Privacy Policy
Strumie, Inc. ("Strumie," "Company," "we," "us," "our"), a Delaware corporation and subsidiary of Chorda, Inc. ("Parent Company"), is committed to protecting the privacy of our users. This Privacy Policy ("Policy") describes how we collect, use, disclose, store, and protect your personal information when you access or use the Strumie platform, including our mobile applications, website, APIs, and all related services (collectively, the "Platform" or "Service").
This Policy applies to all users of the Platform, including Listeners, Artists, and visitors. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Policy. If you do not agree with the practices described herein, please do not use the Platform.
This Privacy Policy is incorporated by reference into our Terms of Service.
1. Information We Collect
We collect information in three primary ways: information you provide directly, information collected automatically, and information obtained from third parties.
1.1 Information You Provide Directly
Account Registration Information: When you create an account, we collect your name, email address, username, password, and profile information (such as profile photo, bio, and location). Artist accounts may additionally require legal name, business name, and payment information.
Payment and Financial Information: When you make a purchase (such as the Artist registration fee, merchandise, or event tickets), send tips, or set up payouts, we collect billing information including payment card details, bank account information, billing address, and transaction history. Payment card information is processed and stored by our third-party payment processors (such as Stripe) and is not stored directly on Strumie's servers. We receive and store transaction records, payout amounts, and payment status information.
Artist Content and Business Information: If you are an Artist, we collect information related to your music (audio files, metadata, artwork, lyrics, liner notes), merchandise listings (product descriptions, images, pricing, inventory data), event listings (dates, venues, descriptions, ticket pricing), team member information, and tax-related information (such as tax identification numbers, W-9 data, and 1099 reporting information where required by law).
Communications: When you contact us for support, submit feedback, report a problem, or communicate with other users through the Platform, we collect the content of those communications, including any attachments, along with associated metadata (timestamps, sender/recipient information).
Waitlist Information: If you join our waitlist, we collect your email address and the user type you selected (Listener or Artist).
User-Generated Content: We collect any content you voluntarily submit to the Platform, including comments, reviews, playlists, library information, follows, likes, and other interactions.
Identity Verification Information: In certain circumstances, we may collect government-issued identification, proof of age, or other verification documents to comply with legal requirements or to verify your identity.
1.2 Information Collected Automatically
When you access or use the Platform, we automatically collect certain information, including:
Device and Technical Information: Device type, model, and manufacturer; operating system and version; unique device identifiers (such as IDFA, IDFV, or Android Advertising ID); browser type and version; screen resolution; language and timezone settings; and mobile network information.
Usage and Interaction Data: Pages and screens viewed; features used; actions taken (such as searches, plays, skips, likes, follows, purchases, and shares); content viewed and duration of viewing; click patterns and navigation paths; session duration and frequency; referring URLs; and interaction with notifications.
Location Information: Approximate location derived from IP address; and, with your consent, more precise location data from your device's GPS, Bluetooth, or Wi-Fi signals. Precise location is used for features such as nearby events and is only collected with your explicit permission.
Log Data: IP address; access dates and times; app and server logs; error reports and crash data; and API call records.
Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, local storage, and similar technologies to collect information about your browsing behavior and preferences. See Section 8 (Cookies and Tracking Technologies) for more details.
1.3 Information from Third Parties
Authentication Providers: If you register or sign in using a third-party service (such as Apple Sign-In or Google Sign-In), we receive certain profile information from that service, such as your name, email address, and profile photo, as permitted by your privacy settings with that provider.
Payment Processors: Our payment processors may provide us with transaction confirmations, payment status updates, chargeback and dispute notifications, and fraud risk assessments.
Analytics Providers: We may receive aggregated or de-identified analytics data from third-party analytics services that help us understand Platform usage patterns.
Publicly Available Sources: We may collect information from publicly available sources to supplement the information we have about you, such as to verify identity or prevent fraud.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Providing and Operating the Platform
- Creating and managing your account
- Processing transactions, payments, and payouts
- Enabling music uploads, streaming, and distribution
- Facilitating merchandise listings, sales, and order management
- Enabling event creation, ticket sales, and entry management
- Providing search, discovery, and recommendation features
- Enabling social features such as following, comments, and community engagement
- Providing customer support and responding to inquiries
- Generating analytics and insights for Artists
2.2 Improving and Developing the Platform
- Analyzing usage patterns and trends to improve features and user experience
- Conducting research, testing, and development of new features and services
- Debugging, troubleshooting, and fixing errors
- Measuring and analyzing the effectiveness of Platform features
- Training and improving our algorithms and recommendation systems
2.3 Safety, Security, and Legal Compliance
- Detecting, investigating, and preventing fraud, abuse, and security incidents
- Verifying identity and preventing unauthorized access
- Enforcing our Terms of Service and other policies
- Complying with applicable laws, regulations, legal processes, and government requests
- Protecting the rights, safety, and property of Strumie, our Users, and the public
- Responding to DMCA takedown notices and other intellectual property claims
2.4 Communications
- Sending transactional emails and notifications (such as order confirmations, payout notifications, and security alerts)
- Sending service-related announcements (such as maintenance notices, feature updates, and policy changes)
- Sending promotional communications, where permitted by law and with your consent where required (you may opt out at any time)
- Responding to your inquiries and support requests
2.5 Legal Bases for Processing
We process your information based on the following legal grounds: (a) performance of our contract with you (the Terms of Service); (b) our legitimate business interests (such as fraud prevention, platform improvement, and security); (c) compliance with legal obligations; and (d) your consent, where applicable.
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 With Other Users
Certain information is visible to other Platform users by design, including your public profile information (username, display name, profile photo, bio), your public activity (such as follows, likes, and comments), and any Content you make publicly available. Artist profiles, music, merchandise listings, and event listings are publicly visible on the Platform. You can control certain sharing settings through your account privacy settings.
3.2 With Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Payment processors (e.g., Stripe) for processing transactions and payouts
- Cloud hosting providers (e.g., Supabase, Cloudflare) for data storage and content delivery
- Analytics providers for usage analysis and Platform improvement
- Email service providers for transactional and promotional communications
- Customer support tools for managing support tickets and inquiries
- Security and fraud prevention services for protecting the Platform and Users
These service providers are contractually obligated to use your information only for the purposes for which it was disclosed and in accordance with this Policy and applicable law.
3.3 For Legal Reasons
We may disclose your information if we believe in good faith that such disclosure is necessary to:
- Comply with applicable laws, regulations, legal processes, or enforceable governmental requests (including subpoenas, court orders, and warrants)
- Enforce our Terms of Service or other agreements
- Detect, investigate, or prevent fraud, security incidents, or illegal activities
- Protect the rights, property, or safety of Strumie, our Users, or the public
- Respond to DMCA notices or other intellectual property claims
3.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, dissolution, sale of all or substantially all of our assets, or similar corporate transaction involving Strumie, Inc. or Chorda, Inc., your information may be transferred to the acquiring entity or successor. We will notify you of any such transfer and any choices you may have regarding your information.
3.5 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
3.6 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for any purpose, including research, analytics, marketing, and business development. This data is not subject to the restrictions of this Policy.
4. Data Retention
4.1 Retention Periods
We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific retention practices include:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account plus 30 days after deletion request |
| Transaction and payment records | 7 years (tax and financial compliance) |
| Tax-related information (W-9, 1099) | 7 years per IRS requirements |
| User Content (music, merch, events) | Duration of account; removed within 90 days of deletion |
| Communications and support tickets | 3 years from last interaction |
| Usage and analytics data | 24 months in identifiable form; indefinitely in aggregated form |
| Log data and security records | 12 months |
| Waitlist signups | Until Platform launch or withdrawal of interest |
| DMCA notices and counter-notices | 3 years |
4.2 Deletion
When personal information is no longer needed, we delete or anonymize it. Some information may persist in encrypted backups for a limited period before being permanently removed. Certain information may be retained as required by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes.
5. Data Security
5.1 Security Measures
We implement and maintain reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, destruction, and loss. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Secure authentication mechanisms, including hashed and salted passwords
- Access controls and role-based permissions for employees and contractors
- Regular security assessments and vulnerability testing
- Monitoring for unauthorized access and suspicious activity
- Incident response procedures
- Employee training on data protection and privacy
5.2 No Guarantee
While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information. You acknowledge and accept this inherent risk when providing information to us, and you are responsible for maintaining the security of your account credentials.
5.3 Breach Notification
In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by applicable law, including without limitation the Delaware Computer Security Breach Act (6 Del. C. § 12B-101 et seq.) and any other applicable state breach notification laws. Notification will be provided in the most expedient time possible and without unreasonable delay.
6. Your Rights and Choices
6.1 Account Settings
You can access, update, or correct your account information at any time through the Platform's account settings. You may also request changes by contacting us at privacy@strumie.com.
6.2 Communication Preferences
You may opt out of promotional communications by: (a) clicking the "unsubscribe" link in promotional emails; (b) adjusting your notification preferences in the Platform settings; or (c) contacting us at privacy@strumie.com. Please note that you cannot opt out of transactional or service-related communications that are necessary for the operation of your account.
6.3 Location Data
You can control precise location data collection through your device settings. Disabling location services may limit your ability to use certain features (such as nearby events). We may still collect approximate location from your IP address.
6.4 Device Permissions
You can control the Platform's access to device features (such as camera, microphone, photo library, and notifications) through your device's operating system settings.
6.5 Account Deletion
You may request deletion of your account by contacting us at privacy@strumie.com or using the account deletion feature in the Platform. Upon account deletion, we will delete or anonymize your personal information within the timeframes specified in Section 4, subject to our retention obligations and any legal requirements. Account deletion is permanent and cannot be reversed. Deletion of an Artist account does not entitle the Artist to a refund of the registration fee.
6.6 Data Portability
You may request a copy of the personal information we hold about you in a structured, commonly used, machine-readable format. To make such a request, contact us at privacy@strumie.com.
7. State-Specific Privacy Rights
7.1 California Residents — California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
If you are a California resident, you have the following rights under the CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.):
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions allowed by law.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: We do not sell your personal information as defined by the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link on our website.
Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information (such as financial account information), we use it only for purposes permitted under the CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights, including by denying you services, charging different prices, or providing a different level of service.
Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers (name, email, username, IP address, device identifiers)
- Customer records (payment information, billing address)
- Commercial information (transaction history, purchase records)
- Internet or electronic network activity (usage data, browsing history within the Platform)
- Geolocation data (approximate location from IP; precise location with consent)
- Audio information (music files uploaded by Artists)
- Professional or employment-related information (Artist business information)
- Inferences drawn from the above (user preferences, recommendations)
Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization and your identity before processing such requests.
Verification: When you submit a request, we will verify your identity by matching information you provide with information we have on file. We may request additional information for verification purposes.
To exercise these rights, contact us at privacy@strumie.com or by the methods described in Section 14.
7.2 Virginia Residents — Virginia Consumer Data Protection Act (VCDPA)
If you are a Virginia resident, you have the right to: access your personal data; correct inaccuracies; delete your personal data; obtain a copy of your data in a portable format; and opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise these rights, contact us at privacy@strumie.com. You have the right to appeal a decision regarding your request by contacting us at privacy@strumie.com, and if unsatisfied, by filing a complaint with the Virginia Attorney General.
7.3 Colorado Residents — Colorado Privacy Act (CPA)
If you are a Colorado resident, you have the right to: access, correct, and delete your personal data; obtain a portable copy of your data; and opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling. To exercise these rights, contact us at privacy@strumie.com. You have the right to appeal our decision by contacting us, and if unsatisfied, by filing a complaint with the Colorado Attorney General.
7.4 Connecticut Residents — Connecticut Data Privacy Act (CTDPA)
If you are a Connecticut resident, you have similar rights to access, correct, delete, obtain a portable copy of, and opt out of certain processing of your personal data. Contact us at privacy@strumie.com to exercise these rights.
7.5 Utah Residents — Utah Consumer Privacy Act (UCPA)
If you are a Utah resident, you have the right to access and delete your personal data, obtain a portable copy, and opt out of the sale of personal data and targeted advertising. Contact us at privacy@strumie.com to exercise these rights.
7.6 Other State Privacy Laws
Residents of states with applicable consumer privacy legislation (including but not limited to Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and any states that subsequently enact consumer privacy laws) may have rights similar to those described above. We are committed to complying with all applicable state privacy laws. Please contact us at privacy@strumie.com to exercise any rights available to you under your state's laws.
7.7 Response Timeframes
We will acknowledge and respond to verifiable consumer requests within the timeframes required by applicable law — generally within 45 days of receipt, with the possibility of a 45-day extension for complex requests when we provide notice and an explanation.
8. Cookies and Tracking Technologies
8.1 Types of Technologies We Use
Essential Cookies: These are necessary for the Platform to function properly and cannot be disabled. They include cookies for authentication, session management, security, and load balancing.
Analytics Cookies: These help us understand how users interact with the Platform by collecting usage data in an aggregated or anonymized form. We may use third-party analytics tools to assist with this analysis.
Preference Cookies: These remember your settings and choices (such as language preferences, theme preferences, and display settings) to provide a personalized experience.
Local Storage and Session Storage: We use browser local storage and session storage to store temporary data that improves your experience, such as session tokens and user preferences.
8.2 Your Cookie Choices
Most web browsers allow you to control cookies through their settings. You can typically set your browser to block or delete cookies, or to notify you when a cookie is being set. Please note that blocking essential cookies may prevent the Platform from functioning properly. You can also clear local storage and session storage through your browser's developer tools or settings.
8.3 Do Not Track Signals
Some browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how to respond to DNT signals. At this time, Strumie does not respond to DNT signals, but we will continue to monitor developments in this area and update our practices as standards evolve.
9. Children's Privacy
9.1 Age Restrictions
The Platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Platform or provide any personal information to us.
9.2 COPPA Compliance
In compliance with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. §§ 6501–6506 and 16 C.F.R. Part 312, if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information as quickly as possible. If you believe we have collected information from a child under 13, please contact us immediately at privacy@strumie.com.
9.3 Users Between 13 and 18
Users between the ages of 13 and 18 may use the Platform with the consent and supervision of a parent or legal guardian. We encourage parents and guardians to monitor their children's online activities and to help enforce this Policy.
10. International Data Transfers
Strumie is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that are different from the laws of your country. By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions as described in this Policy.
Where required by applicable law, we implement appropriate safeguards for international data transfers, such as standard contractual clauses or other transfer mechanisms recognized by applicable data protection authorities.
11. Third-Party Services and Links
The Platform may contain links to or integrations with third-party websites, services, or applications. This Policy does not apply to third-party services. We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform. Specifically:
- Payment Processors: Transactions are processed by third-party payment processors (such as Stripe) that have their own privacy policies governing how they collect, use, and protect your payment information.
- Authentication Providers: If you sign in using third-party authentication (such as Apple or Google), those providers' privacy policies govern the information they share with us.
- Cloud Infrastructure: We use third-party cloud services to host and store data. These providers process data on our behalf under contractual obligations to protect your information.
12. Music, Merchandise, and Events — Privacy Considerations
12.1 Artist-Collected Information
When you purchase merchandise, buy event tickets, or send tips to an Artist through the Platform, certain information (such as your name, email, and transaction details) may be visible to the Artist through their dashboard and analytics tools. Artists are independent entities, not employees or agents of Strumie, and they are responsible for their own handling of any personal information they access through the Platform. Strumie is not responsible for an Artist's use, disclosure, or protection of your personal information.
12.2 Event Attendee Information
If you purchase tickets to an event, the event organizer (Artist) may receive your name and ticket information for entry management purposes. This information is provided to enable event operations, including QR-code-based check-in.
12.3 Platform as Neutral Intermediary
Strumie does not control, endorse, or assume responsibility for the privacy practices of Artists or other Users. The Platform facilitates transactions between Users, but all merchandise, music, and event transactions are between the Artist and the buyer. Please review any Artist's policies before making a purchase or providing personal information.
13. Platform-Specific Data Practices
13.1 Music Streaming and Playback Data
We collect data related to your music listening activity, including tracks played, play duration, skip behavior, playlist creation, library additions, and search queries. This data is used to provide the Platform's core functionality, generate analytics for Artists, and improve discovery and recommendation features.
13.2 Artist Analytics
We provide Artists with aggregated analytics data about their audience, including play counts, listener demographics (such as approximate geographic location, age range, and gender where available), engagement metrics, and revenue data. This analytics data is provided in aggregated or anonymized form where possible, but may include individual-level transaction data for orders and ticket purchases where necessary for fulfillment.
13.3 Team Management
Artists may invite team members (such as managers) to access their account with specific permissions. When a team member is added, we collect their name and email address. Team members are subject to these Terms and this Policy.
13.4 Wallet and Payout Data
We collect and store data related to Artist earnings, wallet balances, payout history, and payment method information. This data is used to facilitate payouts and comply with financial reporting and tax obligations.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Strumie, Inc.
A subsidiary of Chorda, Inc.
Incorporated in the State of Delaware
Email: privacy@strumie.com
General Inquiries: support@strumie.com
For privacy-specific requests (including rights requests under CCPA, VCDPA, CPA, CTDPA, UCPA, or other applicable state privacy laws), please email privacy@strumie.com with the subject line "Privacy Rights Request" and include: (a) your full name; (b) the email address associated with your account; (c) your state of residence; and (d) a description of the right you wish to exercise.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. If we make material changes, we will notify you by: (a) posting the updated Policy on the Platform with a revised "Last Updated" date; (b) sending a notification through the Platform; or (c) sending an email to the address associated with your account. Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must stop using the Platform and delete your account.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
16. Additional Disclosures
16.1 No Sale of Personal Information
Strumie does not sell, rent, or lease your personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising.
16.2 Law Enforcement Requests
We may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will comply with valid subpoenas, court orders, search warrants, and other legal processes. Where legally permitted, we will attempt to notify affected Users of law enforcement requests for their data.
16.3 Deidentified Data
We may create and use deidentified data derived from your personal information. Deidentified data is data that has been altered so that it can no longer reasonably be used to identify you. We commit to maintaining and using deidentified data only in deidentified form and not to attempt to re-identify such data, except as required to determine if our deidentification process is adequate.
16.4 Accessibility
We strive to make this Privacy Policy accessible to all Users. If you need this Policy in an alternative format, please contact us at privacy@strumie.com.