Privacy Policy

Privacy Policy

Effective Date: April 16, 2023
Version: 1.2
Last Updated: April 29, 2026

1. Introduction

Water (the "Service") is operated by 95 Entertainment LLC, a Florida limited liability company with its principal address at 28 W Flagler St #295, 300B, Miami, FL 33130, USA ("we", "us", "our", "Company").

This Privacy Policy explains how we collect, use, share, retain, and protect personal information when you create an account, upload audio, browse the catalog, send invites, or otherwise interact with the Service. It also describes the rights you have over your data and how to exercise them.

If this Policy conflicts with the Terms of Service, this Policy governs only the collection, processing, and disclosure of personal information.

2. Personal Information We Collect

"Personal information" means information that identifies or can reasonably be linked to you. It does not include de-identified or anonymized data.

3. How We Use Personal Information

4. How We Share Information

We do not sell your personal information. We share personal information only with carefully selected third-party service providers who act on our documented instructions and are contractually bound to confidentiality and purpose limitation. These providers assist with infrastructure, payment processing, communications, and analytics — all located in the United States or the European Union. A current list of processors is available upon request at contact@95ent.ai.

If we engage a new processor that handles personal information, we update this policy and bump the Last Updated date before any user data is routed to that processor.

No sale of personal information. We do not sell, rent, or trade personal information for monetary or other valuable consideration. We do not engage in cross-context behavioral advertising as defined under CCPA / CPRA.

5. Retention and Deletion

We retain personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention windows:

6. Audio Fingerprint, Watermark, and Embedding Processing (Biometric-Adjacent)

This Service performs three forms of audio-derived processing on every upload. None of these processes derive a personal biometric identifier of you as a human (such as voiceprint, retina scan, or fingerprint). They derive identifiers of the sound itself. Out of conservatism, we apply biometric-adjacent disclosure standards to all three.

6.1 Audio fingerprint (chromaprint perceptual hash)

We compute a perceptual hash of each uploaded audio file. The hash represents the acoustic signature of the recording and is used for duplicate detection, derivative detection, and Source ID lineage chains. The hash cannot reconstruct the original audio.

6.2 Watermark embedding (AudioSeal)

Before delivery, we embed an inaudible watermark payload into each audio file. The payload encodes the Source ID, license context, and a non-PII session token. The watermark survives common transformations (re-encoding, time-stretch, EQ) and is used to attribute downstream uses back to the originating creator and license. See TOS § 12 for the consent record.

6.3 Machine-learning embeddings (MERT)

We compute MERT (music understanding) embeddings of each upload. The embeddings are high-dimensional numeric vectors used for similarity search, genre and mood classification, and provenance / Source ID derivative detection per the Apr 27 2026 doctrine. The embeddings cannot reconstruct the original audio.

6.4 Express written consent

By uploading audio to the Service or downloading audio from the Service, you provide express written consent to the processing described in Sections 6.1, 6.2, and 6.3. The Service records this consent at first upload and first download with account identifier, IP address, user agent, and timestamp, in accordance with TOS § 12.

6.5 Retention

The fingerprint, watermark payload, and embedding vectors are retained for up to seven (7) years after permanent account deletion to support Source ID lineage and ongoing derivative detection on copies of the audio that may exist in the wild. After 7 years, the records are purged.

6.6 No sale, no transfer, no profiling

The fingerprint, watermark payload, and embeddings are stored on infrastructure operated by the processors named in Section 4 (Supabase, CloudFront edge cache for delivery). They are never sold, never transferred to a third party for that party's independent purposes, and are not used to make decisions about you that produce legal or similarly significant effects.

6.7 Withdrawal of consent

Account deletion under TOS § 10.1 starts the seven-year retention clock for the records in Section 6.5. Earlier withdrawal can be requested via the contact channels in Section 13; we will honor the request to the extent compatible with our obligations to defend and document past licenses (TOS § 4 and § 12).

7. Cookies and Tracking Technologies

We use session cookies, authentication tokens, and analytics identifiers. We do not use third-party advertising cookies. The cookie banner on first visit lets you manage non-essential cookies. Disabling essential cookies (authentication, security) will break account functionality.

8. Your Privacy Rights

8.1 Rights you may have

Depending on your location, you may have the right to:

8.2 Sensitive personal information (CCPA / CPRA)

The audio fingerprint, watermark, and embedding data described in Section 6 may be treated as sensitive personal information under CCPA / CPRA. We do not use this data for purposes outside Section 6, do not infer characteristics about you from it, and do not share or sell it.

8.3 Illinois BIPA, Texas CUBI, Washington H.B. 1493 carve-out

If you are a resident of Illinois, Texas, or Washington and the Section 6 processing falls within the biometric-information statutes of those states, the disclosures, consent record (TOS § 12), retention schedule (Section 6.5), no-sale lock (Section 6.6), and no-third-party-transfer lock (Section 6.6) are intended to satisfy the corresponding statutory requirements.

8.4 How to exercise rights

Send a request to the contact in Section 13. We may verify your identity before responding. Authorized agents may act on your behalf with proof of authorization. We do not discriminate against you for exercising your rights.

9. Children

The Service is not directed to children under 13 (or under the age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided information, contact us in Section 13 and we will delete it.

10. International Transfers

If we transfer personal information outside the UK or EEA, we rely on recognized transfer mechanisms (such as Standard Contractual Clauses) with the importer. By using the Service, you consent to such transfers as described.

11. Security

We use commercially reasonable technical and organizational measures to protect personal information, including encryption in transit, hashed credentials, scoped access for staff, RLS-protected database access, and security monitoring. No system is fully secure; we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Policy. Material changes are posted here with a new Last Updated date and, where required by law, by direct notice. Continued use of the Service after the effective date of an update constitutes acceptance.

13. Contact

For questions, rights requests, or complaints, contact:

95 Entertainment LLC
28 W Flagler St #295, 300B, Miami, FL 33130, USA
contact@95ent.ai

For UK / EU residents, 95 Entertainment LLC is the data controller for purposes of UK GDPR and EU GDPR.