Privacy Policy

Personal Information

• DJ/Host Name: When you provide feedback, we collect your professional name for attribution purposes
• Email Address: If you subscribe to our mailing lists or contact us directly
• Contact Information: Any additional contact details you voluntarily provide

Usage and Interaction Data

We collect anonymous usage data on our listening pages to improve service quality and understand how music is experienced. This data is collected regardless of your cookie preference because it's necessary for basic functionality and analytics:

• Audio Playback: Which tracks you play, pause, skip, and how long you listen
• Track Downloads: Which individual tracks or full releases you download (MP3, WAV, artwork)
• Session Duration: Duration of your listening session (calculated from your activity)
• Feedback Submissions: Your ratings, comments, favorite tracks, and professional name (when you submit feedback)
• Track Preferences: Which tracks are selected, played most, or downloaded preferentially

All usage data is linked only to an anonymous session ID. We cannot identify you personally from this data alone.

Essential Technical Data (Always Collected)

The following minimal technical data is collected on all listening pages, regardless of cookie preference, for basic functionality and security:

• Anonymous Session ID: A randomly generated identifier (e.g., "session_abc123...") to group your interactions during one visit
• User Agent String: Your browser's identification string (e.g., "Mozilla/5.0...") which helps us identify your device type and browser for compatibility
• Release & Campaign IDs: Which music release and campaign you're viewing
• IP Address: Your IP address is collected for geolocation (to determine country, region, city) and security purposes. This allows us to understand where listeners are located and provide geographic analytics to artists and labels.

Session IDs are anonymous and cannot identify you personally. IP addresses are used for location analytics.

Extended Analytics Data (Only With "Accept All")

If you click "Accept All" on our cookie banner, we perform additional analysis to understand our audience:

• Device & Browser Details: We parse your User Agent string to understand which browsers (e.g., Chrome, Safari) and operating systems (e.g., iOS, Windows) are most popular among our listeners.
• Referrer & Campaign Tracking: Where you came from (referrer URL) and marketing parameters (UTM source, medium, campaign) to help artists know which promotion channels work best.

This data helps us optimize the platform for the devices our audience actually uses. We do not collect screen resolution, battery status, or other intrusive device fingerprints.

Email Campaign Tracking

If you receive emails from artists or labels using Beat Cannon, we track:

• Email Delivery Events: Sent, delivered, failed, bounced status
• Email Opens: When you open an email, including timestamp and IP address
• Email Clicks: Which links you click in emails, including URLs and timestamps
• Engagement Tracking: We calculate engagement scores based on opens and clicks
• Geolocation from Email Events: IP-based location when opening/clicking emails, including country, region, city, and approximate coordinates
• Campaign Attribution: Tracking tokens link email campaigns to listening page visits

Email tracking helps artists and labels understand campaign effectiveness and improve future communications. You can unsubscribe from any mailing list at any time.

Account & Mailing List Data (For Portal Users)

If you're an artist, label, or industry professional using our portal:

• Account Information: Name, email, password (encrypted), company/label name, role
• Mailing Lists: Email addresses and names of your contacts
• Audit Logs: User actions, login events, role changes, IP addresses (retained for 7 years for compliance)
• File Uploads: Audio files, artwork, metadata
• Phone Number: If you opt-in to SMS notifications (optional)

Service Provision

• Deliver music content and listening experiences
• Process and store your feedback and ratings
• Enable file downloads and sharing
• Provide technical support and customer service

Analytics and Improvement

• Analyze usage patterns to improve our platform
• Optimize audio streaming quality and performance
• Understand user preferences and behavior
• Develop new features and functionality

Security and Compliance

• Prevent fraud, abuse, and unauthorized access
• Comply with legal obligations and industry standards
• Protect intellectual property and content rights
• Maintain platform security and stability

Communication

• Send you relevant updates about our services
• Respond to your inquiries and support requests
• Provide notifications about new releases and features
• Share industry insights and promotional content (with consent)

We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Third-Party Service Providers

We use the following trusted third-party services:

• Mailgun (Sinch): Email delivery and campaign sending. Processes recipient email addresses, email content, delivery events, and tracking data. Privacy Policy
• BunnyCDN: File storage and content delivery for audio files, artwork, and waveform visualizations. Privacy Policy
• MaxMind GeoIP2: IP-based geolocation database (processing occurs on our servers, no data shared with MaxMind)
• Google Sign-In / Microsoft Sign-In: For optional social login authentication. When you choose to sign in with Google or Microsoft, we receive your basic profile information (name, email) from these providers. Google Privacy Policy | Microsoft Privacy Statement

