Privacy Policy

Last updated: April 4, 2026

This Privacy Policy explains how Audora Music, operated by Metalmedia Group AB, registration number 559084-6662 ("Audora", "we", "us", or "our"), collects, uses, stores, and protects personal data when you use our services.

Audora Music is committed to protecting your privacy and processing personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Swedish law.

1. Data Controller

Audora Music is the data controller for personal data processed in connection with user accounts, subscriptions, payments, support, and platform operations.

Contact details

Audora Music

Operated by Metalmedia Group AB

Org. No: 559084-6662

Email: support@audora.music

2. Personal Data We Collect

We collect only the data necessary to operate the service.

2.1 Account & Identity Data

  • Full name
  • Artist name
  • Email address
  • Telephone number
  • Postal address
  • Account credentials

2.2 Payment & Financial Data

  • Bank account details
  • Payment processor identifiers (e.g. PayPal, Stripe)
  • Payment history and payout records

Audora does not store full card details. Payment data is handled by regulated third-party providers.

2.3 Verification & Anti-Fraud Data

Where necessary and proportionate, