You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.
Coming Soon The BTR Mobile App is coming — get your catalogue clean & approved before launch. Read the update →
BTR · LEGAL · PRIVACY

Privacy Policy.

This policy explains what information BeatsToRapOn (BTR) collects, how we use it, when we share it, how long we keep it, and what privacy choices and rights may apply when you use our website, iOS app, Android app, marketplace, audio tools, AI tools, messaging, payments, events, and creator services. BTR is a general-audience music platform for users aged 13 and over.

LAST UPDATED · 16 JUNE 2026 · NEW SOUTH WALES, AUSTRALIA

We are BTR (BeatsToRapOn), operated from New South Wales, Australia. This Privacy Policy applies to beatstorapon.com, related websites, the BTR iOS mobile application, the BTR Android mobile application, software, plug-ins, creator tools, event tools, marketplace services, audio tools, AI tools, podcasts, APIs, connectors, widgets, analytics, payment flows, and other services we provide (together, the “Services”).

This Privacy Policy explains how we collect, use, disclose, store, transfer, retain, secure, and otherwise process information relating to identified or identifiable individuals, including account holders, anonymous mobile users, artists, listeners, fans, buyers, sellers, event organisers, promoters, marketplace users, contributors, claimants, rights holders, and site visitors.

By using the Services, you acknowledge the practices described in this Privacy Policy. Your use of the Services is also governed by our Terms of Service, Payment Terms, and any feature-specific terms that apply.

This Privacy Policy is publicly accessible without an account or login at https://beatstorapon.com/privacy. It is linked from the BTR website footer, from inside the BTR mobile app, and from the BTR listings on the Apple App Store and Google Play, so it is reachable both before and after you download or sign in to the app.

Quick version: we use information to run BTR, support uploads and transactions, operate the mobile app, verify purchases, send notifications, support messaging, process payments, prevent fraud and abuse, personalise discovery, moderate content, operate AI and audio tools, generate analytics, improve products, handle rights complaints, maintain records, and comply with law. We do not sell personal data in the ordinary data-broker sense.
Age: BTR requires account holders to be at least 13 years old. The Services are not directed to children under 13, and BTR is not a “Kids”, “Families”, or “Made for Kids” app. We do not knowingly collect personal information from children under 13. See Section 20 (children’s privacy and child safety) and our Terms of Service.
Mobile app privacy position: the BTR mobile app uses first-party server-side analytics. We do not currently integrate third-party mobile analytics SDKs such as Mixpanel, Amplitude, Facebook SDK, or Firebase Analytics. We do not use Apple IDFA or cross-app advertising identifiers in the mobile app, and we do not ask for App Tracking Transparency permission to track you across other companies' apps and websites. App-store crash, billing, account, authentication, and push-notification infrastructure may still process data through Apple and Google as described below.
Important: the mobile app supports anonymous-first onboarding. We may create a generated anonymous identifier and collect device, usage, listening, search, location-if-granted, and engagement data before you create a full account. If you later sign up, that previous anonymous activity may become associated with your authenticated account.
Account deletion and privacy choices: users can request deletion of their BTR mobile account and associated app data from inside the BTR mobile app through Settings → Delete Account, or from the public, login-free web page at https://beatstorapon.com/delete-mobile-account. You can also contact us at info@beatstorapon.com for privacy requests, access requests, correction requests, deletion requests, or app privacy questions.

Website + Marketplace

We collect account, profile, upload, transaction, wallet, support, rights, event, marketplace, analytics, and payment-related information.

Mobile App

We collect anonymous session data, device data, mobile usage, plays, likes, follows, friends, crews, chat, push tokens, IAP records, and location if granted.

Your Control

You may have rights to access, correct, delete, restrict, object, export, withdraw consent, manage settings, or opt out depending on your region.

1. Information we collect

1.1 Information you provide directly

We may collect information you provide when you create an account, complete a profile, use the mobile app, place an order, upload content, use a tool, submit a form, participate in a transaction, report a problem, submit a rights notice, or contact us. This may include:

  • name, username, email address, phone number, password, account login credentials, display name, business name, and contact details;
  • profile information such as biography, profile image, avatar, artist details, social links, genres, scenes, location, country, portfolio information, public URLs, and creator identity details;
  • age and eligibility information, including your declared age (you must be at least 13 to hold an account), and any attestation required to access specific age-restricted features, content, or safety controls;
  • user content you upload or submit, including audio, beats, stems, artwork, videos, listing text, event details, metadata, creator files, descriptions, tags, prompts, AI tool inputs, AI tool outputs, edits, saved versions, and related creator materials;
  • mobile user-generated content, including direct messages, voice notes, crew names, shared tracks, shared events, shared artists, report text, Shoutout prompts, Shoutout videos recorded by artists, and related media;
  • visual and editorial materials such as profile photos, cover art, banners, event images, marketplace images, screenshots, blog-submission images, EPK materials, promotional graphics, image-source notes, licence records, and provenance information;
  • communications, including messages, comments, reviews, support tickets, dispute correspondence, rights-notice correspondence, counter-notices, complaint evidence, and other correspondence;
  • billing, purchase, subscription, credit, wallet, payout, refund, dispute, invoice, tax, or payment-related information you submit to us or our payment providers;
  • identity verification, business verification, tax, sanctions, fraud, or compliance information where needed for payouts, fraud checks, marketplace trust, or regulatory compliance;
  • information you provide when participating in promotions, waitlists, surveys, forms, podcasts, interviews, campaigns, events, artist features, testimonials, or marketplace opportunities; and
  • copyright, image-rights, trademark, artist-likeness, privacy, publicity, moral-rights, takedown, counter-notice, ownership, permission, and licence evidence submitted to BTR.

1.2 Information collected automatically

When you use the Services, we may automatically collect:

  • device data, such as device type, platform, operating system, browser type, language, locale, screen size, app version, mobile app version, and device identifiers used for security, deduplication, authentication, diagnostics, or app functionality;
  • network and technical data, such as IP address, timestamps, crash data, diagnostics, latency, server logs, access logs, request headers, user-agent strings, and error logs;
  • website usage data, such as pages viewed, buttons clicked, searches, referring URLs, session behaviour, content interactions, scroll activity, tool activity, and time spent on the Services;
  • mobile usage data, such as app launches, screen views, play events, skip events, likes, saves, follows, search queries, recommendation impressions, recommendation clicks, deep-link taps, share events, notification opens, engagement events, and mobile funnel steps;
  • mobile social data, such as friend requests, friendships, crew membership, crew broadcasts, shares, share-feedback events, block records, report records, and listening-visibility settings;
  • mobile commerce data, such as purchase attempts, app-store receipts, Google Play purchase tokens, product IDs, transaction IDs, amount, currency, refund status, entitlement status, subscription status, artist earnings ledger entries, and purchase events;
  • AI, recommendation, ranking, discovery, and automation interaction data, such as tool usage, feature settings, prompts submitted to BTR tools, outputs generated, edits made, recommendations shown, recommendations clicked, search results displayed, ranking interactions, moderation signals, safety signals, and quality signals;
  • transaction and activity data, such as purchases, cancellations, payouts, disputes, chargebacks, event views, listing views, streams, campaign actions, upload attempts, workflow completion, and conversion events;
  • rights, moderation, and compliance metadata, such as content IDs, image URLs, file paths, file names, file hashes, upload timestamps, removal timestamps, review outcomes, complaint references, evidence records, account actions, and enforcement history; and
  • cookie IDs, pixel IDs, analytics identifiers, local storage identifiers, session IDs, push tokens, and similar online identifiers.

