Privacy Policy

enarumusic, based in the Netherlands, is the data controller responsible for your personal data. For questions about this Privacy Policy or your data, contact us at privacy@enarumusic.nl.

2.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and authentication)
• Password (stored securely using bcrypt hashing)
• Full name (first and last name for identification and payment processing)
• Artist or stage name (for profile display and release attribution)
• Profile picture URL (optional, if you choose to upload an avatar)
• Account creation date and last login timestamp

2.2 Payment Information

For royalty payouts, we securely store:

• PayPal email address (encrypted using AES-256 encryption with a secure encryption key stored separately from the database)
• First and last name associated with your PayPal account (for legal compliance and verification)
• Payment request history, including amounts, dates, and status
• Transaction records for royalty deposits and withdrawals

We do not store credit card information or process direct payments. All financial transactions are handled by PayPal, which maintains its own privacy policies and security standards.

2.3 Music Content and Metadata

When you upload music releases, we store:

• Audio files (in various formats as you upload them)
• Album artwork and promotional images
• Release metadata including titles, descriptions, genres, release dates, and ISRC codes
• Track listings, durations, and other technical information
• Distribution platform selections and preferences
• Release status (draft, pending, live, or taken down)

2.4 Usage and Analytics Data

We automatically collect certain technical information when you use our platform:

• IP address (for security monitoring and fraud prevention)
• Browser type, version, and language preferences
• Operating system and device information
• Pages visited, features used, and time spent on the platform
• Referral sources and navigation paths through the platform
• Error logs and diagnostic information for troubleshooting

This information is collected using cookies, server logs, and similar technologies as described in our Cookie Policy.

2.5 Communications

We store records of:

• Support tickets and help desk interactions
• Email correspondence with our team
• Notifications and alerts sent to your account
• Feedback, suggestions, and survey responses

2.6 Royalty and Streaming Data

We collect royalty information from streaming platforms, including:

• Stream counts and listener statistics
• Revenue generated by platform and country
• Playlist placements and algorithmic recommendations
• Historical performance data for your releases

This data is aggregated from third-party platforms and is used to calculate and distribute your royalties accurately.

2.7 Age Information

During account registration, you are required to select your age category to ensure compliance with legal requirements:

• 13 years or older with parental permission
• 18 years or older

We store your selected age category in our database for compliance and verification purposes. This information is retained for as long as your account remains active and for 7 years after account closure as required by law.

You are responsible for providing accurate age information during registration. Providing false information about your age may result in account termination.

We process your personal data for the following purposes:

3.1 Service Provision (Legal Basis: Contract)

• Creating and maintaining your artist account
• Distributing your music to streaming platforms and digital stores
• Collecting and distributing royalties from your music
• Processing payout requests and transferring funds to your PayPal account
• Providing customer support and responding to inquiries
• Displaying your artist profile and releases on the platform

3.2 Platform Improvement (Legal Basis: Legitimate Interest)

• Analyzing usage patterns to improve platform functionality and user experience
• Developing new features and services based on user needs
• Conducting research and analytics to understand artist behavior and preferences
• Testing new features and conducting A/B tests

3.3 Security and Fraud Prevention (Legal Basis: Legitimate Interest)

• Monitoring for fraudulent streaming activity and artificial stream manipulation
• Detecting and preventing unauthorized access to accounts
• Investigating violations of our Terms of Service
• Protecting against malicious activity, spam, and abuse
• Maintaining the integrity of our platform and payment systems

3.4 Legal Compliance (Legal Basis: Legal Obligation)

• Complying with tax reporting requirements
• Responding to legal requests and court orders
• Enforcing our Terms of Service and other agreements
• Meeting regulatory obligations for financial services

3.5 Communications (Legal Basis: Consent or Legitimate Interest)

• Sending transactional emails about your account, releases, and royalties
• Notifying you of platform updates, new features, and policy changes
• Sending promotional emails about services and opportunities (only with your consent)
• Conducting surveys and requesting feedback to improve our services

You may opt out of promotional communications at any time by clicking the unsubscribe link in our emails or updating your account preferences.

