All systems operational
    System status →

    Security

    Last Updated: March 2026

    Your music, your money, your fans. Protected.

    WAVjunkie is built on security-certified infrastructure. This page explains in plain language how we protect what matters most to you as an independent artist.

    1. Infrastructure Security

    WAVjunkie is built on SOC 2 Type II and ISO 27001:2022 certified infrastructure. All data is encrypted at rest and in transit using industry-standard TLS encryption. The certifications belong to the infrastructure layer and are independently audited.

    • SOC 2 Type II certified infrastructure
    • ISO 27001:2022 certified infrastructure
    • All data encrypted at rest
    • All data encrypted in transit via TLS
    • HTTPS on every page, every request, every file transfer
    • Real-time error and anomaly monitoring via Sentry
    • Live system status at wavjunkie.statuspage.io — incidents reported publicly and promptly

    2. Your Account

    WAVjunkie administrators can view a limited set of account information for moderation and compliance purposes. This includes your display name, email address, account role, join date, release count, play count, earnings, flag count, compliance history, and purchase history. This information is used solely for platform moderation, compliance review, and support.

    Administrators cannot log into, access, or act within your account. We cannot view private messages, access unpublished content, or retrieve your credentials. We have no ability to browse your account as you.

    Administrative actions available to WAVjunkie are strictly limited to:

    • Suspending an artist from uploading, where a content policy violation has been identified
    • Suspending a user account in its entirety, where a Terms of Service violation has been identified
    • Deleting a user account, where required under our Terms of Service or at your request

    WAVjunkie cannot access, secure, lock, or force a password change on any user account. If you lose access to your account or believe it has been compromised, we recommend resetting your password immediately via the login page. Contact [email protected] and we will assist where we are able, but our administrative access does not extend to account-level intervention.

    3. Your Music Files

    When you upload music to WAVjunkie, your files are stored in access-controlled cloud storage. Your tracks — whether pending, live, or unpublished — are not accessible to the general public until you choose to make them available.

    WAVjunkie administrators cannot access, download, or alter your uploaded music files. Administrative access to file storage is limited to identifying and removing orphaned or unlinked files as part of routine platform maintenance. Your music is yours.

    Fulfilment Recovery

    In the rare event that a confirmed purchase does not correctly trigger a download — for example, if a payment processes successfully but a technical fault prevents the file from appearing in the buyer's download library — a WAVjunkie administrator may manually assign that file to the purchaser's download area as a fulfilment recovery action.

    This action is only ever performed against verified payment confirmation and is logged internally. It exists solely to ensure that a completed transaction results in the buyer receiving what they paid for. It is not a mechanism for general file access.

    4. Your Financial Information

    WAVjunkie never stores your card details, bank account numbers, or sensitive financial credentials. All payment processing is handled by Stripe, and all payout information is handled by Stripe Connect. WAVjunkie only ever sees what Stripe explicitly and securely shares — transaction amounts, payout statuses, and account verification outcomes.

    No WAVjunkie employee or administrator can see your full bank account number, card details, or financial credentials. These are held exclusively by Stripe under their own PCI DSS compliance framework.

    5. Your Fan Data

    Your Fan Mail subscriber list belongs to you. WAVjunkie processes emails on your behalf — sending your campaigns using our verified sending domain — but your subscriber data is not sold, shared with third parties, or used for any purpose other than sending the communications you authorise.

    • Fan subscriber lists are owned by the artist, not by WAVjunkie
    • WAVjunkie does not contact your subscribers on its own behalf without your knowledge
    • You can export your subscriber list at any time from your dashboard
    • If you close your WAVjunkie account, your subscriber data is removed within 30 days
    • All imported contacts must complete a re-permission flow before receiving any campaign

    6. Account Security

    Your WAVjunkie account is protected by secure authentication. We recommend using a strong, unique password and not sharing your login credentials with anyone. WAVjunkie staff will never ask for your password.

    All login and signup pages are protected by Cloudflare Turnstile bot detection to prevent automated access attempts.

    Password Security

    WAVjunkie enforces strong password requirements at the point of account creation and password change. Passwords that are too weak are rejected automatically. Additionally, passwords that are known to have appeared in public data breaches or credential leak databases are blocked from use entirely. This protects your account from credential stuffing attacks even if a password you have used elsewhere has been compromised.

    If you believe your account has been compromised, reset your password immediately via the login page and contact [email protected]. Please be aware that our administrative access does not allow us to lock or secure your account on your behalf — resetting your own password is the most effective immediate action you can take.

    7. GDPR and Data Protection

    WAVjunkie complies with the EU General Data Protection Regulation (GDPR). You have the right to access the personal data we hold about you, request its correction, and request its deletion.

    • Right of access — request a copy of the personal data we hold about you
    • Right to rectification — ask us to correct inaccurate data
    • Right to erasure — request deletion of your account and personal data
    • Right to portability — request your data in a portable format
    • Right to object — object to certain types of processing

    To exercise any of these rights, contact [email protected]. We will respond within 30 days.

    For the full details of how we handle your data, see our Privacy Policy.

    8. Contact

    General security and account concerns
    [email protected]

    DMCA and compliance matters
    [email protected]

    For responsible disclosure of vulnerabilities, see our Responsible Disclosure policy.

    System status
    wavjunkie.statuspage.io

    WAVjunkie — The ultimate destination for independent music.