Privacy Policy

LabelBrain — operated by Create The Culture Limited — Last updated: 19 April 2026

LabelBrain is an internal operations platform built and operated by Create The Culture Limited (“Create The Culture”, “we”, “us”). LabelBrain is used by Create The Culture staff and authorised label partners to run day‑to‑day label operations: tracking streaming analytics, managing marketing campaigns, discovering creators, and reporting on advertising spend.

This policy explains what personal data LabelBrain processes, why, how long we keep it, and how to request deletion.

1. Who we are

Create The Culture Limited is a company registered in England and Wales.
Registered office: 18a Lanark Mansions, 14 Lanark Road, Maida Vale, London, W9 1DB, United Kingdom.
Contact: mark@createtheculture.uk.

2. What data we process

LabelBrain is not a consumer product. We do not host public accounts and do not sell access. The only personal data we process is:

Staff & authorised partner data — name, email, and role of Create The Culture staff and contracted partners granted access to LabelBrain.
Artist roster data — names, stage names, profile images, and platform handles for artists signed to or in development with Create The Culture. Processed under the recording and services agreements in place with each artist.
Public platform data retrieved through the official APIs of Meta, Spotify, TikTok, Snap, Google, and similar providers on ad accounts and pages we control or that have been shared with us. This includes campaign names, ad performance metrics, page post engagement, audio-track usage counts, and similar analytics.
Public creator profiles — for talent scouting we collect publicly available data (handle, bio, follower count, recent posts) about TikTok and Instagram creators. Where a creator asks us to delete their record, we do so on request (see Section 7).

We do not collect payment card data, government IDs, or special-category data (health, sexual orientation, political opinions, etc.).

3. How we use it

To run advertising campaigns on behalf of Create The Culture and its signed artists.
To analyse the performance of music releases, marketing activity, and paid media.
To discover and contact creators for paid collaborations.
To keep Create The Culture’s internal records (roster pipeline, release calendar, ad spend).

4. How data is shared

LabelBrain connects to third-party platforms via their official APIs. No personal data is sold, rented, or shared with advertisers. Sub-processors used:

Meta Platforms, Inc. — Marketing API, Graph API (campaign + insights data).
Spotify AB — Web API and Ad Studio API (catalog + ad data).
TikTok Pte. Ltd. — public web data and, where granted, Marketing API.
Snap Inc. — Marketing API.
Google LLC — Google Ads API and YouTube Data API.
DigitalOcean, LLC — hosting provider (server infrastructure in London, UK).
Resend, Inc. — transactional email delivery.

5. Retention

Operational data is retained for as long as it is useful to the business and, where applicable, for the minimum periods required by HMRC and UK company law (typically 6 years for financial records). Creator outreach records are archived or deleted within 24 months of the last meaningful contact.

6. International transfers

Our servers are in London. Some sub-processors listed above are based in the United States and process data under the EU‑U.S. Data Privacy Framework or Standard Contractual Clauses.

7. Your rights & data deletion

If you are a Create The Culture artist, contracted partner, or a creator who appears in our scouting records, you can request:

A copy of the personal data we hold about you.
Correction of inaccurate data.
Erasure of your record.
Restriction of processing, or objection to processing.

To request deletion, email mark@createtheculture.uk with the subject line “LabelBrain data deletion request” and include the name, email, or platform handle you want removed. We aim to respond within 14 days and complete deletion within 30 days unless we are legally required to retain the record.

8. Security

LabelBrain runs on hardened Linux hosts with restricted SSH access, credentials stored with mode 600, and HTTPS enforced for all public endpoints. Platform API tokens are stored outside the application tree and rotated on a documented schedule.

9. Cookies

The public landing pages at labelbrain.co do not set tracking cookies. Authenticated internal tools set a single session cookie to keep staff logged in and do not share that cookie with any third party.

10. Changes to this policy

We will post a new “Last updated” date at the top of this page if this policy changes materially.

11. Regulator

If you believe we have mishandled your data, you can contact the UK’s Information Commissioner’s Office at ico.org.uk.