1.3 Information from third parties

We may receive information from third parties, including:

  • login and authentication providers, including Apple and Google, if you sign in using third-party credentials;
  • Apple App Store, Apple StoreKit, Google Play, and Google Play Billing for mobile purchase verification, subscription status, refunds, and entitlement handling;
  • payment processors, fraud-prevention vendors, wallet providers, tax providers, KYC providers, and payout providers;
  • analytics, advertising, attribution, and measurement providers used on the website or server side;
  • AI/model infrastructure providers, cloud providers, content-processing vendors, security providers, transcription providers, and moderation providers;
  • video service providers used for Coaching Sessions;
  • social media, streaming, DSP, event, or content platforms when you link accounts, import content or data, use embedded features, or interact with BTR content off-platform;
  • rights holders, agencies, photographers, labels, publishers, estates, artists, managers, publicists, lawyers, claimants, or authorised representatives who submit claims, notices, corrections, or evidence involving BTR content or users; and
  • business partners, event partners, service providers, marketplace users, or other users involved in a transaction, listing, order, rights dispute, report, or collaboration with you.

1.4 Sensitive information

We do not require you to provide sensitive information unless it is necessary for a specific feature, verification step, compliance process, legal issue, support request, payment or payout process, safety issue, report, moderation review, or dispute. Depending on your region, sensitive information may include government IDs, tax identifiers, precise location, health information, racial or ethnic origin, religious beliefs, political opinions, union membership, criminal history, biometric-like verification data, or similar protected categories.

Do not include unnecessary sensitive information in public profiles, uploads, metadata, lyrics, prompts, messages, voice notes, support tickets, comments, listings, reports, or rights notices. Where we process sensitive information, we do so in accordance with applicable law and only for the relevant purpose.

2. Mobile-specific data collection

2.1 Anonymous-first onboarding

The BTR mobile app may create an anonymous consumer record on first launch. This record uses a generated anonymous identifier and may be linked to a device-style identifier used for deduplication, abuse prevention, account continuity, and app operation. No email, phone number, real name, or password is required at that stage.

While using the mobile app anonymously, we may collect and store information against the anonymous identifier, including:

  • generated consumer ID or anonymous identifier;
  • device platform, app version, device locale, request headers, IP address, user-agent string, and security logs;
  • listen history, play events, skip events, likes, follows, scout positions, scenes, preferences, searches, recommendation activity, and discovery behaviour;
  • a coarse, approximate location-grid cell if you grant device-location permission;
  • event views, event shares, event RSVPs where allowed, and other app engagement activity;
  • push token data if notifications are enabled; and
  • fraud, rate-limit, moderation, diagnostics, and abuse-prevention signals.

If you later create an account or sign in, BTR may promote the anonymous record in place. This means your previous anonymous activity may become associated with your authenticated account so your listening history, preferences, likes, follows, scout positions, and app settings are preserved.

2.2 Mobile sign-up and authentication data

The mobile app may support:

  • email and password sign-up or sign-in;
  • Sign in with Apple;
  • Sign in with Google;
  • artist login using an existing BTR artist account;
  • anonymous bootstrap and later account promotion; and
  • forgot-password and account recovery flows.

Authentication information may include email address, hashed password, Apple identity token claims, Google ID token claims, BTR artist account linkage, refresh tokens, session tokens, device state, login timestamps, IP address, and security logs.

2.3 Mobile analytics and engagement data

BTR collects first-party server-side mobile analytics to operate, debug, improve, personalise, secure, and measure the app. This may include:

  • mobile engagement events;
  • mobile play events;
  • mobile search events;
  • mobile screen views;
  • mobile recommendation impressions and clicks;
  • mobile deeplink events;
  • mobile share events;
  • mobile IAP attempts and purchase events;
  • mobile funnel steps;
  • mobile chat metrics;
  • mobile notification events;
  • mobile geo events;
  • mobile skip events;
  • mobile listening visibility settings; and
  • mobile heat events.

The BTR mobile app does not currently use Apple IDFA, mobile advertising identifiers, third-party in-app advertising networks, or mobile cross-app tracking identifiers. BTR does not currently use mobile app data to track users across third-party apps or websites for advertising purposes, and does not currently use App Tracking Transparency tracking. The website may use pixels, cookies, conversion APIs, analytics, advertising, or attribution technologies as described in this section and subject to applicable consent controls.

2.4 Mobile social and community features

The mobile app may collect data connected with Friends, Crews, Broadcasts, share feedback, listening presence, event RSVPs, DMs, voice notes, blocks, and reports. This may include:

  • friend requests sent, received, accepted, cancelled, declined, ignored, or removed;
  • friendship records, keyed by the relevant user identifiers;
  • crew names, crew owner, crew members, membership status, crew broadcasts, and crew deletion or leave events;
  • shares of tracks, events, artists, Drops, or other supported content;
  • share-feedback events when a recipient plays, saves, or replies to a shared track within the supported window;
  • listening-now presence and recent plays according to Listening Visibility settings;
  • block records and block-cascade effects;
  • reports submitted about users, messages, voice notes, tracks, events, Shoutouts, Drops, profiles, or other user-content surfaces; and
  • rate-limit, abuse-prevention, moderation, and safety records.

3. Information from user interactions

3.1 Friends, crews and sharing

When you interact with other users, those users may see certain information about you depending on the feature used. For example:

  • if you send a friend request, the recipient may see your username, display name, avatar, profile information, and request action;
  • if a friend request is accepted, both users may see that friendship in their own friends area;
  • if you are added to a Crew, the crew owner and other crew members may see your membership in that Crew;
  • if you broadcast to a Crew, recipients may see the sender and the shared track, event, artist, or supported content;
  • if you share a track with another user and they play, save, or reply to it within the supported window, the original sender may receive a share-feedback notification;
  • if you RSVP to an event, your RSVP may affect event going counts and may be visible where the app feature displays RSVP information; and
  • if you message another user, that user receives the message, attachments, voice notes, and related sender information.

3.2 Silent decline, block and crew behaviour

Some privacy and safety behaviours are silent by design. BTR does not promise that another user will be notified when:

  • you decline, ignore, cancel, or remove a friend request;
  • you block or unblock them;
  • you leave a Crew;
  • you remove a user from a Crew;
  • you soft-delete a chat from your own inbox; or
  • you change visibility settings that reduce what they can see.

Blocking a user may automatically remove friendships, prevent future direct messages, suppress share-feedback notifications, remove crew relationships between the affected users, and prevent blocked users from seeing activity that would otherwise be visible.

3.3 Listening Visibility

The mobile app may include a Listening Visibility setting that controls who can see your currently-playing track or recent listening activity in supported social features. The available scopes may include Everyone, Friends, and No one. The default setting is Friends, unless a legacy or feature-specific setting applies.

Blocked users do not see your listening activity through supported friend or crew surfaces regardless of your general Listening Visibility setting.

3.4 No profile-view notification

BTR does not currently provide a “someone viewed your profile” notification feature. This Privacy Policy should not be read as promising that users will be told when someone views their profile, searches for them, sees them in recommendations, opens a track page, or checks a public page.

4. Location, camera, microphone, notifications and device permissions

The mobile app requests device permissions only for the features that need them, and each permission is controlled by your device operating system. The purpose strings shown in the operating-system permission prompts describe why each permission is requested, and those purposes match the descriptions below. You can grant or revoke each permission at any time through your device settings.

