Back to Home

Privacy Policy

Effective Date: June 1, 2026

Lesuto Industries Corp (“Lesuto,” “we,” “us,” or “our”) operates the Lesuto Disco platform at lesutodisco.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

1. Information We Collect

a) Account Data

When you register for an account, we collect your name, email address, username, profile picture, and account type (listener or artist). Artists may also provide additional information such as biography, genre preferences, and social media links.

b) Usage Data

We automatically collect information about how you interact with the Service, including tracks played, search queries, playlists created, artists followed, listening duration, skip behavior, and feature usage patterns.

c) Device Information

We collect device type, operating system, browser type and version, screen resolution, language preferences, IP address, and approximate geolocation derived from your IP address.

d) Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and collect analytics data. See Section 9 for detailed cookie information.

2. How We Use Your Information

We use the information we collect to:

  • Deliver the Service: Provide streaming, artist tools, account management, and all core platform functionality.
  • Analytics and Improvement: Understand usage patterns, diagnose technical issues, and improve Service performance and features.
  • Personalization: Recommend tracks, curate playlists, and tailor the listening experience based on your preferences and behavior.
  • Communication: Send account-related notifications, product updates, and marketing communications (with your consent where required by law).
  • Safety and Security: Detect fraud, enforce our Terms of Service, and protect the rights and safety of our users and third parties.
  • Legal Compliance: Fulfill legal obligations and respond to lawful requests from authorities.

3. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

a) Chameleon Integration

When tracks are used in commerce content through Lesuto Chameleon (our integrated commerce platform), limited artist profile information (artist name, track title, and profile URL) is shared with Chameleon to provide proper attribution. Listener data is not shared with Chameleon.

b) Service Providers

We share information with third-party service providers who assist us in operating the Service. See Section 4 for a full list of sub-processors. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

c) Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Sub-Processors

We use the following third-party sub-processors to operate the Service. Each sub-processor is contractually bound to process data only for the purposes described below and in accordance with applicable data protection laws.

ProviderPurposeData CategoriesLocation
Google Cloud PlatformCloud hosting, object storage (audio files, images), database hostingAccount data, uploaded content, usage data, analyticsUnited States
Upstash RedisCaching, background job queues, rate limitingSession tokens, temporary processing state, rate limit countersUnited States
ElasticsearchSearch indexing and full-text searchTrack metadata, artist profiles, search queriesUnited States
CloudflareContent delivery network (CDN), DDoS protection, DNSIP addresses, request metadata, cached static assetsGlobal (edge network)
Lesuto Chameleon SSOSingle sign-on authentication across Lesuto productsEmail, username, profile picture, OAuth tokensUnited States

5. AI Processing of Audio

When you upload audio content to the Service, it is automatically analyzed by AI and machine learning models to power platform features. This processing occurs once at upload time and includes the following:

  • Mood and Genre Classification: Audio classifiers analyze the sonic characteristics of your track to assign mood tags and genre labels, enabling discovery and recommendation features.
  • Beat and Tempo Detection: Signal processing models extract BPM (beats per minute), beat timestamps, and musical key to support search filtering and content synchronization.
  • Content Moderation: Automated speech recognition (ASR) transcribes vocal content, which is then screened by a text classifier for explicit or prohibited material. Flagged content is queued for human review.
  • Audio Fingerprinting: A unique acoustic fingerprint is generated using Chromaprint to detect duplicate uploads and support rights management.
  • Embedding Generation: Numerical vector representations (embeddings) are derived from your audio to power similarity search and recommendation. These embeddings are abstract mathematical representations and cannot be used to reconstruct the original audio.

Your original audio files are not shared with third parties for AI training purposes. All AI analysis runs on infrastructure controlled by Lesuto (either on our servers or via our dedicated sidecar processing pipeline). Derived data (embeddings, fingerprints, analysis results) is stored alongside your track metadata and is subject to the same retention and deletion policies described in Section 4.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your personal information within 90 days, except where retention is required by law or necessary to resolve disputes, enforce agreements, or protect our legitimate interests.

Aggregated and anonymized data that cannot be used to identify you may be retained indefinitely for analytics and research purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Deletion: Request that we delete your personal information, subject to certain exceptions.
  • Portability: Request your data in a structured, machine-readable format.
  • Opt-Out: Opt out of marketing communications at any time by using the unsubscribe link in our emails or updating your notification preferences.
  • Correction: Request that we correct inaccurate information.