We do not sell your personal data to third parties. We share your information only in the following limited circumstances:

4.1 Music Distribution Partners

We share your music, artwork, and associated metadata with streaming platforms (such as Spotify, Apple Music, Amazon Music) and digital stores to fulfill our distribution services. These platforms have their own privacy policies governing how they handle your data.

4.2 Payment Processors

We use PayPal to process royalty payouts. When you request a withdrawal, we share your PayPal email address, name, and payment amount with PayPal to complete the transaction. PayPal processes this information according to its own privacy policy.

4.3 Cloud Storage and Infrastructure

We use Vercel for hosting and application infrastructure, Supabase for database services, and Vercel Blob Storage for file storage. These service providers have access to your data only to the extent necessary to provide their services and are contractually obligated to protect your information.

4.4 Email Communication Services

We use Resend for transactional and promotional email delivery. Resend has access to your email address and the content of emails we send you, and processes this data according to its privacy policy.

4.5 Analytics and Monitoring

We may use analytics services to understand platform usage, identify issues, and improve our services. These tools may collect anonymized or pseudonymized usage data.

4.6 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes such as subpoenas, court orders, or search warrants
• Requests from law enforcement or government authorities
• Emergencies involving potential harm to individuals or property
• Protection of our legal rights and enforcement of our Terms of Service

4.7 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Account information: Retained while your account is active and for 7 years after account closure for tax and legal compliance
• Payment and financial records: Retained for 7 years after the last transaction as required by Dutch tax law
• Music content: Retained until you request deletion or close your account
• Royalty and streaming data: Retained indefinitely for historical reporting and accounting purposes
• Usage logs and analytics: Retained for 2 years unless anonymized
• Support communications: Retained for 3 years after resolution

After these retention periods, we securely delete or anonymize your data so that it can no longer be associated with you.

As a data subject in the European Union, you have the following rights:

6.1 Right to Access

You may request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

6.2 Right to Rectification

You may request corrections to any inaccurate or incomplete personal data. Most account information can be updated directly through your account settings.

6.3 Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data, subject to certain legal exceptions (such as our obligation to retain financial records for tax purposes). To request account deletion, contact privacy@enarumusic.nl.

6.4 Right to Restrict Processing

You may request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of disputed information.

6.5 Right to Data Portability

You have the right to receive your personal data in a portable format and to have it transferred to another service provider where technically feasible.

6.6 Right to Object

You may object to processing of your personal data for direct marketing purposes or where we process your data based on legitimate interests. We will cease such processing unless we have compelling legitimate grounds that override your interests.

6.7 Right to Withdraw Consent

Where we process your data based on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local data protection authority.

To exercise any of these rights, please contact us at privacy@enarumusic.nl with your request. We may need to verify your identity before processing your request.

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data in transit using TLS 1.3 and HTTPS
• Encryption of sensitive data at rest, including PayPal email addresses using AES-256 encryption
• Secure password storage using bcrypt hashing with salt
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for all team members
• Regular backups stored in geographically distributed locations
• Monitoring and logging of suspicious activity
• Incident response procedures for potential data breaches

While we take reasonable precautions to protect your data, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your password and for any activities under your account.

enarumusic is based in the Netherlands, but we use service providers that may process data in other countries, including the United States. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Service providers with adequate data protection certifications
• Compliance with the EU-U.S. Data Privacy Framework or equivalent legal mechanisms where applicable

For more information about how we protect your data during international transfers, please contact privacy@enarumusic.nl.

We use cookies and similar technologies to:

• Maintain your login session and remember your preferences
• Analyze platform usage and improve our services
• Provide security features and prevent fraud
• Deliver personalized content and recommendations

Types of cookies we use:

• Essential cookies: Required for the platform to function, including authentication and security
• Functional cookies: Remember your preferences and settings
• Analytics cookies: Help us understand how you use the platform

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit platform functionality.

enarumusic is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@enarumusic.nl, and we will take steps to delete such information.

Users under 18 may only use our services with the consent and supervision of a parent or legal guardian who agrees to be bound by these terms on their behalf.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform functionality. Material changes will be communicated to you via email or through a prominent notice on the platform at least 30 days before they take effect.

Your continued use of enarumusic after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiries within 30 days. For urgent matters, please indicate this in your message subject line.