4.1 Location

The mobile app may request access to your device location for features such as Scene Around Me, Scene Heat, nearby events, location-aware discovery, map features, and local music activity. Location permission is controlled by your device operating system.

  • BTR only accesses device GPS location if you grant permission through your device settings.
  • Where location is used server-side for mobile scene features, BTR stores a coarse, approximate location-grid cell rather than exposing raw latitude and longitude through public-facing parts of the Services.
  • Raw latitude and longitude are not publicly exposed through public-facing parts of the Services.
  • You can revoke location permission through your device settings.
  • Some local discovery, map, scene, heat, or nearby-event features may not work properly without location permission.

BTR does not currently use IP-based geolocation as the active basis for mobile Scene Around Me matching. IP address may still be processed for security, fraud prevention, abuse detection, diagnostics, rate limiting, and approximate operational context.

4.2 Camera and microphone

The mobile app may request camera and microphone access for features such as Shoutout recording, voice notes, video uploads, profile media, and other creator or messaging features.

  • Camera and microphone access are controlled by your device operating system.
  • BTR requests camera and microphone access only when you use a feature that needs it, and not for background or passive capture.
  • Voice notes are user-uploaded audio files and may be stored by BTR until both sides soft-delete the relevant conversation or until another retention rule applies.
  • Shoutout videos are user-recorded videos uploaded by the recording artist and may be stored by BTR for delivery, moderation, support, dispute, payment, and recordkeeping purposes.
  • BTR may transcribe, moderate, review, restrict, or reject voice notes and Shoutout recordings for safety, support, moderation, legal, or platform-integrity reasons.

4.3 Photos and media library

The mobile app may request access to your photo library, camera roll, or media files when you choose to upload a profile photo, cover image, event image, marketplace image, or other media. BTR accesses only the items you select for upload and does not request access in order to scan your full library for unrelated purposes. Photo and media access is controlled by your device operating system and can be changed at any time.

4.4 Push notifications

The mobile app may ask for permission to send push notifications. On iOS and supported Android versions, this is controlled by the operating-system permission prompt and device notification settings.

If you enable notifications, BTR may store Apple Push Notification Service (APNS) tokens or Firebase Cloud Messaging (FCM) tokens linked to your consumer ID, device, account, platform, app version, and notification preferences.

Notification categories may include:

  • friend requests received or accepted;
  • track, event, artist, Drop, or crew shares;
  • share played, share saved, or share replied events;
  • crew invites and crew activity;
  • scout payoff, scene heat, battle, badge, ranking, or status updates;
  • new tracks from followed artists;
  • Drop Room status;
  • Premium or Superfan subscription status;
  • Shoutout delivery, rejection, or refund status;
  • Coaching Session booking, confirmation, reminder, or update; and
  • purchase, entitlement, payment, support, safety, security, or account notices.

You can disable push notifications through your device settings. Disabling push notifications stops push delivery to that device but does not necessarily delete in-app notification records, inbox records, audit logs, or records BTR must retain for security, payment, legal, moderation, dispute, or operational reasons.

4.5 Background audio and device controls

If you play audio in the mobile app, playback may continue in the background and may be controllable through the lock screen, Bluetooth devices, route pickers, headset controls, operating-system controls, or supported system audio interfaces. BTR may process playback events, device route state, session state, and audio-control activity where needed to operate playback, recommendations, analytics, rights controls, safety controls, and app functionality.

5. Payments, payouts, app-store purchases and financial data

5.1 Website payments and marketplace financial data

Website payments may be processed through third-party payment processors and payout partners. We may receive transaction status, billing metadata, partial payment method details, fraud signals, payout status, chargeback status, subscription status, invoice data, tax information, compliance signals, and related records from those providers. Full payment credentials may be collected and stored by the processor under its own privacy and security framework.

5.2 Mobile in-app purchases

Mobile App purchases of digital goods, digital services, subscriptions, Tips, Superfan subscriptions, Backer Slots, Drop Room entries, Backer Rewards, Shoutouts, and other mobile digital products may be processed by Apple App Store or Google Play in accordance with their in-app purchase and subscription rules.

For Mobile Purchases, BTR may receive and store:

  • Apple receipts, app-store transaction IDs, original transaction IDs, product IDs, subscription group information, refund status, renewal status, expiry status, and entitlement data;
  • Google Play purchase tokens, order IDs, product IDs, subscription state, acknowledgement status, refund status, renewal status, expiry status, and entitlement data;
  • purchase amount, currency, territory, timestamp, app version, platform, account identifier, and related ledger information;
  • purchase attempts, purchase failures, duplicate purchase signals, fraud signals, subscription lifecycle events, entitlement events, and refund events;
  • artist earnings ledger entries connected with eligible mobile purchases; and
  • records needed for accounting, tax, support, refund handling, dispute handling, app-store review, fraud prevention, and legal compliance.

BTR does not receive or store your full Apple payment credentials, Google payment credentials, full card number, banking credentials, or full PayPal credentials for Mobile Purchases processed by Apple or Google.

5.3 Artist earnings and payouts

Artist earnings may be generated from website marketplace Orders, mobile Tips, Superfan subscriptions, Backer Slots, Drop Room entries, Backer Rewards, Shoutouts, Coaching Sessions, or other supported monetisation features. We may maintain earnings ledgers, wallet balances, payout status, PayPal payout records, refund records, chargeback records, reserves, holds, tax records, and compliance records.

At launch, BTR withdrawals are paid through PayPal. PayPal may process recipient name, email, account status, transfer information, currency, country, transaction data, fraud data, compliance data, and other information under PayPal’s own terms and privacy policy.

5.4 Coaching Session payment and video-service records

Coaching Sessions are real-time one-to-one video sessions between a fan and an artist. Payment for Coaching Sessions may be handled through the website-side payment flow where permitted by app-store rules. The session itself may be hosted by a third-party video provider.

BTR does not record Coaching Session video calls by default. The video provider may process room URLs, access tokens, IP addresses, device information, call metadata, connection data, audio/video routing data, and other technical data needed to operate the call under its own privacy policy and BTR’s service-provider arrangements.

6. How we collect information

We collect information in several ways:

  • directly from you when you register, upload, purchase, message, use a tool, submit content, submit a report, submit a notice, or contact us;
  • automatically through logs, cookies, pixels, SDKs, conversion APIs, local storage, server-side events, app events, and similar technologies;
  • from your mobile device when the app sends device, app, playback, location-if-granted, notification, purchase, analytics, crash, or diagnostic data;
  • from other users when they friend you, message you, share with you, tag you, pay you, review you, report you, invite you, back you, subscribe to you, or submit transaction details involving you;
  • from Apple, Google, PayPal, payment processors, fraud-prevention vendors, wallet providers, tax providers, KYC providers, payout providers, app stores, and video-service providers;
  • from service providers, processors, integrations, AI/model infrastructure vendors, analytics providers, advertising providers, fraud-prevention providers, payment providers, and security tools;
  • from rights holders, representatives, legal contacts, public sources, or third-party platforms when they submit claims, evidence, permissions, or related materials; and
  • from public or commercially available sources where lawful and relevant to platform integrity, fraud prevention, rights review, creator discovery, marketplace trust, or business operations.

