Privacy Policy

Last updated: 29 May 2026

We are BTR (BeatsToRapOn). This Privacy Policy applies to beatstorapon.com, related websites, the BTR iOS mobile application, the BTR Android mobile application, software, plug-ins, creator tools, event tools, marketplace services, audio tools, AI tools, podcasts, APIs, connectors, widgets, analytics, payment flows, and other services we provide (together, the “Services”).

This Privacy Policy explains how we collect, use, disclose, store, transfer, retain, secure, and otherwise process information relating to identified or identifiable individuals, including account holders, anonymous mobile users, artists, listeners, fans, buyers, sellers, event organisers, promoters, marketplace users, contributors, claimants, rights holders, and site visitors.

By using the Services, you acknowledge the practices described in this Privacy Policy. Your use of the Services is also governed by our Terms of Service, Payment Terms, and any feature-specific terms that apply.

1. Information we collect

1.1 Information you provide directly

We may collect information you provide when you create an account, complete a profile, use the mobile app, place an order, upload content, use a tool, submit a form, participate in a transaction, report a problem, submit a rights notice, or contact us. This may include:

• name, username, email address, phone number, password, account login credentials, display name, business name, and contact details;
• profile information such as biography, profile image, avatar, artist details, social links, genres, scenes, location, country, portfolio information, public URLs, and creator identity details;
• age-gate or eligibility information, including whether you attest that you are 18+ where required for access to certain content, features, or safety controls;
• user content you upload or submit, including audio, beats, stems, artwork, videos, listing text, event details, metadata, creator files, descriptions, tags, prompts, AI tool inputs, AI tool outputs, edits, saved versions, and related creator materials;
• mobile user-generated content, including direct messages, voice notes, crew names, shared tracks, shared events, shared artists, report text, Shoutout prompts, Shoutout videos recorded by artists, and related media;
• visual and editorial materials such as profile photos, cover art, banners, event images, marketplace images, screenshots, blog-submission images, EPK materials, promotional graphics, image-source notes, licence records, and provenance information;
• communications, including messages, comments, reviews, support tickets, dispute correspondence, rights-notice correspondence, counter-notices, complaint evidence, and other correspondence;
• billing, purchase, subscription, credit, wallet, payout, refund, dispute, invoice, tax, or payment-related information you submit to us or our payment providers;
• identity verification, business verification, tax, sanctions, fraud, or compliance information where needed for payouts, fraud checks, marketplace trust, or regulatory compliance;
• information you provide when participating in promotions, waitlists, surveys, forms, podcasts, interviews, campaigns, events, artist features, testimonials, or marketplace opportunities; and
• copyright, image-rights, trademark, artist-likeness, privacy, publicity, moral-rights, takedown, counter-notice, ownership, permission, and licence evidence submitted to BTR.

1.2 Information collected automatically

When you use the Services, we may automatically collect:

• device data, such as device type, platform, operating system, browser type, language, locale, screen size, app version, mobile app version, and device identifiers used for security, deduplication, authentication, diagnostics, or app functionality;
• network and technical data, such as IP address, timestamps, crash data, diagnostics, latency, server logs, access logs, request headers, user-agent strings, and error logs;
• website usage data, such as pages viewed, buttons clicked, searches, referring URLs, session behaviour, content interactions, scroll activity, tool activity, and time spent on the Services;
• mobile usage data, such as app launches, screen views, play events, skip events, likes, saves, follows, search queries, recommendation impressions, recommendation clicks, deep-link taps, share events, notification opens, engagement events, and mobile funnel steps;
• mobile social data, such as friend requests, friendships, crew membership, crew broadcasts, shares, share-feedback events, block records, report records, and listening-visibility settings;
• mobile commerce data, such as purchase attempts, app-store receipts, Google Play purchase tokens, product IDs, transaction IDs, amount, currency, refund status, entitlement status, subscription status, artist earnings ledger entries, and purchase events;
• AI, recommendation, ranking, discovery, and automation interaction data, such as tool usage, feature settings, prompts submitted to BTR tools, outputs generated, edits made, recommendations shown, recommendations clicked, search results displayed, ranking interactions, moderation signals, safety signals, and quality signals;
• transaction and activity data, such as purchases, cancellations, payouts, disputes, chargebacks, event views, listing views, streams, campaign actions, upload attempts, workflow completion, and conversion events;
• rights, moderation, and compliance metadata, such as content IDs, image URLs, file paths, file names, file hashes, upload timestamps, removal timestamps, review outcomes, complaint references, evidence records, account actions, and enforcement history; and
• cookie IDs, pixel IDs, analytics identifiers, local storage identifiers, session IDs, push tokens, and similar online identifiers.

1.3 Information from third parties

We may receive information from third parties, including:

• login and authentication providers, including Apple and Google, if you sign in using third-party credentials;
• Apple App Store, Apple StoreKit, Google Play, and Google Play Billing for mobile purchase verification, subscription status, refunds, and entitlement handling;
• payment processors, fraud-prevention vendors, wallet providers, tax providers, KYC providers, payout providers, PayPal, and Stripe;
• analytics, advertising, attribution, and measurement providers used on the website or server side;
• AI/model infrastructure providers, cloud providers, content-processing vendors, security providers, transcription providers, and moderation providers;
• video service providers used for Coaching Sessions;
• social media, streaming, DSP, event, or content platforms when you link accounts, import content or data, use embedded features, or interact with BTR content off-platform;
• rights holders, agencies, photographers, labels, publishers, estates, artists, managers, publicists, lawyers, claimants, or authorised representatives who submit claims, notices, corrections, or evidence involving BTR content or users; and
• business partners, event partners, service providers, marketplace users, or other users involved in a transaction, listing, order, rights dispute, report, or collaboration with you.

1.4 Sensitive information

We do not require you to provide sensitive information unless it is necessary for a specific feature, verification step, compliance process, legal issue, support request, payment or payout process, safety issue, report, moderation review, or dispute. Depending on your region, sensitive information may include government IDs, tax identifiers, precise location, health information, racial or ethnic origin, religious beliefs, political opinions, union membership, criminal history, biometric-like verification data, or similar protected categories.

Do not include unnecessary sensitive information in public profiles, uploads, metadata, lyrics, prompts, messages, voice notes, support tickets, comments, listings, reports, or rights notices. Where we process sensitive information, we do so in accordance with applicable law and only for the relevant purpose.

2. Mobile-specific data collection

2.1 Anonymous-first onboarding

The BTR mobile app may create an anonymous consumer record on first launch. This record uses a generated anonymous identifier and may be linked to a device-style identifier used for deduplication, abuse prevention, account continuity, and app operation. No email, phone number, real name, or password is required at that stage.

While using the mobile app anonymously, we may collect and store information against the anonymous identifier, including:

• generated consumer ID or anonymous identifier;
• device platform, app version, device locale, request headers, IP address, user-agent string, and security logs;
• listen history, play events, skip events, likes, follows, scout positions, scenes, preferences, searches, recommendation activity, and discovery behaviour;
• location-derived geohash6 cell if you grant device-location permission;
• event views, event shares, event RSVPs where allowed, and other app engagement activity;
• push token data if notifications are enabled; and
• fraud, rate-limit, moderation, diagnostics, and abuse-prevention signals.

If you later create an account or sign in, BTR may promote the anonymous record in place. This means your previous anonymous activity may become associated with your authenticated account so your listening history, preferences, likes, follows, scout positions, and app settings are preserved.

2.2 Mobile sign-up and authentication data

The mobile app may support:

• email and password sign-up or sign-in;
• Sign in with Apple;
• Sign in with Google;
• artist login using an existing BTR artist account;
• anonymous bootstrap and later account promotion; and
• forgot-password and account recovery flows.

Authentication information may include email address, hashed password, Apple identity token claims, Google ID token claims, BTR artist account linkage, refresh tokens, session tokens, device state, login timestamps, IP address, and security logs.

2.3 Mobile analytics and engagement data

BTR collects first-party server-side mobile analytics to operate, debug, improve, personalise, secure, and measure the app. This may include:

• mobile engagement events;
• mobile play events;
• mobile search events;
• mobile screen views;
• mobile recommendation impressions and clicks;
• mobile deeplink events;
• mobile share events;
• mobile IAP attempts and purchase events;
• mobile funnel steps;
• mobile chat metrics;
• mobile notification events;
• mobile geo events;
• mobile skip events;
• mobile listening visibility settings; and
• mobile heat events.

The mobile app does not currently integrate third-party mobile analytics SDKs such as Mixpanel, Amplitude, Facebook SDK, or Firebase Analytics. App-store crash reporting, operating-system diagnostics, app-store billing systems, and push-notification systems may still process information through Apple, Google, or device operating-system services.

2.4 Mobile social and community features

The mobile app may collect data connected with Friends, Crews, Broadcasts, share feedback, listening presence, event RSVPs, DMs, voice notes, blocks, and reports. This may include:

• friend requests sent, received, accepted, cancelled, declined, ignored, or removed;
• friendship records, keyed by the relevant user identifiers;
• crew names, crew owner, crew members, membership status, crew broadcasts, and crew deletion or leave events;
• shares of tracks, events, artists, Drops, or other supported content;
• share-feedback events when a recipient plays, saves, or replies to a shared track within the supported window;
• listening-now presence and recent plays according to Listening Visibility settings;
• block records and block-cascade effects;
• reports submitted about users, messages, voice notes, tracks, events, Shoutouts, Drops, profiles, or other user-content surfaces; and
• rate-limit, abuse-prevention, moderation, and safety records.

3. Information from user interactions

3.1 Friends, crews and sharing

When you interact with other users, those users may see certain information about you depending on the feature used. For example:

• if you send a friend request, the recipient may see your username, display name, avatar, profile information, and request action;
• if a friend request is accepted, both users may see that friendship in their own friends area;
• if you are added to a Crew, the crew owner and other crew members may see your membership in that Crew;
• if you broadcast to a Crew, recipients may see the sender and the shared track, event, artist, or supported content;
• if you share a track with another user and they play, save, or reply to it within the supported window, the original sender may receive a share-feedback notification;
• if you RSVP to an event, your RSVP may affect event going counts and may be visible where the app feature displays RSVP information; and
• if you message another user, that user receives the message, attachments, voice notes, and related sender information.

3.2 Silent decline, block and crew behaviour

Some privacy and safety behaviours are silent by design. BTR does not promise that another user will be notified when:

• you decline, ignore, cancel, or remove a friend request;
• you block or unblock them;
• you leave a Crew;
• you remove a user from a Crew;
• you soft-delete a chat from your own inbox; or
• you change visibility settings that reduce what they can see.

Blocking a user may automatically remove friendships, prevent future direct messages, suppress share-feedback notifications, remove crew relationships between the affected users, and prevent blocked users from seeing activity that would otherwise be visible.

3.3 Listening Visibility

The mobile app may include a Listening Visibility setting that controls who can see your currently-playing track or recent listening activity in supported social features. The available scopes may include Everyone, Friends, and No one. The default setting is Friends, unless a legacy or feature-specific setting applies.

Blocked users do not see your listening activity through supported friend or crew surfaces regardless of your general Listening Visibility setting.

3.4 No profile-view notification

BTR does not currently provide a “someone viewed your profile” notification feature. This Privacy Policy should not be read as promising that users will be told when someone views their profile, searches for them, sees them in recommendations, opens a track page, or checks a public page.

4. Location, camera, microphone, notifications and device permissions

4.1 Location

The mobile app may request access to your device location for features such as Scene Around Me, Scene Heat, nearby events, location-aware discovery, map features, and local music activity. Location permission is controlled by your device operating system.

• BTR only accesses device GPS location if you grant permission through your device settings.
• Where location is used server-side for mobile scene features, BTR stores a geohash6-style location cell rather than exposing raw latitude and longitude through public APIs.
• Raw latitude and longitude are not publicly exposed through the app’s API.
• You can revoke location permission through your device settings.
• Some local discovery, map, scene, heat, or nearby-event features may not work properly without location permission.

BTR does not currently use IP-based geolocation as the active basis for mobile Scene Around Me matching. IP address may still be processed for security, fraud prevention, abuse detection, diagnostics, rate limiting, and approximate operational context.

4.2 Camera and microphone

The mobile app may request camera and microphone access for features such as Shoutout recording, voice notes, video uploads, profile media, and other creator or messaging features.

• Camera and microphone access are controlled by your device operating system.
• Voice notes are user-uploaded audio files and may be stored by BTR until both sides soft-delete the relevant conversation or until another retention rule applies.
• Shoutout videos are user-recorded videos uploaded by the recording artist and may be stored by BTR for delivery, moderation, support, dispute, payment, and recordkeeping purposes.
• BTR may transcribe, moderate, review, restrict, or reject voice notes and Shoutout recordings for safety, support, moderation, legal, or platform-integrity reasons.

4.3 Push notifications

The mobile app may ask for permission to send push notifications. On iOS and supported Android versions, this is controlled by the operating-system permission prompt and device notification settings.

If you enable notifications, BTR may store Apple Push Notification Service (APNS) tokens or Firebase Cloud Messaging (FCM) tokens linked to your consumer ID, device, account, platform, app version, and notification preferences.

Notification categories may include:

• friend requests received or accepted;
• track, event, artist, Drop, or crew shares;
• share played, share saved, or share replied events;
• crew invites and crew activity;
• scout payoff, scene heat, battle, badge, ranking, or status updates;
• new tracks from followed artists;
• Drop Room status;
• Premium or Superfan subscription status;
• Shoutout delivery, rejection, or refund status;
• Coaching Session booking, confirmation, reminder, or update; and
• purchase, entitlement, payment, support, safety, security, or account notices.

You can disable push notifications through your device settings. Disabling push notifications stops push delivery to that device but does not necessarily delete in-app notification records, inbox records, audit logs, or records BTR must retain for security, payment, legal, moderation, dispute, or operational reasons.

4.4 Background audio and device controls

If you play audio in the mobile app, playback may continue in the background and may be controllable through the lock screen, Bluetooth devices, route pickers, headset controls, operating-system controls, or supported system audio interfaces. BTR may process playback events, device route state, session state, and audio-control activity where needed to operate playback, recommendations, analytics, rights controls, safety controls, and app functionality.

5. Payments, payouts, app-store purchases and financial data

5.1 Website payments and marketplace financial data

Website payments may be processed through third-party payment processors and payout partners. We may receive transaction status, billing metadata, partial payment method details, fraud signals, payout status, chargeback status, subscription status, invoice data, tax information, compliance signals, and related records from those providers. Full payment credentials may be collected and stored by the processor under its own privacy and security framework.

5.2 Mobile in-app purchases

Mobile App purchases of digital goods, digital services, subscriptions, Tips, Superfan subscriptions, Backer Slots, Drop Room entries, Backer Rewards, Shoutouts, and other mobile digital products may be processed by Apple App Store or Google Play.

For Mobile Purchases, BTR may receive and store:

• Apple receipts, app-store transaction IDs, original transaction IDs, product IDs, subscription group information, refund status, renewal status, expiry status, and entitlement data;
• Google Play purchase tokens, order IDs, product IDs, subscription state, acknowledgement status, refund status, renewal status, expiry status, and entitlement data;
• purchase amount, currency, territory, timestamp, app version, platform, account identifier, and related ledger information;
• purchase attempts, purchase failures, duplicate purchase signals, fraud signals, subscription lifecycle events, entitlement events, and refund events;
• artist earnings ledger entries connected with eligible mobile purchases; and
• records needed for accounting, tax, support, refund handling, dispute handling, app-store review, fraud prevention, and legal compliance.

BTR does not receive or store your full Apple payment credentials, Google payment credentials, full card number, banking credentials, or full PayPal credentials for Mobile Purchases processed by Apple or Google.

5.3 Artist earnings and payouts

Artist earnings may be generated from website marketplace Orders, mobile Tips, Superfan subscriptions, Backer Slots, Drop Room entries, Backer Rewards, Shoutouts, Coaching Sessions, or other supported monetisation features. We may maintain earnings ledgers, wallet balances, payout status, PayPal payout records, refund records, chargeback records, reserves, holds, tax records, and compliance records.

At launch, BTR withdrawals are paid through PayPal. PayPal may process recipient name, email, account status, transfer information, currency, country, transaction data, fraud data, compliance data, and other information under PayPal’s own terms and privacy policy.

5.4 Coaching Session payment and video-service records

Coaching Sessions are real-time one-to-one video sessions between a fan and an artist. Payment for Coaching Sessions may be handled through the website-side payment flow where permitted by app-store rules. The session itself may be hosted by a third-party video provider.

BTR does not record Coaching Session video calls by default. The video provider may process room URLs, access tokens, IP addresses, device information, call metadata, connection data, audio/video routing data, and other technical data needed to operate the call under its own privacy policy and BTR’s service-provider arrangements.

6. How we collect information

We collect information in several ways:

• directly from you when you register, upload, purchase, message, use a tool, submit content, submit a report, submit a notice, or contact us;
• automatically through logs, cookies, pixels, SDKs, conversion APIs, local storage, server-side events, app events, and similar technologies;
• from your mobile device when the app sends device, app, playback, location-if-granted, notification, purchase, analytics, crash, or diagnostic data;
• from other users when they friend you, message you, share with you, tag you, pay you, review you, report you, invite you, back you, subscribe to you, or submit transaction details involving you;
• from Apple, Google, PayPal, Stripe, payment processors, fraud-prevention vendors, wallet providers, tax providers, KYC providers, payout providers, app stores, and video-service providers;
• from service providers, processors, integrations, AI/model infrastructure vendors, analytics providers, advertising providers, fraud-prevention providers, payment providers, and security tools;
• from rights holders, representatives, legal contacts, public sources, or third-party platforms when they submit claims, evidence, permissions, or related materials; and
• from public or commercially available sources where lawful and relevant to platform integrity, fraud prevention, rights review, creator discovery, marketplace trust, or business operations.

7. How we use information

We may use information for the following purposes:

• Service delivery: creating accounts, anonymous sessions, mobile sessions, displaying profiles, enabling uploads, operating listings, messaging, events, artist discovery, audio tools, AI tools, dashboards, APIs, connectors, and app features;
• Authentication and account security: registering users, signing users in, verifying Apple and Google identity tokens, linking artist accounts, managing refresh tokens, rate limiting, and detecting suspicious access;
• Mobile app operation: operating playback, background audio, recommendations, search, notifications, friends, crews, shares, event RSVPs, Scene Around Me, Scene Heat, Shoutouts, Coaching Sessions, and mobile purchase entitlements;
• Payments and operations: processing purchases, subscriptions, credits, wallet balances, payouts, mobile IAP verification, invoicing, refunds, taxes, chargebacks, transaction support, and marketplace workflows;
• Security and trust: detecting fraud, enforcing policies, investigating abuse, reviewing disputes, handling rights complaints, preserving evidence, and maintaining platform integrity;
• Personalisation: showing recommendations, ranking search results, suggesting creators, services, content, events, tracks, tools, and opportunities, and adapting the experience to likely interests or behaviour;
• Social features: enabling friends, crews, broadcasts, share feedback, DMs, voice notes, listening presence, blocks, reports, and social discovery settings;
• Communications: sending service messages, transactional notices, push notifications, verification emails, security alerts, customer support responses, rights-notice responses, marketing messages, campaign updates, and policy notices;
• Analytics and improvement: understanding usage, testing features, troubleshooting bugs, improving performance, improving design, measuring conversion, and improving product quality;
• AI, automation, model evaluation, and product improvement: developing, testing, evaluating, operating, improving, personalising, ranking, recommending, moderating, reporting on, and optimising BTR’s AI tools, machine-learning systems, behavioural algorithms, recommendation systems, search systems, ranking systems, moderation tools, fraud-prevention systems, creator tools, marketplace tools, analytics systems, reporting systems, and automated decision-making technologies;
• Rights, copyright, takedown, and provenance management: receiving, reviewing, preserving, investigating, responding to, and documenting copyright complaints, image-rights complaints, artist-likeness complaints, trademark complaints, privacy complaints, publicity-rights complaints, takedown notices, counter-notices, licence claims, permission records, and image-source records;
• Legal compliance: complying with laws, regulations, payment obligations, tax requirements, sanctions screening, law-enforcement requests, legal process, court orders, regulator requests, and platform-provider requirements; and
• Business operations: audits, accounting, reporting, insurance, financing, corporate transactions, vendor management, risk management, legal review, and general administration.

Where GDPR, UK GDPR, or similar data protection law applies, our legal bases for processing may include performance of a contract, legitimate interests, consent, legal obligation, protection of vital interests, public interest where applicable, or another lawful basis available under applicable law. The legal basis depends on the type of information and the purpose of processing.

8. AI tools, audio tools, moderation and automation

BTR may provide or integrate AI-powered tools and audio tools for mastering, vocal removal, stem separation, transcription, generation, enhancement, music analysis, tagging, recommendations, search, moderation, detection, writing assistance, video tools, image tools, profile tools, marketplace tools, customer support, fraud detection, and related features.

When you use AI, audio, or automated features, we may process inputs you provide, uploaded files, generated outputs, technical metadata, device and usage data, prompts, model settings, job settings, error logs, moderation signals, quality signals, and related records as reasonably necessary to provide, secure, troubleshoot, improve, monitor, and enforce limits for those features.

Current or planned processing may include:

• OpenAI for text moderation, transcript moderation, transcription, and safety review;
• internal Go-hosted Demucs for vocal isolation and stem separation;
• internal Go-hosted DeepFilter for audio enhancement;
• automated or manual review of Shoutout videos before delivery;
• AI-assisted review of voice-note transcripts and user-generated text;
• fraud, abuse, spam, harassment, copyright, impersonation, and safety detection; and
• analytics, ranking, recommendation, discovery, and personalisation systems.

BTR may use information collected through the Services to operate, provide, secure, personalise, analyse, test, train, fine-tune, evaluate, validate, improve, commercialise, and optimise the Services and BTR’s current and future products, systems, tools, models, algorithms, analytics, reports, and automated technologies, subject to applicable law and any specific controls we make available.

Where available and appropriate, we configure vendor services to limit use of private user content for the vendor’s own unrelated model training or unrelated commercial purposes. Some features may have additional notices, settings, or third-party terms.

Unless a feature-specific notice or separate agreement says otherwise, uploading private content to use a BTR tool does not give other BTR users ownership of that content and does not make that content generally public, royalty-free, or free for others to exploit.

Ownership and platform licence terms are addressed in our Terms of Service.

9. Cookies, pixels and similar technologies

We and our partners may use cookies, local storage, software development kits, web beacons, pixels, server-side events, conversion APIs, device identifiers, log files, and similar technologies to recognise your browser or device, remember preferences, measure performance, attribute traffic, prevent fraud, support analytics, support advertising, and understand how the Services are used.

These technologies may be used to:

• keep you signed in and remember settings;
• measure page views, button clicks, uploads, signups, purchases, subscription events, checkout events, campaign events, form submissions, and conversion events;
• understand how users navigate the Services and where users encounter friction;
• test product changes, improve performance, debug technical issues, and troubleshoot errors;
• detect fraud, abuse, spam, bots, suspicious logins, artificial engagement, payment abuse, and platform misuse;
• support remarketing, audience building, lookalike audiences, attribution, campaign reporting, and advertising measurement where enabled on the website;
• help creators, sellers, advertisers, and BTR understand aggregate campaign, listing, or page performance where applicable; and
• connect browser events with server-side events to improve attribution, security, fraud prevention, and measurement accuracy.

The BTR mobile app does not currently use Apple IDFA or cross-app advertising identifiers. The website may use pixels, cookies, conversion APIs, analytics, advertising, or attribution technologies as described in this section and subject to applicable consent controls.

Your browser or device may offer controls to block or delete cookies, limit tracking, reset advertising identifiers, restrict cross-site tracking, disable notification permission, disable location permission, or send privacy preference signals. Some controls may be browser-specific, device-specific, or account-specific.

Some technologies are necessary for login, security, payments, fraud prevention, preferences, app operation, playback, and core functionality. Disabling them may affect how the Services work.

10. When we share information

We may share information in the following circumstances:

• Service providers: with vendors that provide hosting, storage, cloud infrastructure, analytics, support, moderation, fraud prevention, AI/model infrastructure, machine-learning tools, data processing, database services, security tooling, email delivery, payment processing, tax, payout, app-store billing, ticketing, video services, and similar services on our behalf;
• App stores and mobile providers: with Apple and Google for mobile authentication, app-store billing, subscription status, refunds, push notifications, crash reporting, entitlement handling, app review, and platform compliance;
• AI, analytics, and automation providers: with providers that help us train, test, evaluate, operate, secure, monitor, improve, host, or support AI models, machine-learning systems, recommendation systems, ranking systems, search systems, moderation systems, reporting systems, behavioural algorithms, fraud-prevention systems, and product analytics;
• Payment and transaction partners: with processors, app stores, banks, wallet providers, PayPal, Stripe, tax or KYC providers, fraud vendors, payout providers, and relevant transaction counterparties where needed to complete purchases, payouts, disputes, chargebacks, refunds, or fraud checks;
• Advertising and analytics partners: with marketing, attribution, analytics, measurement, and advertising partners, subject to your settings, applicable law, and this policy;
• Other users: when you make profile information, listings, uploads, reviews, event pages, messages, shares, RSVPs, listening presence, crew activity, or other content visible to those users through the Services;
• Rights holders and dispute participants: where reasonably necessary to review, respond to, or resolve copyright, image-rights, trademark, publicity, privacy, ownership, marketplace, payment, moderation, or platform-integrity disputes;
• Legal, safety, and compliance reasons: when required or appropriate to comply with law, legal process, investigations, regulator requests, payment-provider requirements, sanctions obligations, tax obligations, court orders, or to protect rights, property, safety, evidence, or the Services;
• Professional advisors: with lawyers, accountants, auditors, insurers, consultants, security advisors, and other professional advisors where needed for business, legal, compliance, audit, insurance, or risk-management purposes;
• Corporate transactions: in connection with a merger, acquisition, investment, financing, reorganisation, sale of assets, bankruptcy, due diligence, or similar business transaction; and
• With your direction or consent: where you ask us to share information or clearly authorise a disclosure.

We do not sell personal data in the ordinary data-broker sense. However, some privacy laws define “sale,” “sharing,” “targeted advertising,” or “cross-context behavioural advertising” broadly enough to include certain advertising, attribution, cookie-based audience, analytics, or tracking uses. Where required, we will provide applicable notice and choice.

11. Sub-processors and service providers

BTR may use service providers and sub-processors to operate the Services. The providers we use may change over time. Current or expected categories and examples include:

We may add, remove, replace, or change service providers as the Services evolve. Where required by law, we use appropriate contractual, technical, and organisational safeguards with service providers.

12. Public content and user-generated material

Certain parts of the Services are public or visible to other users. If you create a profile, publish listings, upload music, add bios, post reviews, publish event pages, comment publicly, submit public marketplace materials, appear in artist features, RSVP publicly where supported, appear in backer lists, or otherwise make content visible through the Services, that information may be seen, copied, indexed, quoted, embedded, archived, screenshotted, downloaded, or shared by other people and third-party services.

Public content may also appear in search engines, AI assistants, previews, widgets, social media posts, embedded cards, BTR promotional materials, discovery tools, ranking pages, charts, marketplace pages, mobile app surfaces, and third-party links. Removing content from BTR may not remove copies, indexes, screenshots, embeds, cached versions, or records controlled by third parties.

Please think carefully before posting public content or including personal information in public areas, creator descriptions, files, metadata, lyrics, prompts, messages, images, videos, listings, comments, event pages, profile fields, or reports.

13. Copyright, takedown, moderation and legal records

BTR may process information connected with copyright notices, image-rights complaints, trademark complaints, privacy complaints, publicity-rights complaints, artist-likeness complaints, ownership disputes, moderation reports, safety reports, fraud reports, chargebacks, counter-notices, and legal requests.

This information may include:

• names, email addresses, organisations, account identifiers, and contact details of claimants, users, representatives, and rights holders;
• URLs, screenshots, file names, image URLs, audio URLs, metadata, content IDs, content hashes, upload timestamps, removal timestamps, page versions, and asset provenance records;
• licence records, contracts, releases, photographer credits, agency records, publication records, permission records, source links, ownership evidence, authority evidence, and correspondence;
• moderation notes, internal review outcomes, enforcement decisions, appeal records, counter-notices, fraud signals, legal-risk notes, and related operational records; and
• records reasonably needed to protect BTR, users, creators, artists, rights holders, and third parties.

We may use this information to investigate and respond to complaints, remove or restore content, preserve evidence, prevent repeat infringement, detect abusive notices, comply with legal obligations, enforce our Terms, defend legal claims, support insurance or legal review, and protect platform integrity.

We may share relevant portions of rights notices, complaints, counter-notices, or evidence with affected users, rights holders, representatives, service providers, payment processors, legal advisors, insurers, regulators, courts, or law-enforcement authorities where reasonably necessary or legally required. We may withhold, redact, or limit disclosure where appropriate for privacy, safety, confidentiality, privilege, fraud prevention, legal risk, or platform integrity.

14. Data retention

We retain information for as long as reasonably necessary for the purposes described in this policy, including to operate the Services, maintain records, complete transactions, support users, investigate abuse, comply with law, resolve disputes, enforce agreements, preserve rights-related evidence, and protect platform integrity.

Deleting an account or removing content may stop future public availability, but it may not immediately delete backups, logs, transaction records, legal records, support records, moderation records, copyright records, fraud-prevention records, analytics records, aggregated data, de-identified data, derived data, model-improvement records, system-improvement records, or other records we need to retain for legitimate operational, legal, accounting, tax, security, or dispute-resolution purposes.

14.1 Retention exceptions after deletion

The following information may be retained beyond account deletion where permitted or required by law:

• purchase events and artist earnings ledger entries;
• tax and accounting records;
• records subject to legal hold;
• records preserved as evidence in a pending or threatened dispute;
• records preserved in response to law-enforcement, regulator, court, app-store, payment-provider, or legal requests;
• aggregated, de-identified, or derived analytics that no longer identify the user under applicable law;
• audit logs for security and fraud investigation;
• IAP receipts and purchase tokens needed for refund, chargeback, entitlement, and app-store handling;
• sanctions, tax, KYC, or payout records for the period required by applicable law or provider rules;
• records of moderation actions, blocks, reports, enforcement decisions, and safety incidents needed to enforce repeat-offender rules; and
• backup copies until the relevant backup deletion cycle completes.

15. Account deletion and data deletion

Users may request deletion of their account. Where the mobile app supports account creation, users may initiate account deletion from inside the mobile app through the relevant settings or account screen.

When you delete your account, BTR will take steps to delete or de-identify personal information associated with your account from active systems, subject to the retention exceptions described in this Privacy Policy and any retention required or permitted by law.

• Account deletion may remove or de-identify profile data, authentication data, personal account details, and app account records.
• Public content may be removed from public display where technically and legally feasible, subject to prior shares, third-party copies, screenshots, caches, completed transactions, and retained records.
• Financial, tax, payment, payout, purchase, IAP, refund, chargeback, fraud, audit, moderation, legal, and dispute records may be retained.
• Deleting the BTR app from your device does not by itself delete your BTR account.
• Deleting your BTR account does not necessarily cancel Apple or Google subscriptions. App-store subscriptions must be managed through Apple or Google subscription settings.
• You may be able to sign up again with the same email after deletion, but prior data may not be restored.

