Privacy Policy

Last updated: April 4, 2026

The short version: We collect only what we need to run the platform. We never sell your data. Your listening history is used solely for royalty calculations and your personal dashboard.

1. Information We Collect

Account Information

When you sign up, we collect your display name, email address, and password (stored as a secure hash via Supabase Auth). If you sign up as an artist, we also collect your artist name, bio, website, and profile image.

Listening Data

We log stream events to calculate user-centric royalties. Each event records: which track you listened to, for how long, and at what quality tier. This data directly determines how your subscription payment is split among artists.

Payment Information

Payment details (credit card numbers, billing addresses) are processed and stored exclusively by Stripe. Playstice never sees or stores your full card number. We retain only a Stripe customer ID and subscription status.

Usage Data

If you opt in, we collect limited browser-side usage and diagnostic data such as page views, frontend errors, performance traces, and device/browser information. This helps us improve the platform and investigate bugs.

2. How We Use Your Information

  • Royalty calculation: Your listening data is used each billing period to calculate how your subscription payment is distributed among artists
  • Personal dashboard: Your listening history powers your dashboard stats (top artists, listening time, recently played)
  • Account management: Email is used for login, password resets, and important service notifications
  • Platform improvement: If you consent to analytics, aggregated diagnostic and usage data helps us build a better product
  • Artist transparency: Artists see aggregate listener counts and earnings — never individual listener identities

3. What We Never Do

  • Sell or rent your personal data to third parties
  • Share individual listening histories with artists (only aggregate data)
  • Use your data for targeted advertising (we have no ads)
  • Track you across other websites
  • Share your email with marketing partners

4. Data Sharing

We share data with these third-party services, strictly for platform operations:

  • Supabase — authentication, database hosting, file storage (EU region)
  • Stripe — payment processing
  • Vercel — web hosting, CDN, and privacy-friendly web analytics if you opt in to analytics
  • Sentry — browser-side error monitoring and diagnostics, only if you opt in to analytics/monitoring

5. Data Retention

Account data is retained while your account is active. Stream events are retained for royalty audit purposes (minimum 24 months). If you delete your account, personal data is removed within 30 days; anonymized aggregate data (stream counts, revenue totals) may be retained indefinitely for royalty reconciliation.

6. Your Rights (GDPR)

As an EU-based service, we comply with the General Data Protection Regulation. You have the right to:

  • Access — request a copy of all data we hold about you
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your account and personal data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing of your data for specific purposes
  • Restriction — request limitation of data processing

To exercise any of these rights, contact us at privacy@playstice.com. We will respond within 30 days.

7. Cookies

We use a small consent banner to separate strictly necessary storage from optional categories. Necessary cookies are used for authentication, security, and session continuity. Optional preferences storage remembers player settings such as volume and mute state. Optional analytics and monitoring enable privacy-friendly Vercel web analytics and browser-side Sentry diagnostics. Optional categories stay off until you opt in, and you can withdraw or change your choice at any time via the Cookie Settings button.

  • Necessary: Supabase authentication/session cookies and the cookie recording your consent choices
  • Preferences: player volume and mute preferences stored in your browser
  • Analytics and monitoring: Vercel page-view analytics and browser-side Sentry diagnostics, only after consent

8. Security

We implement industry-standard security measures: encrypted data in transit (TLS), encrypted data at rest, secure authentication via Supabase Auth, and Row Level Security (RLS) policies ensuring users can only access their own data.

9. Children's Privacy

Playstice is not intended for children under 16. We do not knowingly collect information from children under 16. If we discover we have collected such data, we will delete it promptly.

10. Changes to This Policy

We will notify you of material changes to this policy via email or in-app notification at least 14 days before they take effect.

11. Contact

Data protection inquiries: privacy@playstice.com