7. How we use information

We may use information for the following purposes:

  • Service delivery: creating accounts, anonymous sessions, mobile sessions, displaying profiles, enabling uploads, operating listings, messaging, events, artist discovery, audio tools, AI tools, dashboards, APIs, connectors, and app features;
  • Authentication and account security: registering users, signing users in, verifying Apple and Google identity tokens, linking artist accounts, managing refresh tokens, rate limiting, and detecting suspicious access;
  • Mobile app operation: operating playback, background audio, recommendations, search, notifications, friends, crews, shares, event RSVPs, Scene Around Me, Scene Heat, Shoutouts, Coaching Sessions, and mobile purchase entitlements;
  • Payments and operations: processing purchases, subscriptions, credits, wallet balances, payouts, mobile IAP verification, invoicing, refunds, taxes, chargebacks, transaction support, and marketplace workflows;
  • Security and trust: detecting fraud, enforcing policies, investigating abuse, reviewing disputes, handling rights complaints, preserving evidence, supporting child-safety enforcement, and maintaining platform integrity;
  • Personalisation: showing recommendations, ranking search results, suggesting creators, services, content, events, tracks, tools, and opportunities, and adapting the experience to likely interests or behaviour;
  • Social features: enabling friends, crews, broadcasts, share feedback, DMs, voice notes, listening presence, blocks, reports, and social discovery settings;
  • Communications: sending service messages, transactional notices, push notifications, verification emails, security alerts, customer support responses, rights-notice responses, marketing messages, campaign updates, and policy notices;
  • Analytics and improvement: understanding usage, testing features, troubleshooting bugs, improving performance, improving design, measuring conversion, and improving product quality;
  • AI, automation, model evaluation, and product improvement: developing, testing, evaluating, operating, improving, personalising, ranking, recommending, moderating, reporting on, and optimising BTR’s AI tools, machine-learning systems, behavioural algorithms, recommendation systems, search systems, ranking systems, moderation tools, fraud-prevention systems, creator tools, marketplace tools, analytics systems, reporting systems, and automated decision-making technologies;
  • Rights, copyright, takedown, and provenance management: receiving, reviewing, preserving, investigating, responding to, and documenting copyright complaints, image-rights complaints, artist-likeness complaints, trademark complaints, privacy complaints, publicity-rights complaints, takedown notices, counter-notices, licence claims, permission records, and image-source records;
  • Legal compliance: complying with laws, regulations, payment obligations, tax requirements, sanctions screening, child-safety and online-safety obligations, law-enforcement requests, legal process, court orders, regulator requests, and platform-provider requirements; and
  • Business operations: audits, accounting, reporting, insurance, financing, corporate transactions, vendor management, risk management, legal review, and general administration.

Where GDPR, UK GDPR, or similar data protection law applies, our legal bases for processing may include performance of a contract, legitimate interests, consent, legal obligation, protection of vital interests, public interest where applicable, or another lawful basis available under applicable law. The legal basis depends on the type of information and the purpose of processing.

8. AI tools, audio tools, moderation and automation

BTR may provide or integrate AI-powered tools and audio tools for mastering, vocal removal, stem separation, transcription, generation, enhancement, music analysis, tagging, recommendations, search, moderation, detection, writing assistance, video tools, image tools, profile tools, marketplace tools, customer support, fraud detection, and related features.

When you use AI, audio, or automated features, we may process inputs you provide, uploaded files, generated outputs, technical metadata, device and usage data, prompts, model settings, job settings, error logs, moderation signals, quality signals, and related records as reasonably necessary to provide, secure, troubleshoot, improve, monitor, and enforce limits for those features.

Current or planned processing may include:

  • third-party AI and content-moderation providers for text moderation, transcript moderation, transcription, and safety review;
  • BTR’s own audio-processing systems for vocal isolation and stem separation;
  • BTR’s own audio-processing systems for audio enhancement and cleaning;
  • automated or manual review of Shoutout videos before delivery;
  • AI-assisted review of voice-note transcripts and user-generated text;
  • fraud, abuse, spam, harassment, copyright, impersonation, child-safety, and safety detection; and
  • analytics, ranking, recommendation, discovery, and personalisation systems.

BTR may use information collected through the Services to operate, provide, secure, personalise, analyse, test, train, fine-tune, evaluate, validate, improve, commercialise, and optimise the Services and BTR’s current and future products, systems, tools, models, algorithms, analytics, reports, and automated technologies, subject to applicable law and any specific controls we make available.

Where available and appropriate, we configure vendor services to limit use of private user content for the vendor’s own unrelated model training or unrelated commercial purposes. Some features may have additional notices, settings, or third-party terms.

Where AI-generated content is made available through the Services, BTR will, where required by law or app-store rules, disclose or label it as AI-generated and provide reporting tools so users can flag AI-generated content that is objectionable, infringing, misleading, or unsafe.

Unless a feature-specific notice or separate agreement says otherwise, uploading private content to use a BTR tool does not give other BTR users ownership of that content and does not make that content generally public, royalty-free, or free for others to exploit.

Ownership and platform licence terms are addressed in our Terms of Service.

9. Cookies, pixels and similar technologies

We and our partners may use cookies, local storage, software development kits, web beacons, pixels, server-side events, conversion APIs, device identifiers, log files, and similar technologies to recognise your browser or device, remember preferences, measure performance, attribute traffic, prevent fraud, support analytics, support advertising, and understand how the Services are used.

These technologies may be used to:

  • keep you signed in and remember settings;
  • measure page views, button clicks, uploads, signups, purchases, subscription events, checkout events, campaign events, form submissions, and conversion events;
  • understand how users navigate the Services and where users encounter friction;
  • test product changes, improve performance, debug technical issues, and troubleshoot errors;
  • detect fraud, abuse, spam, bots, suspicious logins, artificial engagement, payment abuse, and platform misuse;
  • support remarketing, audience building, lookalike audiences, attribution, campaign reporting, and advertising measurement where enabled on the website;
  • help creators, sellers, advertisers, and BTR understand aggregate campaign, listing, or page performance where applicable; and
  • connect browser events with server-side events to improve attribution, security, fraud prevention, and measurement accuracy.

The BTR mobile app does not currently use Apple IDFA or cross-app advertising identifiers. The website may use pixels, cookies, conversion APIs, analytics, advertising, or attribution technologies as described in this section and subject to applicable consent controls.

Your browser or device may offer controls to block or delete cookies, limit tracking, reset advertising identifiers, restrict cross-site tracking, disable notification permission, disable location permission, or send privacy preference signals such as Global Privacy Control (GPC). Where required by applicable law, we treat a recognised opt-out preference signal as a valid request to opt out of sale or sharing for that browser or device. Some controls may be browser-specific, device-specific, or account-specific.

Some technologies are necessary for login, security, payments, fraud prevention, preferences, app operation, playback, and core functionality. Disabling them may affect how the Services work.

