Privacy Policy

Last updated: April 12, 2026

1. Who We Are

Data Magpie is operated by Mastrotunes ("we," "us," or "our"), based in Costa Mesa, California. We run a personal data marketplace at magpie.mastrotunes.com that lets users connect their own data sources, build an encrypted data vault, and earn money when verified business buyers purchase access to their data — with the user's explicit approval for every transaction.

2. Data We Collect

Account data

Name, email address, and profile picture collected when you sign in with Google OAuth.

Financial data (via Plaid)

If you connect a bank account, we retrieve transaction history and account balances through Plaid. We store only the data you authorize. We do not store your bank credentials.

Music & interest data (via Spotify)

If you connect Spotify, we retrieve your top artists, top tracks, recently played tracks, and inferred genre interests. We do not access your Spotify password or payment details.

Google profile & interests

When you connect Google, we collect your public profile information and declared interests to enrich your vault profile.

Payment data (via Stripe)

Earnings payouts are processed through Stripe Connect. We do not store full bank account or card numbers. Stripe handles all payment data under their own privacy policy.

Usage data

Standard server logs including IP addresses, browser type, and pages visited. We use this solely to operate and improve the service.

3. How We Use Your Data

  • To build and maintain your encrypted data vault.
  • To match your vault profile with buyer data requests (using only anonymized tags — buyers never see raw data before purchase).
  • To process approved data sales and transfer your earnings via Stripe.
  • To send you transaction notifications and service updates.
  • To comply with legal obligations and enforce our Terms of Service.

We never sell or share your data without your explicit, per-transaction approval. Every data request from a buyer requires you to review and approve before any data is released.

4. How We Protect Your Data

  • All vault data is encrypted at rest using AES-256 encryption.
  • All connections use TLS in transit.
  • OAuth tokens (Plaid, Spotify, Google) are encrypted before being stored in our database.
  • We do not log or store decrypted vault contents beyond what is necessary to serve your requests.
  • Access to production systems is restricted to authorized personnel only.

5. Data Sharing

We share data only in the following circumstances:

  • With buyers: Only after you explicitly approve a data request. Buyers receive only the data categories you approved, not your raw identity unless you choose to include it.
  • With Plaid: To connect and retrieve your financial account data. Governed by Plaid's Privacy Policy.
  • With Stripe: To process payouts. Governed by Stripe's Privacy Policy.
  • As required by law: In response to valid legal process (subpoena, court order, etc.).

6. Data Retention

We retain your vault data as long as your account is active. You may request deletion of your account and all associated data at any time by emailing michaelrmastronardi@gmail.com. Completed transaction records may be retained for up to 7 years as required by financial regulations.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing at any time.
  • Data portability (receive your data in a machine-readable format).
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at michaelrmastronardi@gmail.com.

8. Cookies

We use session cookies solely to keep you logged in. We do not use tracking cookies, third-party advertising cookies, or analytics cookies. You can disable cookies in your browser, but doing so will prevent you from staying logged in.

9. Children's Privacy

Data Magpie is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their data, contact us immediately.

10. Changes to This Policy

We may update this policy periodically. If we make material changes, we will notify you by email or by posting a notice on the app. Continued use after changes constitutes acceptance.

11. Contact

Questions? Email us at michaelrmastronardi@gmail.com.