GDPR Compliance

Last updated: June 2026

Veristream is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy and rights of individuals in the European Economic Area (EEA) and the United Kingdom. This page outlines how we process personal data and the rights available to you under the GDPR.

1. Data Controller

For the purposes of the GDPR, Veristream is the data controller responsible for your personal data. If you have questions about how your data is processed, you may contact us at support@veristream.app.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual necessity — Processing required to provide our services, manage your account, and fulfill our obligations under your subscription agreement.
• Legitimate interest — Processing necessary for our legitimate business interests, such as improving our platform, preventing fraud, and ensuring security, provided these interests do not override your rights.
• Consent — Where you have given explicit consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.
• Legal obligation — Processing required to comply with applicable laws and regulations.

3. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

Right to Rectification

You may request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing. This is also known as the "right to be forgotten."

Right to Data Portability

You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Object

You have the right to object to the processing of your personal data where we are relying on legitimate interest as the legal basis, and there is something about your particular situation that makes you want to object.

4. Data Processing Activities

We process the following categories of personal data:

• Account data — Name, email address, and account preferences, processed to provide and manage your account.
• Billing data — Payment information processed by Stripe on our behalf to manage subscriptions.
• Usage data — Information about how you interact with our platform, processed to improve our services and user experience.
• Streaming analytics data — Publicly available artist and track data obtained through authorized APIs, processed to deliver our core analytics services.

5. International Data Transfers

Your data may be processed in countries outside the EEA. Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with the GDPR.

6. Data Protection Measures

We implement robust technical and organizational measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL
• Secure authentication and access controls
• Regular security assessments and monitoring
• Data minimization — we only collect and retain data that is necessary for our stated purposes
• Staff training on data protection and privacy practices

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When your account is closed, we will delete or anonymize your personal data within 90 days, unless retention is required by law.

8. How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at support@veristream.app. We will respond to your request within 30 days. In certain cases, we may ask you to verify your identity before processing your request.

9. Supervisory Authority

If you are not satisfied with how we handle your data or your rights request, you have the right to lodge a complaint with a data protection supervisory authority in your country of residence. We encourage you to contact us first so we can address your concerns directly.

10. Contact

For any questions regarding our GDPR compliance or data processing practices, please contact us at support@veristream.app.