10. When we share information

We may share information in the following circumstances:

  • Service providers: with vendors that provide hosting, storage, cloud infrastructure, analytics, support, moderation, fraud prevention, AI/model infrastructure, machine-learning tools, data processing, database services, security tooling, email delivery, payment processing, tax, payout, app-store billing, ticketing, video services, and similar services on our behalf;
  • App stores and mobile providers: with Apple and Google for mobile authentication, app-store billing, subscription status, refunds, push notifications, crash reporting, entitlement handling, app review, and platform compliance;
  • AI, analytics, and automation providers: with providers that help us train, test, evaluate, operate, secure, monitor, improve, host, or support AI models, machine-learning systems, recommendation systems, ranking systems, search systems, moderation systems, reporting systems, behavioural algorithms, fraud-prevention systems, and product analytics;
  • Payment and transaction partners: with processors, app stores, banks, wallet providers, PayPal, tax or KYC providers, fraud vendors, payout providers, and relevant transaction counterparties where needed to complete purchases, payouts, disputes, chargebacks, refunds, or fraud checks;
  • Advertising and analytics partners: with marketing, attribution, analytics, measurement, and advertising partners, subject to your settings, applicable law, and this policy;
  • Other users: when you make profile information, listings, uploads, reviews, event pages, messages, shares, RSVPs, listening presence, crew activity, or other content visible to those users through the Services;
  • Rights holders and dispute participants: where reasonably necessary to review, respond to, or resolve copyright, image-rights, trademark, publicity, privacy, ownership, marketplace, payment, moderation, or platform-integrity disputes;
  • Child-safety authorities: with the National Center for Missing & Exploited Children (NCMEC), the Australian Centre to Counter Child Exploitation (ACCCE), and other competent authorities where we become aware of apparent child sexual abuse material or other child-safety violations, as required or permitted by law;
  • Legal, safety, and compliance reasons: when required or appropriate to comply with law, legal process, investigations, regulator requests, payment-provider requirements, sanctions obligations, tax obligations, court orders, or to protect rights, property, safety, evidence, or the Services;
  • Professional advisors: with lawyers, accountants, auditors, insurers, consultants, security advisors, and other professional advisors where needed for business, legal, compliance, audit, insurance, or risk-management purposes;
  • Corporate transactions: in connection with a merger, acquisition, investment, financing, reorganisation, sale of assets, bankruptcy, due diligence, or similar business transaction; and
  • With your direction or consent: where you ask us to share information or clearly authorise a disclosure.

We do not sell personal data in the ordinary data-broker sense, and we do not sell or share the personal information of users we know to be under 16 years of age. However, some privacy laws define “sale,” “sharing,” “targeted advertising,” or “cross-context behavioural advertising” broadly enough to include certain advertising, attribution, cookie-based audience, analytics, or tracking uses. Where required, we will provide applicable notice and choice.

11. Sub-processors and service providers

BTR may use service providers and sub-processors to operate the Services. The providers we use may change over time. Current or expected categories and examples include:

Provider / category Purpose Data involved
Apple Inc. Sign in with Apple, Apple Push Notification Service, App Store, StoreKit, subscriptions, in-app purchases, app review, crash and platform services. Authentication claims, push tokens, purchase receipts, transaction data, subscription status, device/app data, diagnostics.
Google LLC Sign in with Google, push messaging, Google Play Billing, Google Play subscriptions, app review, crash and platform services. Authentication claims, push tokens, purchase tokens, transaction data, subscription status, device/app data, diagnostics.
Cloud hosting, database and infrastructure providers App servers, API hosting, primary database storage, file storage, logs, backups, monitoring, security, and deployment. Account, profile, mobile, marketplace, payment ledger, analytics, content, moderation, and operational data.
Content delivery and media providers (CDN) Media delivery, caching, map and tile delivery, security, performance, and traffic routing. IP address, request headers, media URLs, cache logs, access logs, device/browser metadata.
AI, machine-learning and content-moderation providers Text moderation, transcript moderation, transcription, safety review, and AI-assisted processing. User text, transcripts, voice-note transcripts, Shoutout transcripts, moderation context, and tool inputs where applicable.
Real-time video providers Real-time Coaching Session video rooms. Room URLs, access tokens, call metadata, device/network data, IP address, connection data, audio/video routing data.
Payment, payout, KYC and fraud-prevention providers (including PayPal) Website-side payments, in-app purchase support, launch payout withdrawals, identity/tax verification, and fraud checks. Payment, payout, KYC, tax, transaction, fraud, account, compliance, payout email, amount, currency, and FX records.
Email and messaging delivery providers Transactional emails, verification emails, support messages, receipts, notices, and policy updates. Email address, message content, delivery logs, open/click data where enabled, bounce and suppression records.

We may add, remove, replace, or change service providers as the Services evolve. Where required by law, we use appropriate contractual, technical, and organisational safeguards with service providers, and we require them to process personal information only on our instructions and for the purposes for which it was disclosed.

12. Public content and user-generated material

Certain parts of the Services are public or visible to other users. If you create a profile, publish listings, upload music, add bios, post reviews, publish event pages, comment publicly, submit public marketplace materials, appear in artist features, RSVP publicly where supported, appear in backer lists, or otherwise make content visible through the Services, that information may be seen, copied, indexed, quoted, embedded, archived, screenshotted, downloaded, or shared by other people and third-party services.

Public content may also appear in search engines, AI assistants, previews, widgets, social media posts, embedded cards, BTR promotional materials, discovery tools, ranking pages, charts, marketplace pages, mobile app surfaces, and third-party links. Removing content from BTR may not remove copies, indexes, screenshots, embeds, cached versions, or records controlled by third parties.

Please think carefully before posting public content or including personal information in public areas, creator descriptions, files, metadata, lyrics, prompts, messages, images, videos, listings, comments, event pages, profile fields, or reports.

13. Copyright, takedown, moderation and legal records

BTR may process information connected with copyright notices, image-rights complaints, trademark complaints, privacy complaints, publicity-rights complaints, artist-likeness complaints, ownership disputes, moderation reports, safety reports, child-safety reports, fraud reports, chargebacks, counter-notices, and legal requests.

This information may include:

  • names, email addresses, organisations, account identifiers, and contact details of claimants, users, representatives, and rights holders;
  • URLs, screenshots, file names, image URLs, audio URLs, metadata, content IDs, content hashes, upload timestamps, removal timestamps, page versions, and asset provenance records;
  • licence records, contracts, releases, photographer credits, agency records, publication records, permission records, source links, ownership evidence, authority evidence, and correspondence;
  • moderation notes, user reports, block records, report reasons, content identifiers, reported-message metadata, internal review outcomes, enforcement decisions, appeal records, counter-notices, fraud signals, child-safety signals, legal-risk notes, and related operational records; and
  • records reasonably needed to protect BTR, users, creators, artists, rights holders, and third parties.

We may use this information to investigate and respond to complaints, remove or restore content, preserve evidence, prevent repeat infringement, detect abusive notices, comply with legal obligations, enforce our Terms, defend legal claims, support insurance or legal review, support child-safety enforcement, and protect platform integrity.

We may share relevant portions of rights notices, complaints, counter-notices, or evidence with affected users, rights holders, representatives, service providers, payment processors, legal advisors, insurers, regulators, courts, child-safety authorities, or law-enforcement authorities where reasonably necessary or legally required. We may withhold, redact, or limit disclosure where appropriate for privacy, safety, confidentiality, privilege, fraud prevention, legal risk, or platform integrity.

14. Data retention

We retain information for as long as reasonably necessary for the purposes described in this policy, including to operate the Services, maintain records, complete transactions, support users, investigate abuse, comply with law, resolve disputes, enforce agreements, preserve rights-related evidence, and protect platform integrity.

