Skip to main content

Privacy Policy

Last Updated: March 22, 2025

1. Introduction Welcome to Subvert Cooperative LCA (“Subvert,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you visit or use our website (www.subvert.fm) and related services (collectively, the “Service”). We are committed to protecting your privacy and complying with applicable data protection laws, including the California Consumer Privacy Act (CCPA/CPRA) and the EU General Data Protection Regulation (GDPR).

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Categories of Personal Data We Collect We collect only the categories of Personal Data necessary to operate our Service and provide value to users. These include:

• Account & Contact Information: Name, username, password, email address, mailing address, country, postal code, biography, profile settings. • Transactional & Payment Data: Purchase history, billing and shipping address; payment details processed securely by Stripe Connect (we never store full payment card numbers).
• Technical & Log Data: IP address, browser and device information, operating system, timestamps, error logs, usage metrics, cookies and similar tracking technologies.
• Marketing & Communications Data: Newsletter subscriptions, email preferences, support inquiries, and communications sent or received through Customer.io.
• User‑Provided Content: Music uploads, metadata, artwork, and any other content you choose to share on the Service.

3. How We Use Personal Data We process your Personal Data for the following purposes:

• To operate, maintain, and improve the Service.
• To create and manage your account and profile.
• To process payments and issue payouts via Stripe Connect.
• To communicate transactional messages (e.g., receipts, account updates) and marketing communications (with your consent).
• To analyze usage, diagnose technical issues, and optimize user experience.
• To enforce our Terms of Use and comply with legal obligations.
• To protect the security and integrity of our platform and users.

We do not sell your Personal Data.

4. Legal Bases for Processing (GDPR) If you are an EU/EEA resident, our legal bases for processing your Personal Data include:

• Performance of a contract (e.g., to provide the Service).
• Compliance with legal obligations.
• Legitimate interests (e.g., platform security, analytics).
• Your consent (e.g., for marketing communications).

5. Data Sharing & Disclosure We share your Personal Data only as described below:

• Service Providers: Stripe Connect for payment processing; Customer.io for email; analytics providers; hosting and infrastructure partners. • Affiliates: Subvert affiliates solely for internal business purposes.
• Legal Compliance & Safety: When required by law, legal process, or to protect rights, safety, or property.
• Business Transfers: In connection with mergers, acquisitions, or asset sales. • User Profiles: Publicly visible information you choose to share (e.g., artist name, purchase history) unless you mark it private.

All service providers are contractually prohibited from selling your Personal Data or using it for their own marketing purposes.

6. International Data Transfers Your data may be processed and stored in the United States or other countries where our service providers operate. We rely on appropriate safeguards—such as Standard Contractual Clauses approved by the European Commission—to ensure adequate protection for transfers from the EU/EEA.

7. Data Retention We retain Personal Data only as long as necessary to fulfill the purposes described in this Policy or as required by law. Thereafter, we delete or anonymize it.

8. Cookies & Tracking Technologies We use cookies and similar technologies to collect technical and usage data. You can manage cookie preferences via your browser settings or opt out of analytics tracking through industry opt‑out tools. Disabling cookies may limit certain functionality.

9. Your Privacy Rights Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your Personal Data.
• Object to or restrict processing.
• Withdraw consent at any time.
• Obtain a portable copy of your data.
• Opt out of the sale of Personal Data (we do not sell data).

To exercise these rights, contact us at info@subvert.fm. We respond to requests within applicable legal timeframes (e.g., 45 days under CCPA, 1 month under GDPR).

10. Security We implement reasonable industry‑standard administrative, technical, and physical safeguards to protect Personal Data.

11. Children’s Privacy Our Service is not directed to children under 16. We do not knowingly collect Personal Data from anyone under 16. If you learn we have, please contact us for deletion.

12. Changes to This Policy We may update this Policy periodically. Material changes will be communicated via email or a prominent notice on our site. The “Effective Date” will reflect the latest revision.

13. Contact Us For questions or to exercise your privacy rights, email us at info@subvert.fm.