You may also contact us at info@beatstorapon.com to request account deletion or data deletion. We may need to verify your identity and account relationship before completing a deletion request.

16. International data transfers

BTR may operate globally, and information may be stored or processed in countries other than the country where you live. Those countries may have data protection laws that differ from those in your jurisdiction.

Where required, we use reasonable safeguards for international transfers, which may include contractual protections, organisational measures, technical security controls, data processing agreements, transfer impact assessments, standard contractual clauses, or other lawful transfer mechanisms.

If you are located in the EEA, UK, Switzerland, or another jurisdiction with international transfer restrictions, your personal data may be transferred to Australia, the United States, and other countries where BTR, its service providers, processors, infrastructure providers, analytics providers, payment providers, app stores, AI/model infrastructure providers, or support providers operate. Where required by law, BTR will use appropriate transfer safeguards.

17. Your privacy rights and choices

Depending on where you live, you may have rights to:

• request access to the personal information we hold about you;
• request correction of inaccurate or incomplete information;
• request deletion of your personal information, subject to exceptions;
• request restriction of certain processing activities;
• object to certain processing, including some direct marketing, legitimate-interest, profiling, or targeted advertising uses;
• request portability of certain information where technically feasible;
• withdraw consent where processing is based on consent;
• opt out of certain advertising, sale, sharing, profiling, or targeted advertising practices where applicable;
• manage mobile permissions for location, camera, microphone, notifications, background activity, and local device access through device settings;
• manage push notification preferences through device settings or in-app settings where available;
• manage Listening Visibility, Scene Around Me, blocks, friends, crews, and social visibility settings where available; and
• lodge a complaint with a privacy regulator where available under applicable law.

Where available, you may also be able to adjust product settings, consent choices, cookie controls, marketing preferences, mobile app permissions, notification preferences, AI/product-improvement preferences, or account settings.

These controls may apply only to future processing and may not require BTR to reverse prior processing, delete completed transaction records, remove lawful records, alter aggregated or de-identified data, unwind model or system improvements, or stop processing that is necessary for security, fraud prevention, legal compliance, dispute handling, service delivery, rights handling, payments, app-store handling, or enforcement of our terms.

We may need to verify your identity before completing a request. We may request account details, proof of identity, proof of authority, relationship to the account, or other information reasonably needed to verify and process the request.

To exercise your rights or manage certain preferences, use the relevant account settings where available or contact us using the details in Section 24.

18. App Store and Google Play privacy disclosures

18.1 Apple App Privacy details

For App Store privacy disclosure purposes, the BTR mobile app may collect or process data categories including:

• Contact Info, such as email address where you create an account;
• Identifiers, such as consumer ID, account ID, device-linked identifiers, push tokens, and app-store transaction identifiers;
• Location, where you grant device-location permission, stored server-side as coarse geohash-style data for supported features;
• User Content, including profile content, messages, voice notes, Shoutout prompts, Shoutout videos, reports, uploads, and other content you provide;
• Audio Data, including voice notes and uploaded audio for supported features;
• Usage Data, including plays, searches, screen views, recommendations, clicks, shares, app interactions, and feature usage;
• Purchase History, including mobile purchase records, product IDs, subscription status, receipts, purchase tokens, and entitlement records;
• Search History, including mobile search queries;
• Diagnostics, including crash, error, performance, and app diagnostic data; and
• Other Data, including fraud, moderation, safety, rate-limit, and support records.

Mobile app data may be linked to your account or device where needed to provide the Services, operate features, verify purchases, maintain security, process support, prevent fraud, handle payments, enforce terms, and comply with law. BTR does not currently use Apple IDFA or mobile cross-app tracking identifiers in the mobile app.

18.2 Google Play Data Safety

For Google Play Data Safety purposes, the BTR mobile app may collect, process, or share data categories including personal info, app activity, app information and performance, device or other identifiers, approximate location where granted, user-generated content, audio files, videos, photos or images where provided, purchase history, search history, and diagnostics.

Data may be collected for app functionality, analytics, account management, developer communications, fraud prevention, security, compliance, personalisation, payment handling, app-store entitlement handling, and support.

BTR provides account deletion from inside the mobile app where account creation is supported and also accepts deletion requests through info@beatstorapon.com, subject to the retention exceptions described in this Privacy Policy.

18.3 No mobile advertising network at launch

The mobile app does not currently include a third-party in-app advertising network, banner ads, interstitial ads, or rewarded video ads. BTR may promote artists, tracks, events, Drops, charts, marketplace activity, app features, and platform content inside the app as part of editorial, discovery, product, or platform activity.

19. Region-specific notices

19.1 Australia

If you are in Australia, personal information is handled in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and other applicable privacy laws where they apply. You may request access to or correction of personal information we hold about you by contacting us using the details in Section 24.

If you have a privacy complaint, contact us first so we can review it. If you are not satisfied with our response, you may have the right to contact the Office of the Australian Information Commissioner or another relevant regulator.

19.2 EEA / EU users

If you are located in the European Economic Area, BTR may process your personal data as a controller for the purposes described in this Privacy Policy. Depending on the context, we may process personal data because it is necessary to perform a contract with you, because we have a legitimate interest, because we need to comply with a legal obligation, because you have given consent, or because another lawful basis applies under applicable data protection law.

Our legitimate interests may include operating and improving the Services, securing the platform, preventing fraud and abuse, personalising user experiences, ranking and recommending content, supporting creator discovery, generating analytics and reports, developing and improving AI and automated systems, handling rights complaints, preserving evidence, communicating with users, enforcing our terms, and protecting BTR, users, creators, rights-holders and third parties.