Data category Typical retention Notes
Account and profile data Until account deletion, plus backup/deletion cycle where applicable. Some records may be retained for legal, payment, tax, fraud, security, or dispute reasons.
Anonymous mobile identifier and pre-sign-up activity Until deletion request, account promotion, expiry, or operational deletion cycle. If you sign up, previous anonymous data may become associated with your account.
Raw mobile analytics events Typically 30 to 90 days. Aggregated, de-identified, or derived analytics may be kept longer.
Mobile share events Typically 90 days. Used for share-feedback notifications and related social features.
Search queries, screen views, recommendation impressions and clicks Typically 30 days for raw event records. Aggregated or de-identified data may be retained longer.
Play events and listening activity Typically 90 days for raw events, with aggregated stats kept longer. Used for charts, recommendations, heat, scout logic, and analytics.
Friendships, crew memberships, follows and settings Until removed, changed, deleted, blocked, or account deletion, subject to retention exceptions. Block and moderation records may survive longer where needed.
Direct messages and voice notes Until both sides soft-delete, account deletion, or another retention rule applies. May be retained for reports, safety, legal, fraud, or moderation reasons.
Shoutout videos Indefinite until both sides soft-delete, unless another retention rule applies. May be retained for delivery, payment, moderation, refund, dispute, legal, and safety purposes.
Coaching booking metadata Until booking is completed and for audit, support, payment, tax, and dispute periods. BTR does not record Coaching Session video calls by default.
Purchase events, IAP receipts, Google purchase tokens and artist earnings ledger No fixed TTL; retained as financial records. Needed for accounting, tax, refunds, chargebacks, audit, entitlement, and payment disputes.
Reports, moderation outcomes, blocks and enforcement records May be retained indefinitely or for the period needed to enforce repeat-offender and safety rules. Used for safety, child-safety, legal, fraud, abuse, and platform-integrity purposes.
Security logs, fraud logs and rate-limit records For the period needed for security, abuse prevention, investigation, and legal compliance. Some counters may be short-lived; serious incident records may be retained longer.
Backups Subject to backup deletion cycles, generally up to 90 days unless a longer period is needed. Backup deletion may lag active-system deletion.

Deleting an account or removing content may stop future public availability, but it may not immediately delete backups, logs, transaction records, legal records, support records, moderation records, copyright records, fraud-prevention records, analytics records, aggregated data, de-identified data, derived data, model-improvement records, system-improvement records, or other records we need to retain for legitimate operational, legal, accounting, tax, security, or dispute-resolution purposes.

14.1 Retention exceptions after deletion

The following information may be retained beyond account deletion where permitted or required by law:

  • purchase events and artist earnings ledger entries;
  • tax and accounting records;
  • records subject to legal hold;
  • records preserved as evidence in a pending or threatened dispute;
  • records preserved in response to law-enforcement, regulator, court, app-store, payment-provider, or legal requests;
  • aggregated, de-identified, or derived analytics that no longer identify the user under applicable law;
  • audit logs for security and fraud investigation;
  • IAP receipts and purchase tokens needed for refund, chargeback, entitlement, and app-store handling;
  • sanctions, tax, KYC, or payout records for the period required by applicable law or provider rules;
  • records of moderation actions, blocks, reports, enforcement decisions, child-safety incidents, and safety incidents needed to enforce repeat-offender rules; and
  • backup copies until the relevant backup deletion cycle completes.

15. Account deletion and data deletion

Users may request deletion of their BTR mobile account and associated app data. Where the mobile app supports account creation, users may initiate account deletion from inside the BTR mobile app through Settings → Delete Account.

Users may also request account deletion and associated app data deletion from the public web page at https://beatstorapon.com/delete-mobile-account, or by contacting us at info@beatstorapon.com. This web page is publicly reachable without downloading the app and without logging in, so deletion can be requested even if you no longer have the app installed. This is the account-deletion URL BTR declares to the Apple App Store and Google Play.

When a deletion request is verified, BTR will take steps to delete or de-identify personal information associated with the relevant account from active systems, subject to the retention exceptions described in this Privacy Policy and any retention required or permitted by law.

15.1 Data that is deleted or de-identified

  • profile data, authentication data, personal account details, app account records, mobile preferences, push tokens, and account-linked mobile identifiers;
  • listening history, likes, follows, scout positions, and personalisation state tied to the account, where not required for the exceptions below; and
  • public content that is removed from public display where technically and legally feasible, subject to prior shares, third-party copies, screenshots, caches, completed transactions, and retained records.

15.2 Data that may be retained

  • financial, tax, payment, payout, purchase, IAP, refund, and chargeback records;
  • fraud, audit, moderation, legal, rights, child-safety, safety, security, and dispute records; and
  • aggregated, de-identified, or derived data that no longer identifies you under applicable law.

15.3 Things to know about deletion

  • Deleting the BTR app from your device does not by itself delete your BTR account.
  • Deleting your BTR account does not necessarily cancel Apple or Google subscriptions. App-store subscriptions must be managed through Apple or Google subscription settings.
  • You may be able to sign up again with the same email after deletion, but prior data may not be restored.

We may need to verify your identity and account relationship before completing a deletion request so that we do not delete the wrong account. If we cannot reasonably verify the request, we may ask for more information or decline to complete the deletion until verification is possible.

You may also request deletion of specific app data without deleting your entire account. We may decline or limit specific deletion requests where retention is needed for legal, payment, tax, accounting, fraud-prevention, security, moderation, dispute, rights-management, app-store, or operational reasons.

16. International data transfers

BTR may operate globally, and information may be stored or processed in countries other than the country where you live. Those countries may have data protection laws that differ from those in your jurisdiction.

Where required, we use reasonable safeguards for international transfers, which may include contractual protections, organisational measures, technical security controls, data processing agreements, transfer impact assessments, standard contractual clauses, or other lawful transfer mechanisms.

If you are located in the EEA, UK, Switzerland, or another jurisdiction with international transfer restrictions, your personal data may be transferred to Australia, the United States, and other countries where BTR, its service providers, processors, infrastructure providers, analytics providers, payment providers, app stores, AI/model infrastructure providers, or support providers operate. Where required by law, BTR will use appropriate transfer safeguards.

17. Your privacy rights and choices

Depending on where you live, you may have rights to:

  • request access to the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request deletion of your personal information, subject to exceptions;
  • request restriction of certain processing activities;
  • object to certain processing, including some direct marketing, legitimate-interest, profiling, or targeted advertising uses;
  • request portability of certain information where technically feasible;
  • withdraw consent where processing is based on consent;
  • opt out of certain advertising, sale, sharing, profiling, or targeted advertising practices where applicable;
  • limit the use or disclosure of sensitive personal information where applicable;
  • manage mobile permissions for location, camera, microphone, photos, notifications, background activity, and local device access through device settings;
  • manage push notification preferences through device settings or in-app settings where available;
  • manage Listening Visibility, Scene Around Me, blocks, friends, crews, and social visibility settings where available; and
  • lodge a complaint with a privacy regulator where available under applicable law.

Where available, you may also be able to adjust product settings, consent choices, cookie controls, marketing preferences, mobile app permissions, notification preferences, AI/product-improvement preferences, or account settings.

These controls may apply only to future processing and may not require BTR to reverse prior processing, delete completed transaction records, remove lawful records, alter aggregated or de-identified data, unwind model or system improvements, or stop processing that is necessary for security, fraud prevention, legal compliance, dispute handling, service delivery, rights handling, payments, app-store handling, or enforcement of our terms.

We may need to verify your identity before completing a request. We may request account details, proof of identity, proof of authority, relationship to the account, or other information reasonably needed to verify and process the request. You may use an authorised agent to make a request where applicable law allows, and we may ask the agent to provide proof of authorisation. We will not discriminate against you for exercising your privacy rights.

