All systems operational
    System status →

    Privacy Policy

    Last Updated: March 2026

    1. Introduction

    WAVjunkie ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. WAVjunkie operates under the EU General Data Protection Regulation (GDPR).

    2. Who We Are

    WAVjunkie is an independent music marketplace and the data controller for the personal data we collect from artists, listeners, and visitors to wavjunkie.com. For any questions about how we handle your data, contact us at [email protected].

    3. Information We Collect

    Account Information

    When you create a WAVjunkie account we collect your name, email address, country of residence, and a secure password. Your account creation date is recorded at the point of registration. If you sign in via Google OAuth, we receive your name, email address, Google profile image (if available), and Google account unique identifier. This information is used only to create and manage your account and authenticate your identity.

    Profile Information

    Display name, biography, and avatar image that you choose to add to your public artist or listener profile.

    Birthday (Optional)

    Artists may optionally provide their birthday — month and day only. Year of birth is never collected or stored. This information is used solely to provide a fee-free day on your birthday as part of the WAVjunkie artist loyalty programme. This field will be available from early 2027.

    Payment and Payout Information

    All payment processing is handled by Stripe. All artist payout information is handled by Stripe Connect. WAVjunkie never receives or stores your card number, full bank account number, or other sensitive financial credentials. We only receive what Stripe explicitly and securely shares — transaction amounts, payout statuses, and identity verification outcomes.

    Fan Mail Subscriber Data

    If you use WAVjunkie Fan Mail, the email addresses and consent records of your subscribers are stored on your behalf. This data belongs to you. See Section 8 for full details.

    Bug Reports

    If you voluntarily submit a bug report through the in-platform bug report tool, we collect the category, severity, description, page URL at time of submission, and optional email address you provide. This data is used solely to investigate and resolve platform issues.

    Usage Information

    We automatically collect IP addresses, device information, browser type and operating system, pages visited, features used, and music playback and download history. This information is used to maintain and improve the platform and to detect fraud or abuse.

    4. How We Use Your Information

    We use the collected information to:

    • Provide and maintain your WAVjunkie account and services
    • Process transactions and deliver purchased music files to buyers
    • Process artist payouts on the scheduled quarterly basis
    • Send Fan Mail campaigns on your behalf to your subscriber list
    • Send platform notifications including release approvals, rejections, flag notices, and payout confirmations
    • Send promotional communications where you have given consent
    • Deliver artist loyalty rewards including birthday fee-free days and WAVjunkie-versary notifications
    • Respond to support requests and bug reports
    • Analyse usage patterns and improve the platform
    • Detect and prevent fraud, abuse, and policy violations
    • Comply with legal obligations

    5. Information Sharing

    We share data only with the providers necessary to operate the platform. We do not sell your personal data. We do not share your data with advertisers. We do not use your data to train AI models.

    • Stripe — payment processing and artist payouts via Stripe Connect. PCI DSS compliant.
    • Supabase — database, file storage, and authentication infrastructure. SOC 2 Type II certified.
    • Resend — email delivery for Fan Mail campaigns and platform notifications.
    • Sentry — real-time error monitoring and platform performance tracking.
    • Cloudflare — bot detection and security via Turnstile on login and signup pages.
    • Atlassian Statuspage — public platform status and incident reporting at wavjunkie.statuspage.io.
    • Google — OAuth authentication. See Section 6 for full details of Google data handling.

    We may also share your information when required by law or court order, and in connection with a business transfer such as a merger or acquisition — in which case your data would remain subject to this policy or one offering equivalent protections.

    6. Google OAuth Authentication

    WAVjunkie offers sign-in via Google authentication services. When you choose to sign in with Google, we may receive the following from your Google account, subject to your consent:

    • Full name
    • Email address
    • Google profile image (if available)
    • Google account unique identifier (OAuth ID)

    This information is used only to create and manage your account, authenticate your identity, and display your profile within the platform. We do not sell or share Google user data for advertising or third-party purposes.

    Our use of Google data complies with the Google API Services User Data Policy and the Limited Use requirements.

    To request deletion of your Google-sourced data, contact [email protected].

