Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account information: When you sign up through Unicorn Commander (Keycloak SSO), we receive your email address, display name, and profile image. You may also sign in with Google or Microsoft, in which case we receive the profile information those providers share.
• Listening history: Tracks you play, like, and add to playlists. This data powers recommendations and play-limit enforcement.
• Purchases: Records of tracks you purchase, including license type, price, and date. This is necessary for download access and creator payouts.
• Cart and checkout data: Cart items are stored server-side and linked to your user account. Checkout manifests are retained as transaction records for order fulfillment and dispute resolution.
• Creator content: Audio files, metadata, cover art, and pricing information you publish to the platform.
• Technical data: IP address, browser type, and device information collected automatically to maintain security and improve performance.

2. What We Don't Collect

• No tracking pixels or third-party ad trackers
• No selling or sharing of personal data with third parties for advertising
• No Google Analytics — we use self-hosted, privacy-focused analytics (Umami)
• No cookies except essential session cookies for authentication
• No training on your uploads, listening habits, or personal data

3. Authentication

Authentication is handled by Unicorn Commander, our SSO provider powered by Keycloak, hosted at auth.unicorncommander.ai. We do not store your password. When you sign in with Google or Microsoft, the authentication is handled entirely by Keycloak and the respective identity provider. We receive only the profile information necessary to create your account.

4. Payment Processing

All payments are processed by Stripe. We never store your credit card number, CVV, or other sensitive payment details. Stripe handles PCI-compliant payment processing and creator payouts via Stripe Connect. We store only transaction records (amount, date, license type) for your purchase history and creator earnings.

5. Audio Fingerprinting

When creators publish tracks, we generate audio fingerprints for provenance tracking and DMCA enforcement. Fingerprints are mathematical representations of audio content and cannot be used to reconstruct the original audio. They are used to identify duplicate or potentially infringing content.

6. Cookies

We use essential cookies for authentication and session management. These cookies are required for the Service to function and cannot be disabled. We do not use third-party tracking cookies or advertising cookies.

7. Analytics

We use Umami, a privacy-focused analytics platform hosted at analytics.unicorncommander.ai, to understand how users interact with the Service. Umami does not use cookies, does not collect personal data, and does not track users across websites. All analytics data is aggregated and anonymized.

8. How We Use Your Information

Your information is used to:

• Provide and operate the Service (streaming, purchases, playlists)
• Enforce play limits and manage subscription benefits
• Process payments and creator payouts
• Generate recommendations and discovery features
• Detect and prevent abuse, fraud, and copyright infringement
• Communicate with you about your account and purchases

9. Data Sharing

We do not sell your personal data. We share data with third-party services only as necessary to operate the platform:

• Stripe — for payment processing and creator payouts
• Keycloak (Unicorn Commander) — for authentication
• Cloudflare — for DNS, CDN, and DDoS protection

10. Data Retention

We retain your account data for as long as your account is active. Listening history is retained to provide recommendations and enforce play limits. Purchase records are retained indefinitely as they represent licensing agreements between buyers and creators. If you delete your account, personal data is removed but anonymized transaction records are kept for creator payout and legal compliance purposes.

11. Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us. You can also export your listening history and purchase records from your account settings.

12. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure session management, and rate limiting. However, no method of electronic transmission or storage is 100% secure.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. GDPR and International Users

We aim to be GDPR-friendly. Users may request a complete export of their personal data or request deletion of their account and associated data by contacting us. Authentication is handled by our own infrastructure (Keycloak), not a third-party auth service. We do not transfer personal data to countries without adequate data protection unless necessary to operate the Service (e.g., Stripe for payment processing, Cloudflare for security).

15. Contact

For privacy-related inquiries, contact us at [email protected].