Third-Party Analytics and Marketing

When you click "Accept All" on our cookie banner, we use the following third-party analytics and marketing services:

• Google Analytics (GA4): Website analytics and user behavior tracking. Google Analytics collects information about your device, browser, pages visited, time spent, traffic sources, and interactions. This data may be used by Google for their own purposes. You can opt-out using the Google Analytics Opt-out Browser Add-on. Google Privacy Policy
• Meta Pixel (Facebook Pixel): Conversion tracking and advertising optimization for Facebook and Instagram. The Meta Pixel tracks page views, button clicks, form submissions, and other interactions to measure ad performance and build custom audiences. This data is shared with Meta/Facebook and may be used for targeted advertising. Meta Privacy Policy | About the Meta Pixel

These third-party services set their own cookies and may track you across other websites. They operate independently and have their own privacy policies. If you choose "Essential Only", these services will not be loaded.

Other Limited Sharing Scenarios

• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice)
• Consent: When you explicitly consent to sharing your information

Anonymous Analytics

We may share anonymous, aggregated data with artists and labels for campaign reporting and improvement purposes. This data cannot be used to identify individual users.

Technical Security Measures

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted
• Secure Infrastructure: Server infrastructure with regular security updates and patches
• Access Controls: Strict authentication and authorization for our team members
• Security Audits: Regular vulnerability assessments and penetration testing
• Backup & Recovery: Redundant data backup and disaster recovery procedures

Privacy-by-Design Features

• Anonymous Session IDs: Random, non-identifiable session identifiers that can't be linked to you personally
• Two-Tier Consent: You control exactly how much data we collect through clear cookie choices ("Essential Only" vs "Accept All")
• Consent-Based Third-Party Analytics: Third-party analytics (Google Analytics, Meta Pixel) are only loaded when you choose "Accept All" and can be disabled anytime
• Data Minimization: We only collect what's necessary for our service and your chosen consent level
• HTTPS Encryption: All data transmission is encrypted using SSL/TLS
• CSRF Protection: Security tokens prevent cross-site request forgery attacks

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data. We provide a dedicated GDPR deletion endpoint. When you submit a deletion request:

• Your mailing list memberships will be deleted
• Your campaign recipient records will be deleted
• Your email event history will be deleted
• Your analytics data (page visits, playback sessions, downloads) will be deleted
• Your mailing list member record will be deleted
• Audit logs will be anonymized (user ID, email, IP address, user agent replaced with "ANONYMIZED")

Deletion requests are processed within 30 days. You will receive confirmation when complete.

Right to Restriction of Processing

You have the right to request that we limit how we use your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests.

Right to Withdraw Consent

Where we rely on consent, you have the right to withdraw it at any time through your cookie preferences or account settings.

Cookie Management

You can manage your cookie preferences at any time using our cookie consent popup or your browser settings. Note that disabling certain cookies may affect the functionality of our platform.

Communication Preferences

• Unsubscribe from marketing emails using the link in each email
• Contact us to update your communication preferences
• Request deletion via our GDPR request page or by emailing [email protected]

Legal Basis for Processing

Under GDPR, we process personal data based on the following legal grounds:

• Contractual Necessity: Account management, service delivery, campaign processing
• Consent: Analytics tracking, marketing communications, non-essential cookies
• Legitimate Interests: Security monitoring, fraud prevention, platform improvement
• Legal Obligation: Audit logs, compliance reporting, legal requests

Your Rights Under PIPEDA

• Right to Access: You have the right to know what personal information we hold about you and how it is used
• Right to Correction: You can request corrections to inaccurate or incomplete personal information
• Right to Withdraw Consent: You can withdraw consent for certain processing activities (such as marketing emails or analytics cookies)
• Right to Challenge Compliance: You can challenge our compliance with PIPEDA principles
• Right to File a Complaint: You can file a complaint with the Privacy Commissioner of Canada if you believe your privacy rights have been violated

Additional Rights for Quebec Residents

Under Quebec's Law 25, you have enhanced privacy protections including:

• Right to De-Indexing: Request that search engines de-index information about you in certain circumstances
• Right to Data Portability: Receive your personal information in a structured, commonly used format
• Enhanced Consent Requirements: We must obtain express consent for sensitive personal information
• Privacy Incident Notification: We must notify you of privacy breaches that pose a risk of serious harm