    7. Data Security

    WAVjunkie is built on SOC 2 Type II and ISO 27001:2022 certified infrastructure. All data is encrypted at rest and in transit using TLS. Login and signup pages are protected by Cloudflare Turnstile bot detection. Real-time error and anomaly monitoring is provided by Sentry.

    WAVjunkie administrators can view a limited set of account information for moderation and compliance purposes. This includes your display name, email address, account role, join date, release count, play count, earnings, flag count, compliance history, and purchase history. This information is used solely for platform moderation, compliance review, and support.

    Administrators cannot log into, access, or act within your account. We cannot view private messages, access unpublished content, or retrieve your credentials.

    Administrative actions available to WAVjunkie are strictly limited to: suspending an artist from uploading where a content policy violation has been identified, suspending a user account in its entirety where a Terms of Service violation has been identified, and deleting a user account where required under our Terms of Service or at your request. WAVjunkie cannot access, secure, lock, or force a password change on any user account.

    WAVjunkie administrators cannot access, download, or alter your uploaded music files. Administrative file access is limited to removing orphaned or unlinked files during routine maintenance, and to manually assigning purchased files to a buyer's download library in the event of a verified fulfilment failure. All such actions are logged internally.

    WAVjunkie enforces strong password requirements at the point of account creation and password change. Passwords that are too weak are rejected automatically. Passwords that are known to have appeared in public data breaches or credential leak databases are blocked from use entirely, protecting your account from credential stuffing attacks even if a password you have used elsewhere has been compromised.

    No method of transmission over the internet is 100% secure. While we implement appropriate technical and organisational measures, we cannot guarantee absolute security. If you believe your account has been compromised, contact [email protected] immediately.

    8. Fan Mail and Subscriber Data

    If you use WAVjunkie Fan Mail, your subscriber email addresses and consent records are stored on your behalf. This data belongs to you as the artist.

    • WAVjunkie processes subscriber data solely to deliver the campaigns you authorise
    • We do not use your subscribers' data for WAVjunkie's own marketing
    • We do not share your subscriber list with any third party
    • Subscribers may unsubscribe at any time via the link included in every campaign email
    • All contacts added via import must complete a re-permission flow before receiving any campaign
    • You may export your subscriber list at any time from your dashboard
    • On account deletion, your subscriber data is removed within 30 days

    9. Data Retention

    • Account data — retained for the duration of your account. Removed within 30 days of account deletion, subject to the exceptions below.
    • Transaction records — retained for up to 7 years for legal and tax compliance purposes, even after account deletion.
    • Fan Mail subscriber data — retained on your behalf for the duration of your account. Removed within 30 days of account deletion.
    • Bug reports — retained indefinitely as internal operational records. Not linked to your public profile.
    • Usage logs — retained for up to 12 months for platform security and fraud detection purposes.

    10. Your Rights Under EU GDPR

    WAVjunkie complies with the EU General Data Protection Regulation (GDPR). All users have the following rights regardless of their location:

    • Right of access — request a copy of the personal data we hold about you
    • Right to rectification — ask us to correct any inaccurate or incomplete personal data
    • Right to erasure — request deletion of your account and associated personal data
    • Right to portability — request your personal data in a portable, machine-readable format
    • Right to object — object to processing based on legitimate interests or for direct marketing
    • Right to restriction — ask us to restrict processing in certain circumstances

    To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

    11. Cookies and Tracking

    WAVjunkie uses only essential cookies necessary for authentication and platform functionality. We do not use advertising cookies, third-party tracking cookies, or cookies that follow you across other websites.

    We use Google Tag Manager to manage analytics tags. Analytics data is collected in aggregated, anonymised form and is not used to identify individual users or shared externally for advertising purposes.

    For more information, please see our Cookie Policy.

    12. Children's Privacy

    WAVjunkie is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact [email protected] and we will take immediate action.

    13. International Data Transfers

    WAVjunkie operates under EU GDPR. Your data may be processed by our third-party providers in countries outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place — including standard contractual clauses or adequacy decisions — to protect your personal data in accordance with GDPR requirements.

    14. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email and by updating the date at the top of this page. Continued use of WAVjunkie after notification constitutes acceptance of the updated policy.

    15. Contact Us

    For general enquiries and data requests: [email protected]

    For DMCA, copyright, and compliance matters: [email protected]

    We aim to respond to all privacy requests within 30 days of receipt.