions, registry corrections, and related operational matters.

3.2 Fraud Prevention and Integrity

IP address and user agent data are collected to support the integrity of the attestation and submission processes. This data provides evidence that the action was completed using a web browser and helps identify potentially unauthorized or fraudulent activity.

3.3 Site Improvement

Google Analytics and similar aggregate measurements may be used to understand Site usage patterns and improve the Site.

3.4 No Marketing Use of Certification Data

We do not use personal information collected through the certification process for marketing purposes. We do not sell or rent personal information. Information collected from certification submitters is not provided to Google Ads, Google Analytics, or any other advertising service.

Separately, the Site uses Google Analytics and Google Ads cookies to measure general visitor traffic and to attribute conversions from MFI's own advertising campaigns. That measurement activity is described in Section 2.1.

4. Who We Share Information With

MFI shares information only in the following limited circumstances:

  • Service providers. We use vendors to operate the Site and certification workflow (for example, website hosting, database services, email delivery, automation, and secure file storage). These vendors process information on our behalf to provide their services to us.
  • Google Analytics and Google Ads. Site usage information is shared with Google Analytics, and conversion measurement information is shared with Google Ads, as described in Section 2.1 above. Both are used by MFI to understand Site performance and to measure paid advertising. We do not provide certification submitter contact information to either service.
  • Third-party audio analysis providers. As part of the review process, audio files or public recording references may be transmitted to third-party audio analysis services for screening, including AI-generated content detection. These providers return analysis results to MFI. We do not authorize service providers to use submitted audio for their own product training or marketing purposes. Provider handling and retention policies vary; additional details are available to applicants upon request.
  • Third-party catalog and metadata sources. Where MFI reviews recordings based on publicly available catalog data, we may query third-party catalog and recording services to retrieve public metadata about a recording. We do not transmit personal information about Site visitors or submitters to these services as part of those queries.
  • Public Registry. Certified recordings are listed in the public Registry with the artist name, track title, certification identifier, ISRC, genre (if provided), certification date, applicable standards version, and links to public sources where applicable. Signer or submitter email addresses, IP addresses, and user agent data are never published in the Registry.
  • Label partners. For label-based workflows, certification decisions (Certified, Denied, Withdrawn) are communicated to the submitting label. The attestation audit log (including signer name and signing timestamp) may be shared with the label as part of the certification record.
  • Legal compliance. We may disclose information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to protect the rights, safety, or property of MFI, our users, or the public.

We do not share personal information with other third parties outside the categories above.

5. Data Retention

We retain information for as long as reasonably necessary to operate the Site and to administer and defend the integrity of the certification programs, subject to applicable law. In practice:

  • Website analytics. Google Analytics data is retained according to our Google Analytics account settings and then deleted or anonymized on a rolling basis.
  • Attestation, submission, and certification records. Attestation audit logs, public submission records, and core certification records are maintained on a long-term basis because the certification programs rely on durable, tamper-evident audit trails.
  • Public Registry entries. Registry entries for certified recordings are maintained as a public record. If a certification is revoked, the Registry entry is updated to reflect the revocation.
  • Audio files. Master audio files submitted as part of the CEP review process are retained only as long as needed for review and quality control. Unless we have a legitimate need to retain longer (for example, to address a dispute, appeal, or legal hold), we delete master audio files within 30 days after a certification decision.

6. Data Security

MFI uses reasonable administrative, technical, and physical safeguards to protect personal information, including access controls and least-privilege access for internal systems. Where supported by our vendors, data is transmitted over encrypted connections (HTTPS/TLS).

No system is completely secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

7. Your Rights

If you have participated in a certification process and wish to understand what personal information MFI holds about you, you may contact us at the address below. We will respond to reasonable requests within 30 days.

Limitations:

  • Attestation and submission audit records cannot be modified or deleted. The audit trail is write-once by design. This is necessary to maintain the integrity of the certification programs.
  • Public Registry entries for certified recordings reflect the certification decision and are maintained as a public record. If a certification is revoked, the Registry entry is updated to reflect the revocation. Requests to correct or remove a Registry entry should be submitted in accordance with the corrections process described in our Terms of Use.
  • If you believe your personal information was submitted to MFI in error (for example, if a label provided an incorrect email address, or if a public submission was made without proper authorization), contact us and we will work to correct the issue where appropriate.

California and Global Privacy Control. If you are a California resident and you submit a request, we will process it consistent with applicable law. We do not sell personal information for monetary consideration. We use Google Ads cookies to attribute conversions from our advertising campaigns; depending on how California law is interpreted, this measurement activity may constitute "sharing" for cross-context advertising purposes. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of sale or sharing of personal information, and the Site disables both Google Analytics and Google Ads cookies for that visit.

8. Children

The Site and certification processes are not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it.

9. International Users

MFI is based in the United States. If you access the Site or participate in a certification process from outside the United States, your information may be transferred to and processed in the United States and other jurisdictions where our service providers operate. Where required by law, we will use appropriate safeguards for cross-border transfers.

10. Changes to This Policy

MFI may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes to how we handle personal information, we will make reasonable efforts to notify affected individuals (for example, by posting a notice on the Site or by email if appropriate).

11. Use of YouTube API Services

The Site uses YouTube API Services for two specific purposes: (i) to publish MFI certification results as public playlists on the Musical Form Institute's official YouTube channel, and (ii) to resolve canonical YouTube URLs for sound recordings whose ISRC has already been identified through other catalog sources. MFI does not collect, transmit, or share information about Site visitors to YouTube as part of this activity.

By using any portion of the Site or its functionality that involves YouTube data or content, you also agree to be bound by the YouTube Terms of Service, available at https://www.youtube.com/t/terms.

For information about how Google handles data collected through YouTube API Services, please see the Google Privacy Policy at https://policies.google.com/privacy.

You may revoke MFI's access to your Google account, where applicable, by visiting the Google security settings page at https://myaccount.google.com/permissions.

12. Contact

If you have questions about this Privacy Policy or wish to make a request regarding your personal information, contact us at:

Musical Form Institute
Muse Foundry LLC
info@musicalform.org
Mailing address: PO Box 12734, Tucson, AZ 85732