Privacy Policy

Your Privacy Matters to Us

Last Updated: October 23, 2025

Introduction

At Opiro, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our music streaming platform.

This policy applies to all users: artists, fans, and visitors. By using Opiro, you consent to the practices described in this Privacy Policy.

GDPR & CCPA Compliance: This policy complies with the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Users in these regions have additional rights detailed below.

Information We Collect

Account Information

  • Email address: Used for account creation, authentication, and notifications
  • Display name: Public name shown on your profile and albums
  • User role: Artist or fan designation
  • Password: Encrypted and never stored in plain text

Artist-Specific Data

  • Banking details: Nigerian bank account information for payouts (encrypted)
  • Uploaded content: Music files, album artwork, metadata (title, genre, etc.)
  • Sales data: Purchase history, earnings, withdrawal records

Payment Information

  • Payment card details: Processed and stored by Paystack (not by Opiro)
  • Transaction history: Purchase records, amounts, dates
  • Billing address: If provided during checkout

Star Donations & Supporter Data

  • Star transaction history: Records of star donations given to artists (amount, tier, date)
  • Supporter badge levels: Calculated based on total stars given per artist (Bronze, Silver, Gold)
  • Top supporter status: Your ranking on artist leaderboards (if you've given stars)
  • Star earnings (artists): Revenue from star donations received from fans

Star transaction data is retained for 7 years for tax and financial compliance purposes, similar to album purchase records. Your supporter badges and leaderboard rankings are publicly visible on artist pages to recognize your support.

Usage Data

  • Listening history: Albums played, tracks streamed, playback duration
  • Device information: Browser type, operating system, device type
  • IP address: For security, fraud prevention, and analytics
  • Cookies: Authentication tokens, preferences (see Cookie Policy below)

How We Use Your Information

We use your information for the following purposes:

Service Delivery

  • Create and manage your account
  • Process purchases and payments
  • Stream music to your devices
  • Provide customer support
  • Send transactional emails (purchase confirmations, withdrawal notifications)

Platform Improvement

  • Analyze usage patterns to improve user experience
  • Monitor platform performance and fix bugs
  • Develop new features based on user behavior

Security & Fraud Prevention

  • Detect and prevent fraudulent transactions
  • Protect against unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations

Marketing (Optional)

  • Send promotional emails about new releases (you can opt out anytime)
  • Notify you about platform updates and features
  • We will never sell your data to third parties for marketing

How We Share Your Information

We share your information with third parties only in these limited circumstances:

Payment Processing

Paystack: We use Paystack to process payments. When you make a purchase, your payment card details are sent directly to Paystack (we never store them). Paystack's privacy policy applies to this data. Learn more at paystack.com/privacy

Service Providers

  • Supabase: Database and file storage hosting
  • Vercel: Platform hosting and content delivery
  • Resend: Email delivery service
  • Sentry: Error monitoring and performance tracking

These providers have access to your data only to perform services on our behalf and are obligated to protect your information.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal processes
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Respond to copyright infringement claims

Data Retention

We retain your information for as long as necessary to provide our services:

  • Account data: Retained while your account is active, plus 1 year after deletion
  • Transaction records (purchases & stars): Retained for 7 years for tax and legal compliance
  • Music files: Retained while artist account is active
  • Listening history: Retained for 2 years or until account deletion
  • Supporter badges & leaderboards: Retained while your account is active and publicly visible

When you delete your account, we permanently remove your personal data within 30 days, except where retention is required by law (e.g., financial records).

Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to Rectification

You can update or correct inaccurate information through your account settings or by contacting support.

Right to Deletion ("Right to be Forgotten")

You can request deletion of your account and personal data. We will comply within 30 days, except where retention is legally required (e.g., transaction records).

Right to Data Portability

You can request your data in a machine-readable format (JSON) to transfer to another service.

Right to Opt-Out of Marketing

You can unsubscribe from promotional emails at any time using the unsubscribe link in every email.

Right to Object

You can object to certain data processing activities (e.g., analytics) by contacting us.

To exercise your rights: Email us at privacy@opiro.com with your request. We will respond within 30 days.

Cookie Policy

We use cookies to provide and improve our services:

Essential Cookies

Required for authentication and security. You cannot disable these without losing access to the platform.

  • Authentication token: Keeps you logged in
  • CSRF token: Prevents cross-site request forgery attacks

Preference Cookies

Store your settings and preferences (e.g., theme, volume level).

Analytics Cookies (Optional)

Help us understand how users interact with the platform. We use this to improve performance and user experience. You can opt out via our cookie consent banner.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted over HTTPS (TLS 1.3)
  • Password hashing: Passwords are encrypted using bcrypt
  • Secure storage: Banking details encrypted at rest
  • Access controls: Role-based access to sensitive data
  • Regular audits: Security testing and vulnerability scanning

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's Privacy

Opiro is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us immediately and we will delete it.

International Data Transfers

Opiro is based in Nigeria, but our services are accessible globally. Your data may be transferred to and stored on servers outside your country of residence, including:

  • United States (Vercel hosting, Supabase database)
  • Europe (Backup servers)

We ensure adequate safeguards are in place for international transfers, including standard contractual clauses and compliance with GDPR for EU users.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. Your continued use after changes constitutes acceptance of the updated policy.

Contact Us About Privacy

For questions about this Privacy Policy or to exercise your rights:

Privacy Team: privacy@opiro.com

General Support: support@opiro.com

We will respond to privacy requests within 30 days as required by GDPR/CCPA.

← Back to Home