To exercise your rights or manage certain preferences, use the relevant account settings where available, visit https://beatstorapon.com/delete-mobile-account for mobile account deletion requests, or contact us using the details in Section 24.

18. App Store and Google Play privacy disclosures

This section supports the privacy disclosures BTR provides through Apple App Store Connect (App Privacy) and the Google Play Console (Data Safety). It is intended to be read together with the rest of this Privacy Policy. Where the store-level labels and this policy differ in wording, both describe the same underlying data practices; the store labels are a summarised view and this policy is the full description.

18.1 Apple App Privacy details

For App Store privacy disclosure purposes, the BTR mobile app may collect or process data categories including:

  • Contact Info: such as name, email address, phone number where provided, and account contact details.
  • Identifiers: such as consumer ID, account ID, user ID, anonymous identifier, device-linked identifiers used for app functionality, push tokens, app-store transaction identifiers, and purchase identifiers.
  • Location: precise device location where you grant permission, and coarse or approximate location derived from that permission for supported features such as Scene Around Me, Scene Heat, nearby events, and local discovery.
  • User Content: such as profile content, usernames, bios, messages, crew content, reports, Shoutout prompts, Shoutout videos, uploads, photos, images, videos, event content, and other content you provide.
  • Audio Data: such as uploaded audio, voice notes, Shoutout audio, audio files, and audio-related content used for supported features.
  • Usage Data: such as app launches, screen views, plays, skips, searches, recommendations, clicks, likes, saves, follows, shares, scout activity, event interactions, and feature usage.
  • Purchase History: such as mobile purchase records, product IDs, subscription status, receipts, purchase tokens, transaction IDs, refund status, entitlement status, and related app-store records.
  • Search History: such as mobile search queries and search interactions.
  • Diagnostics: such as crash, error, performance, latency, app diagnostic, and troubleshooting data.
  • Other Data: such as fraud, moderation, safety, child-safety, rate-limit, support, rights, compliance, and platform-integrity records.

Data Linked to You. Because BTR is an account-based service, most of the categories above may be linked to your identity, account, anonymous identifier, or device where needed to provide the Services, operate features, verify purchases, maintain security, process support, prevent fraud, handle payments, enforce terms, moderate content, support child safety, personalise discovery, and comply with law.

Data Not Linked to You. Certain diagnostics, aggregated analytics, and de-identified records may be processed in a form that is not linked to your identity, consistent with Apple's framework and applicable law.

Data Used to Track You. BTR does not currently use Apple IDFA, mobile advertising identifiers, third-party in-app advertising networks, or mobile cross-app tracking identifiers. BTR does not currently use mobile app data to track you across third-party apps or websites for advertising purposes, and the app does not request App Tracking Transparency permission. Accordingly, the BTR app declares no data as "Data Used to Track You" in its App Store privacy label. If this changes, BTR will request App Tracking Transparency permission where required and update this policy and the App Store label before the change ships.

Account deletion (App Store). The BTR app supports in-app account deletion (Settings → Delete Account) and an off-app, login-free deletion path at https://beatstorapon.com/delete-mobile-account, consistent with Apple's account-deletion requirement for apps that support account creation.

18.2 Google Play Data Safety

For Google Play Data Safety purposes, the BTR mobile app may collect, process, or share data categories including personal info, app activity, app information and performance, device or other identifiers, precise or approximate location where granted, user-generated content, audio files, videos, photos or images where provided, purchase history, search history, diagnostics, and safety, fraud, moderation, support, and compliance records.

Data may be collected or processed for app functionality, analytics, account management, developer communications, fraud prevention, security, compliance, personalisation, payment handling, app-store entitlement handling, support, moderation, safety, child safety, rights handling, and platform integrity.

BTR uses service providers to operate the app, including providers for hosting, database storage, app-store billing, push notifications, authentication, payments, payouts, email, moderation, AI-assisted safety review, media delivery, diagnostics, and support. Where BTR shares data with these providers, it is shared so they can perform services for BTR and not for their own independent advertising purposes. BTR does not sell personal information in the ordinary data-broker sense.

BTR uses reasonable security measures designed to protect data in transit and in storage, including encrypted transport where appropriate, access controls, authentication, logging, monitoring, and vendor controls. No method of transmission or storage is completely secure.

BTR provides account deletion from inside the mobile app where account creation is supported and also accepts deletion requests through the publicly reachable web page at https://beatstorapon.com/delete-mobile-account and at info@beatstorapon.com, subject to verification and the retention exceptions described in this Privacy Policy. Users may request deletion of their whole account or of specific categories of associated data. This deletion web page is the URL BTR declares in the Google Play Console.

18.3 No mobile advertising network at launch

The BTR mobile app does not currently include a third-party in-app advertising network, banner ads, interstitial ads, or rewarded video ads. BTR may promote artists, tracks, events, Drops, charts, marketplace activity, app features, and platform content inside the app as part of editorial, discovery, product, or platform activity.

18.4 Age rating and child safety

BTR completes the Apple and Google age-rating and content questionnaires honestly and in good faith, disclosing that the app contains user-generated content, messaging, and social features. BTR is submitted as a general-audience music app for users aged 13 and over and is not a "Kids", "Families", or "Made for Kids" app. The age rating shown on each storefront is assigned by that store based on the questionnaire and the store's own rules; this policy does not assign or guarantee any particular rating.

BTR maintains child-safety and CSAE (child sexual abuse and exploitation) standards and a zero-tolerance approach to child endangerment, as described in Section 20 of this policy and in our Terms of Service. The app provides in-app reporting and blocking, and BTR maintains a dedicated child-safety point of contact at childsafety@beatstorapon.com for the purposes of the Google Play child-safety standards and equivalent Apple requirements.

18.5 Store disclosures must match actual app behaviour

The privacy information shown in App Store Connect and Google Play Console should match the actual data collected, processed, linked, shared, and used by the BTR mobile app. If BTR adds new SDKs, analytics providers, advertising tools, permissions, data categories, tracking uses, payment products, location features, AI features, or social features, BTR will update this Privacy Policy and the relevant store privacy disclosures where required, before or at the time the change ships.

19. Region-specific notices

19.1 Australia

If you are in Australia, personal information is handled in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and other applicable privacy laws where they apply. You may request access to or correction of personal information we hold about you by contacting us using the details in Section 24.

If you have a privacy complaint, contact us first so we can review it. If you are not satisfied with our response, you may have the right to contact the Office of the Australian Information Commissioner or another relevant regulator.

19.2 EEA / EU users

If you are located in the European Economic Area, BTR may process your personal data as a controller for the purposes described in this Privacy Policy. Depending on the context, we may process personal data because it is necessary to perform a contract with you, because we have a legitimate interest, because we need to comply with a legal obligation, because you have given consent, or because another lawful basis applies under applicable data protection law.

Our legitimate interests may include operating and improving the Services, securing the platform, preventing fraud and abuse, personalising user experiences, ranking and recommending content, supporting creator discovery, generating analytics and reports, developing and improving AI and automated systems, handling rights complaints, preserving evidence, communicating with users, enforcing our terms, and protecting BTR, users, creators, rights-holders and third parties.

Where consent is required, including for certain cookies, tracking technologies, marketing communications, precise location, sensitive data uses, or specific AI/product-improvement uses, we will seek consent where legally required. Where the processing of a child's personal data is based on consent in the context of information-society services, we apply the applicable EEA age of digital consent (which member states set between 13 and 16) and seek parental or guardian consent where required.