Where consent is required, including for certain cookies, tracking technologies, marketing communications, precise location, sensitive data uses, or specific AI/product-improvement uses, we will seek consent where legally required.

Subject to applicable law, you may have rights to request access, correction, erasure, restriction, portability, objection to processing, objection to direct marketing, and rights relating to certain automated decision-making or profiling. You may exercise these rights by contacting us using the details in Section 24.

You also have the right to lodge a complaint with a data protection authority in the country where you live, work, or where you believe a data protection issue has occurred. If BTR is required to appoint an EU representative under Article 27 of the GDPR, we will identify that representative here or through another appropriate notice.

19.3 United Kingdom users

If you are located in the United Kingdom, BTR may process your personal data under the UK GDPR and Data Protection Act 2018 where applicable. We may rely on contractual necessity, legitimate interests, consent, legal obligation, or another lawful basis depending on the processing activity.

You may have rights to access, correction, erasure, restriction, portability, objection, withdrawal of consent where processing is based on consent, and rights relating to certain automated decision-making or profiling. You may exercise these rights by contacting us using the details in Section 24.

You may also lodge a complaint with the UK Information Commissioner’s Office. If BTR is required to appoint a UK representative, we will identify that representative here or through another appropriate notice.

19.4 California and similar U.S. state privacy laws

If you are covered by a U.S. state privacy law that gives rights to know, access, delete, correct, opt out, limit certain uses of sensitive personal information, or opt out of certain targeted advertising, sale, sharing or profiling practices, you may submit requests using the methods described in Section 24.

We do not sell personal information in the ordinary data-broker sense. However, some U.S. privacy laws define “sale,” “sharing,” “targeted advertising,” or “cross-context behavioural advertising” broadly enough to include certain advertising, analytics, attribution, cookie-based audience, or tracking activities. Where required, we will provide applicable opt-out rights.

We will not unlawfully discriminate against you for exercising applicable privacy rights.

19.5 Other regions

Depending on where you live, you may have additional privacy rights under local law, including rights to access, correct, delete, restrict, object, withdraw consent, lodge a complaint, or request information about how your personal information is processed. BTR will respond to valid privacy requests as required by applicable law.

19.6 Advertising choices

You may be able to limit interest-based advertising by using browser controls, device settings, consent tools, recognised opt-out signals, or opt-out mechanisms offered by certain advertising partners. Some choices may be browser-specific, device-specific, or account-specific.

20. Children’s privacy

The Services are not directed to children below the minimum age permitted under applicable law to use the Services without parental or guardian involvement. We do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided us personal information unlawfully, contact us and we will investigate and take appropriate action.

Some features may require users to attest that they are 18+ or otherwise eligible to access mature, paid, social, messaging, commerce, artist-support, event, or community features. That attestation may be stored server-side and used for safety, compliance, moderation, eligibility, and feature-gating purposes.

If a minor uses the Services with parental, guardian, school, organisation, label, manager, or authorised adult involvement, the responsible adult or organisation is responsible for ensuring the use is lawful and appropriate.

21. Security

We use reasonable technical, administrative, and organisational measures designed to protect information against unauthorised access, loss, misuse, alteration, or disclosure. Measures may include access controls, authentication, encryption in transit where appropriate, logging, monitoring, backups, vendor controls, staff access limits, rate limits, abuse detection, and security review processes.

However, no service, network, storage system, app, device, or internet transmission is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your own credentials, devices, email account, payment accounts, Apple account, Google account, PayPal account, and account access. If you believe your account has been compromised, contact us promptly.

If we become aware of a data security incident that requires notice under applicable law, we will provide notice as required by that law.

22. Third-party links and integrations

The Services may contain links to third-party websites, platforms, processors, tools, embeds, AI services, payment services, app stores, social networks, streaming services, ticketing tools, analytics tools, ad platforms, map tools, video providers, and integrations. Their privacy practices are governed by their own policies, not this one.

If you interact with a third-party service through BTR, such as by clicking a link, opening native maps, signing in with Apple or Google, making an app-store purchase, using PayPal, using Stripe, joining a Coaching Session, embedding content, using an AI feature, or connecting an external platform, that third party may collect or process information under its own terms and privacy policy.

23. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and may provide additional notice where appropriate, such as by posting a notice on the Services, sending an email, displaying a dashboard notice, using an app notice, using a consent tool, or otherwise notifying users.

Your continued use of the Services after the revised policy takes effect means you acknowledge the updated Privacy Policy.

If we make material changes to how we use personal information for mobile app data, account deletion, AI training, model development, automated systems, advertising, analytics, product-improvement, payment, app-store purchase, or location purposes, we may provide additional notice where appropriate, including by email, dashboard notice, app notice, account notice, consent tool, update banner, or other reasonable method.

24. Contact us

If you have questions, requests, privacy complaints, access requests, correction requests, deletion requests, advertising opt-out requests, mobile privacy questions, app-store privacy questions, rights-related privacy concerns, or concerns about this Privacy Policy or our privacy practices, contact us using the details below.

BTR | BeatsToRapOn
Email: info@beatstorapon.com

We may need to verify your identity, account relationship, or authority to act before responding to a request. Do not send unnecessary sensitive information unless requested through an appropriate secure process.