To exercise any of these rights, contact us at ops@lesutotechnologies.com. We will respond to verified requests within 30 days.

8. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at ops@lesutotechnologies.com.

9. Cookies and Tracking Technologies

We use a minimal set of cookies required to operate the Service. We do not use third-party advertising or tracking cookies.

Specific Cookies We Set

Cookie NamePurposeTypeExpiry
disco_sessionMaintains your authenticated session after loginEssential, httpOnly, Secure, SameSite=Lax24 hours (refreshed on activity)
disco_oauth_stateCSRF protection during OAuth login flow (Chameleon SSO)Essential, httpOnly, Secure, SameSite=Lax10 minutes (deleted after login completes)
disco_oauth_verifierPKCE code verifier for OAuth login flowEssential, httpOnly, Secure, SameSite=Lax10 minutes (deleted after login completes)

You can manage cookie preferences through your browser settings. Note that disabling essential cookies will prevent you from logging in or using authenticated features of the Service.

10. Security

We implement industry-standard security measures to protect your information. Data is protected by Google Cloud's default encryption at rest (AES-256) and encrypted in transit via TLS. Passwords are hashed with bcrypt. We enforce access controls and conduct regular security audits. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

If you discover a security vulnerability, please report it responsibly to ops@lesutotechnologies.com.

11. International Data Transfer

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate. We take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share your data.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (for example, where retention is required by law or necessary to complete a transaction).
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you. We will use commercially reasonable efforts to correct the information as directed.
  • Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We also do not “share” your personal information for cross-context behavioral advertising as defined under the CPRA. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link on the Service.
  • Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information (such as precise geolocation or account credentials), you may request that we limit its use to what is necessary to provide the Service. Currently, we do not use sensitive personal information for purposes beyond what is necessary to operate the Service.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Request Verification

To protect your privacy, we must verify your identity before fulfilling a rights request. We will ask you to confirm information associated with your account (such as your email address). If we cannot verify your identity, we may request additional information. We will respond to verified requests within 45 calendar days. If we need additional time (up to 45 more days), we will notify you of the extension and the reason.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. To do so, provide the agent with written permission signed by you, and have the agent submit the request along with proof of authorization to ops@lesutotechnologies.com. We may still require you to verify your identity directly with us before fulfilling the request.

To submit a CCPA/CPRA request, contact us at ops@lesutotechnologies.com or use the privacy request form in your account settings (when available).

13. GDPR Annex (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional information applies to the processing of your personal data under the General Data Protection Regulation (GDPR).

Data Controller: Lesuto Industries Corp, 105 Meadowlark St, Austin, TX 78734, United States.
Contact: ops@lesutotechnologies.com

Legal Bases for Processing (Article 6)

PurposeLegal Basis
Providing the Service (account, streaming, uploads)Performance of contract (Art. 6(1)(b))
AI analysis of uploaded audioLegitimate interest (Art. 6(1)(f)): improving platform features and content moderation
Analytics and Service improvementLegitimate interest (Art. 6(1)(f)): understanding usage to improve the Service
Marketing communicationsConsent (Art. 6(1)(a)): opt-in at registration, withdrawable at any time
Fraud prevention and securityLegitimate interest (Art. 6(1)(f)): protecting users and the platform
Legal compliance (tax records, lawful requests)Legal obligation (Art. 6(1)(c))

Your Rights Under the GDPR

In addition to the rights described in Section 5, EEA and UK residents have the following additional rights:

  • Right to Object (Art. 21): You may object to processing based on legitimate interest at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
  • Right to Restrict Processing (Art. 18): You may request that we restrict processing of your personal data while we verify the accuracy of your data, if processing is unlawful but you oppose deletion, if we no longer need the data but you need it for legal claims, or while we evaluate an objection you have raised.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

To exercise any GDPR rights, contact us at ops@lesutotechnologies.com. We will respond within 30 days (extendable by up to 60 days for complex requests, with prior notice).

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service and updating the “Effective Date” at the top. We may also send you a notification via email. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Lesuto Industries Corp
105 Meadowlark St, Austin, TX 78734
Email: ops@lesutotechnologies.com