Liminal Audio processes voice biometric data (voiceprints, spectral fingerprints, lingual identity signatures). This data receives the highest level of protection under applicable law, including GDPR Article 9, CCPA, and the Illinois Biometric Information Privacy Act (BIPA).
1. Who We Are
Liminal Audio Inc. ("Liminal Audio", "we", "our") is a Delaware corporation operating the platform accessible at tmbri.com. We build biometric identity infrastructure for musicians and creative professionals.
Data Controller contact: privacy@audioliminal.com
2. What Data We Collect
Waitlist & Contact Data:
- Email address, name (optional), professional role
- IP address and approximate geolocation (country-level)
- Timestamp of submission
Voice Biometric Data (platform users, not waitlist):
- Voice recordings submitted for identity enrollment
- Derived biometric identifiers: voiceprint vectors, spectral fingerprints, lingual frequency signatures
- Enrollment metadata: timestamp, device, language detected
Usage Data:
- Pages visited, feature interactions, session duration
- Browser type, operating system (aggregated, not linked to identity)
3. How We Use Your Data
- Waitlist: to notify you when early access opens and to segment outreach by professional role.
- Voice biometrics: to generate your TMbri™ Pass — a cryptographically sealed identity certificate anchored to your unique vocal signature. This is the core product function.
- Platform improvements: anonymised, aggregated usage analytics only.
- We do not sell personal data. We do not use voice data to train AI models without separate, explicit written consent.
4. Legal Basis (GDPR)
- Legitimate interest — waitlist communications and platform security.
- Explicit consent (Art. 9(2)(a)) — required before processing voice biometric data. Consent is requested at enrollment and can be withdrawn at any time.
- Contract performance — processing necessary to provide the TMbri™ Pass service.
5. Biometric Data — Special Protections
Voice biometric data is treated as sensitive personal data under GDPR Article 9, CCPA Section 1798.140, and BIPA (740 ILCS 14). We do not collect biometric data without prior informed written consent. Biometric templates are stored encrypted, with access limited to the enrolled artist only.
- Storage: AES-256 encrypted at rest; TLS 1.3 in transit.
- Retention: biometric templates are deleted within 3 years of last active use, or immediately upon written deletion request.
- No third-party biometric data sharing without explicit consent and Data Processing Agreements.
6. Data Sharing
We share data only where necessary:
- Infrastructure providers: server hosting (EU/US data centres) under DPAs.
- Legal compliance: if required by court order or applicable law.
- Business transfer: in the event of merger or acquisition, data transfers are subject to the same protections.
We do not share data with advertising networks, data brokers, or social media platforms.
7. Your Rights
Depending on your jurisdiction, you have the right to:
- Access — request a copy of all personal data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data, including biometric templates.
- Portability — receive your data in a machine-readable format.
- Withdraw consent — at any time, for biometric processing.
- Opt-out (CCPA/California) — we do not sell personal information; opt-out is not applicable.
To exercise any right: privacy@audioliminal.com. We respond within 30 days.
8. Cookies & Tracking
This site uses no third-party tracking cookies. We use first-party session data only for technical functionality. No advertising pixels, no cross-site tracking.
9. Data Retention
- Waitlist data: retained until you request deletion or 24 months after launch, whichever comes first.
- Voice biometrics: retained for the duration of your TMbri™ Pass, plus up to 90 days after cancellation.
- Logs: 90 days maximum, then automatically purged.
10. International Transfers
Data may be processed in the United States and the European Union. Transfers from the EU to the US are made under Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Children
This service is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us immediately.
12. Changes to This Policy
Material changes will be communicated by email to waitlist and platform subscribers at least 14 days before taking effect. The effective date at the top of this page is always current.
13. Contact & Supervisory Authority
Data protection inquiries: privacy@audioliminal.com
EU residents may lodge a complaint with their national supervisory authority (e.g., Garante Privacy — Italy, CNIL — France, ICO — UK).