Privacy Policy

Effective Date: 8 December 2025

Distrofy ("Company", "we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, dashboard, or any related services ("Services"). By using Distrofy, you agree to this Privacy Policy. If you do not agree, please stop using the Service immediately.

1. Who We Are and Contact Information

Distrofy is a digital music distribution platform that enables artists, labels, and creators to distribute music to global streaming platforms.

For privacy-related inquiries:

2. Types of Personal Data We Collect

2.1 Information You Provide

  • Full Name / Artist Name
  • Email Address
  • Password (securely hashed)
  • Country
  • Phone Number
  • Profile Information (bio, profile image, social links)
  • KYC Details (identity documents, address, date of birth)
  • Bank or Mobile Wallet Details (for payments)
  • Music Release Data (audio files, artwork, metadata, credits)

2.2 Automatically Collected Data

  • IP Address
  • Device & Browser Information
  • Operating System
  • User Agent String
  • Login/Logout Timestamps
  • Usage Analytics (page views, actions, navigation)
  • Session behavior (via analytics tools)

2.3 Cookies and Local Storage

Used for:

  • Authentication
  • Security
  • User interface preferences
  • Analytics and usage measurement

2.4 Support Interactions

When contacting support, we collect:

  • Messages
  • Attachments
  • Email
  • Issue category

3. How and Why We Use Your Personal Data

We use your data for the following purposes:

3.1 To Provide the Service

  • Account creation and login
  • Managing your releases
  • Delivering music to DSPs
  • Processing royalties and withdrawals

3.2 To Verify Your Identity (KYC)

Required for:

  • Fraud prevention
  • Royalty payouts
  • Compliance with financial regulations

3.3 To Maintain Security

  • Preventing unauthorized access
  • Monitoring suspicious activity
  • Fraud and rights infringement investigations

3.4 To Communicate With You

  • Email verification
  • Payment notifications
  • Release status updates
  • Support responses
  • Policy updates

3.5 For Analytics and Improvements

We use analytics tools to understand how users interact with Distrofy and to improve performance, design, and stability.

Legal Basis (GDPR)

We process personal data under:

  • Performance of contract
  • Legitimate interest (security, fraud prevention, analytics)
  • Consent (cookies, marketing)
  • Compliance with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only as described below.

4.1 Third-Party Service Providers

We use trusted vendors to operate the platform. These include:

  • Cloud hosting & storage providers
  • Authentication providers
  • Email service providers
  • Analytics platforms
  • Payment processors
  • Content delivery networks (CDNs)

They may process personal data on our behalf under strict confidentiality and security agreements.

4.2 Business Transfers

If Distrofy undergoes a merger, acquisition, asset transfer, or corporate restructuring, your data may be transferred as part of the transaction. We will notify users if ownership changes.

4.3 Legal Disclosures

We may disclose data when required to:

  • Comply with laws or regulations
  • Respond to law enforcement
  • Protect rights, property, and safety
  • Respond to DSP compliance requests
  • Investigate fraud or copyright violations

4.4 International Transfers

We store and process data in multiple regions depending on our service providers, including:

  • United States
  • European Union
  • Asia-Pacific regions

Where required, transfers are protected through Standard Contractual Clauses (SCCs), industry-standard security measures, and vendor compliance with GDPR/CCPA/security frameworks.

5. User Rights

Depending on your region, you have the following rights.

5.1 For EU, EEA, and UK Users (GDPR Rights)

You may request:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data ("right to be forgotten")
  • Restriction of processing
  • Objection to certain processing activities
  • Data portability
  • Withdrawal of consent

You may also lodge a complaint with your local supervisory authority.

5.2 For U.S. Users (CCPA/CPRA Rights)

California residents have the right to:

  • Know what personal data is collected
  • Request deletion of personal data
  • Request access to data categories collected
  • Request correction of inaccurate data
  • Opt-out of sale (we do not sell data)
  • Non-discrimination for exercising rights

5.3 Exercising Your Rights

To exercise any privacy rights, email: privacy@distrofy.org. We will respond within applicable legal timeframes.

5.4 How to Request Deletion

To request account deletion or removal of specific data:

We will delete what can be legally deleted. Some records (financial, royalty, fraud-related) must be retained by law.

6. Data Retention and Storage

We retain personal data only as long as necessary for providing services, legal and accounting obligations, security and fraud prevention, and DSP contractual requirements.

Examples:

  • Transaction records: 7 years
  • Release metadata: Permanent (royalty requirements)
  • KYC documents: As long as legally required
  • Logs: Limited retention for security purposes

All data is stored securely using encrypted cloud services.

7. Data Security

We implement industry-standard technical and organizational measures including:

  • Encryption in transit (HTTPS/TLS)
  • Secure cloud infrastructure
  • Authentication controls
  • Role-based access
  • Secure sessions
  • Regular monitoring
  • Data minimization
  • Access auditing

No system is 100% secure, but we take reasonable steps to protect your data.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Login and authentication
  • Session management
  • Security
  • User preferences
  • Analytics and performance

You may control cookies through your browser settings. Some cookies are essential and cannot be disabled (e.g., login cookies). Analytics platforms may use cookies, but you can opt out using their official tools.

9. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a new effective date. Continued use of the Service constitutes acceptance of the updated policy.

10. Inform Us of Changes

Users are responsible for keeping their information accurate and up to date, including contact details, address, bank or payment details, identity information, and account email. Failure to update information may affect access to services.

11. Third-Party Links

Our platform may contain links to external websites, DSPs, or social platforms. We are not responsible for the privacy practices of third-party sites. Users should review the privacy policies of any external services they use.