Human-led · AI-built Delistening is designed and directed by humans, and built by AI agents — currently in early alpha. Expect rough edges as we test.

Legal

Privacy Policy

Last updated 9 June 2026 · Early-alpha version

Delistening is in early alpha. This policy describes what we collect today and how we use it; it will evolve as the platform grows. We'll update the date above when it changes.

1. Our posture

Delistening exists to tell artists the truth about their listeners — which only works if we handle data carefully. We do not sell your personal data, and we do not run advertising on artist content without the artist's opt-in. Operated by [Operator legal name], we act as the data controller for the information described here.

2. What we collect

  • Account information — your email address, a securely hashed password, and (if you become an artist) your artist profile details.
  • Content you upload — tracks, cover art, and related metadata.
  • Listening telemetry — as you play tracks we record play events (start, progress, pause, complete, seek, skip, tab visibility), session and track-change events, and within-track position. This is the raw material for the analytics we provide to artists.
  • Approximate location — a coarse geographic region derived from your IP address (used for the geographic-concentration insight). We do not collect precise GPS location from the web player.
  • Device & technical data — browser/user-agent, and the technical details needed to deliver and secure the service.
  • Payment information — handled by our payment processor (Stripe). We do not store full card numbers.

A native mobile app is planned. If and when it ships, it may collect additional sensor signals (such as precise location or motion) — and where it does, it will be with clear, separate consent. Those signals are not collected today.

3. How we use it

  • To provide the player and the artist analytics (the core purpose).
  • To validate plays — fraud analysis distinguishes real human listening from bots so the numbers artists see are trustworthy.
  • To operate, secure, and support the service, and to communicate with you (e.g. account, verification, and security emails).
  • To meet legal obligations, including content-safety scanning of uploads.

4. What artists can see

Artists see aggregated and per-listener engagement insights for their own tracks — for example fan rankings, geographic concentration, replay and skip patterns, and share attribution. These insights are part of the service an artist is using; they are not sold to third parties.

5. Who processes data on our behalf

We use a small set of service providers (sub-processors) who handle data only to deliver Delistening, under contract:

  • Hosting / infrastructure — our cloud hosting provider.
  • Object storage — Cloudflare R2 (audio + cover files).
  • Analytics storage — ClickHouse (play-event analytics).
  • Payments — Stripe.
  • Email delivery — our transactional email provider.
  • Content-safety scanning — Cloudflare (CSAM / image classification on uploads).

We do not sell personal data to third parties. If we ever introduce a listener-elected data-brokerage option, it would be strictly opt-in per category, the listener would be paid, personal identifiers would never be included, and you could revoke it at any time. No such program is active today.

6. Cookies & local storage

We use cookies and browser storage that are necessary to run the service — your login session, a short-lived token the player uses to send telemetry, and your saved theme preference. We do not use third-party advertising or cross-site tracking cookies.

7. Data integrity & retention

Play events are append-only: once recorded they aren't silently altered, and corrections are made as new, audited events. We keep your data while your account is active and as needed to provide the service and meet legal obligations. When you delete content or close your account, we remove it from active systems (subject to short-lived backups and legal retention).

8. Your rights

  • Access & export. You can access your data and export your complete canonical record at any time — we won't block your exit.
  • Correction & deletion. You can correct your account details and request deletion of your account and content.
  • Depending on where you live, you may have additional rights (e.g. to object to or restrict certain processing). Contact us to exercise them.

9. Security

Passwords are hashed, two-factor authentication is available, and our internal services authenticate to each other with asymmetric keys rather than shared secrets. No system is perfectly secure, but security and data integrity are the foundation the platform is built on, not an afterthought.

10. Children

The service is not directed to children, and we don't knowingly collect personal data from them. If you believe a child has provided us data, contact us and we'll remove it.

11. Changes & contact

We'll update this policy as the platform develops and reflect changes in the “last updated” date. This policy is governed by the laws of [Jurisdiction]. Questions or requests? Reach us via Contact.