Privacy Policy
Last updated: January 7, 2025 | Version 1.0
Contents
1. Data Controller
99Eyes Entertainment ("we", "us", or "our") is the data controller responsible for your personal data.
99Eyes Entertainment
The Netherlands
Email: contact@tricionstudio.com
We are subject to the General Data Protection Regulation (GDPR) as implemented in the Netherlands through the Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG). Our supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
2. Data We Collect
We collect different types of personal data depending on how you interact with our services:
Account Information
- Email address
- Full name
- Artist or label name
- Payment email (for royalty distributions)
Artist & Rights Holder Information
- Artist name and profile information
- Country of residence
- Performing Rights Organization (PRO) membership (e.g., ASCAP, BMI, BUMA/STEMRA)
- IPI/CAE number (for royalty identification)
- Social media handles and links
Demo Submissions
- Contact name and email address
- Audio file links (SoundCloud, Dropbox, Google Drive)
- Artwork links (if provided)
- Collaborator names
- Additional notes
Track & Distribution Data
- Track metadata (title, genre, release date)
- Audio and artwork files
- ISRC codes
- Revenue split information (recipient names, emails, percentages)
Technical Data
- Browser type and version
- Device information
- IP address (from email submissions only, retained for 90 days)
- Usage data and analytics (if you consent to analytics cookies)
3. How We Use Your Data
We process your personal data for the following purposes:
- Account management: Creating and managing your user account
- Demo evaluation: Reviewing and responding to demo submissions
- Distribution services: Preparing and delivering your music to distribution partners
- Royalty payments: Processing and distributing royalty payments to rights holders
- Marketing campaigns: Managing promotional activities for your releases (if applicable)
- Communication: Sending service-related notifications and updates
- Security: Protecting against fraud and maintaining platform security
- Legal compliance: Meeting regulatory and fiscal requirements
- Analytics: Improving our services (only with your consent)
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
Contract Performance (Article 6(1)(b))
Processing necessary for user accounts, track submissions, distribution services, and royalty payments.
Legitimate Interests (Article 6(1)(f))
Security measures, fraud prevention, service improvements, and business analytics. We balance these interests against your rights.
Consent (Article 6(1)(a))
Demo submissions, analytics cookies, and marketing communications. You may withdraw consent at any time.
Legal Obligation (Article 6(1)(c))
Fiscal record-keeping, tax reporting, and regulatory compliance requirements.
5. Data Recipients & Processors
We share your personal data with the following categories of recipients:
| Service Provider | Purpose | Location |
|---|---|---|
| Clerk | Authentication & identity management | USA |
| Supabase | Database hosting & file storage | EU (Frankfurt) |
| Vercel | Website hosting & analytics | USA/Global |
| Cloudflare | DNS & security services | USA/Global |
| SendGrid | Email processing for demo submissions | USA |
| The Orchard (Sony Music) | Music distribution | USA/Global |
All our service providers are bound by data processing agreements and are required to protect your personal data in accordance with GDPR requirements.
6. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data to these providers, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses with our US-based providers
- Supplementary measures: Additional technical and organizational measures where necessary
- Adequacy decisions: For countries with an EU adequacy decision
You may request a copy of the safeguards we use by contacting us at contact@tricionstudio.com.
7. Data Retention
We retain your personal data only for as long as necessary:
| Data Category | Retention Period | Reason |
|---|---|---|
| User account data | Account lifetime + 7 years | Dutch fiscal requirements |
| Track & distribution data | Contract duration + 7 years | Royalty accounting & audits |
| Demo submissions | 2 years from submission | Business legitimate interest |
| Raw email data (headers, body) | 90 days | Debug & audit purposes |
| Campaign data | 5 years | Marketing analytics & reporting |
8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of your personal data. You can export your data from your account settings.
Right to Rectification
Correct inaccurate or incomplete data through your account settings.
Right to Erasure
Request deletion of your data (subject to legal retention requirements).
Right to Restriction
Limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a machine-readable format (JSON).
Right to Object
Object to processing based on legitimate interests.
To exercise these rights, contact us at contact@tricionstudio.com or use the data export feature in your account settings. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at autoriteitpersoonsgegevens.nl.
10. Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Row-level security policies on database access
- Role-based access controls
- Regular security assessments
- Secure authentication via Clerk
In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the Autoriteit Persoonsgegevens within 72 hours as required by GDPR.
11. Children's Privacy
Our services are intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@tricionstudio.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:
- Posting a notice on our platform
- Sending an email to registered users (for significant changes)
- Updating the "Last updated" date at the top of this policy
We encourage you to review this policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Data Protection Inquiries
Email: contact@tricionstudio.com
We aim to respond to all inquiries within 30 days.