Subject to applicable law, you may have rights to request access, correction, erasure, restriction, portability, objection to processing, objection to direct marketing, and rights relating to certain automated decision-making or profiling. You may exercise these rights by contacting us using the details in Section 24.

You also have the right to lodge a complaint with a data protection authority in the country where you live, work, or where you believe a data protection issue has occurred. If BTR is required to appoint an EU representative under Article 27 of the GDPR, we will identify that representative here or through another appropriate notice.

19.3 United Kingdom users

If you are located in the United Kingdom, BTR may process your personal data under the UK GDPR and Data Protection Act 2018 where applicable. We may rely on contractual necessity, legitimate interests, consent, legal obligation, or another lawful basis depending on the processing activity. Where processing a child's personal data is based on consent for information-society services, we apply the UK age of digital consent (13) and seek parental or guardian consent where required.

You may have rights to access, correction, erasure, restriction, portability, objection, withdrawal of consent where processing is based on consent, and rights relating to certain automated decision-making or profiling. You may exercise these rights by contacting us using the details in Section 24.

You may also lodge a complaint with the UK Information Commissioner’s Office. If BTR is required to appoint a UK representative, we will identify that representative here or through another appropriate notice.

19.4 California and similar U.S. state privacy laws

If you are covered by a U.S. state privacy law that gives rights to know, access, delete, correct, opt out, limit certain uses of sensitive personal information, or opt out of certain targeted advertising, sale, sharing or profiling practices, you may submit requests using the methods described in Section 24.

We do not sell personal information in the ordinary data-broker sense. However, some U.S. privacy laws define “sale,” “sharing,” “targeted advertising,” or “cross-context behavioural advertising” broadly enough to include certain advertising, analytics, attribution, cookie-based audience, or tracking activities. Where required, we will provide applicable opt-out rights, and we honour recognised opt-out preference signals such as Global Privacy Control (GPC) for the relevant browser or device where applicable law requires it. We do not knowingly sell or share the personal information of consumers under 16 years of age.

We will not unlawfully discriminate against you for exercising applicable privacy rights, and you may use an authorised agent to submit a request where the law allows.

19.5 Other regions

Depending on where you live, you may have additional privacy rights under local law, including rights to access, correct, delete, restrict, object, withdraw consent, lodge a complaint, or request information about how your personal information is processed. BTR will respond to valid privacy requests as required by applicable law.

19.6 Advertising choices

You may be able to limit interest-based advertising by using browser controls, device settings, consent tools, recognised opt-out signals, or opt-out mechanisms offered by certain advertising partners. Some choices may be browser-specific, device-specific, or account-specific.

20. Children’s privacy and child safety

20.1 Minimum age and under-13 users

BTR requires account holders to be at least 13 years old. The Services are not directed to children under 13, and BTR is not a “Kids”, “Families”, or “Made for Kids” app. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without required consent, we will delete that information and may suspend or remove the account, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA) and other applicable children’s privacy laws. If you believe a child under 13 has provided us personal information, contact us using the details in Section 24 and we will investigate and take appropriate action.

20.2 Teen users (13 to the age of majority)

If you are at least 13 but under the age of majority, or under the applicable age of digital consent in your region (which some EEA member states set between 13 and 16), you may use the Services only with the consent and supervision of a parent, guardian, or authorised adult who is responsible for your use of the Services. Where required by law, we will seek parental or guardian consent for the relevant age group, or rely on age-assurance signals provided by the app store, operating system, or device. A responsible adult or organisation that allows a minor to use the Services is responsible for ensuring the use is lawful and appropriate.

20.3 Age signals and feature gating

BTR generally establishes age through self-declared or attested age and does not represent that it performs identity-based date-of-birth verification for all users. Some features may require an additional attestation or age check to access specific age-restricted content or controls. Any age or attestation information may be stored server-side and used for safety, compliance, moderation, eligibility, and feature-gating purposes.

20.4 Child safety and CSAE

BTR maintains a zero-tolerance approach to child sexual abuse and exploitation (CSAE). Child sexual abuse material (CSAM), sexualisation of minors, grooming, sextortion, child trafficking, and related content or conduct are strictly prohibited, including AI-generated depictions, as described in our Terms of Service.

Users can report suspected child-safety violations through the in-app reporting and blocking tools and by contacting BTR’s child-safety point of contact at childsafety@beatstorapon.com. When BTR becomes aware of apparent CSAM or other child-safety violations, we will act promptly to remove or disable the content, suspend or permanently ban the responsible account, preserve relevant evidence, and report the matter to the National Center for Missing & Exploited Children (NCMEC), the Australian Centre to Counter Child Exploitation (ACCCE), and/or other competent authorities as required or permitted by law. We may process and retain information related to child-safety reports for safety, repeat-offender enforcement, legal compliance, and cooperation with authorities.

21. Security

We use reasonable technical, administrative, and organisational measures designed to protect information against unauthorised access, loss, misuse, alteration, or disclosure. Measures may include access controls, authentication, encryption in transit where appropriate, logging, monitoring, backups, vendor controls, staff access limits, rate limits, abuse detection, and security review processes.

However, no service, network, storage system, app, device, or internet transmission is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your own credentials, devices, email account, payment accounts, Apple account, Google account, PayPal account, and account access. If you believe your account has been compromised, contact us promptly.

If we become aware of a data security incident that requires notice under applicable law, we will provide notice as required by that law.

22. Third-party links and integrations

The Services may contain links to third-party websites, platforms, processors, tools, embeds, AI services, payment services, app stores, social networks, streaming services, ticketing tools, analytics tools, ad platforms, map tools, video providers, and integrations. Their privacy practices are governed by their own policies, not this one.

If you interact with a third-party service through BTR, such as by clicking a link, opening native maps, signing in with Apple or Google, making an app-store purchase, using PayPal, joining a Coaching Session, embedding content, using an AI feature, or connecting an external platform, that third party may collect or process information under its own terms and privacy policy.

23. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and may provide additional notice where appropriate, such as by posting a notice on the Services, sending an email, displaying a dashboard notice, using an app notice, using a consent tool, or otherwise notifying users.

Your continued use of the Services after the revised policy takes effect means you acknowledge the updated Privacy Policy.

If we make material changes to how we use personal information for mobile app data, account deletion, AI training, model development, automated systems, advertising, analytics, product-improvement, payment, app-store purchase, or location purposes, we may provide additional notice where appropriate, including by email, dashboard notice, app notice, account notice, consent tool, update banner, or other reasonable method.

24. Contact us

If you have questions, requests, privacy complaints, access requests, correction requests, deletion requests, advertising opt-out requests, mobile privacy questions, app-store privacy questions, rights-related privacy concerns, child-safety concerns, or concerns about this Privacy Policy or our privacy practices, contact us using the details below.

The Privacy terms are a binding agreement between you and OUTERMARK GROUP PTY LTD (ACN 699 247 277) of Level 1, 446 Oxford St, Bondi Junction NSW 2022, Australia ("BeatsToRapOn", "BTR", "we", "us" or "our"), which operates the Services.

We may need to verify your identity, account relationship, or authority to act before responding to a request. Do not send unnecessary sensitive information unless requested through an appropriate secure process.

BTR · BEATSTORAPON · PRIVACY MIDNIGHT MANIFESTO NEW SOUTH WALES · AUSTRALIA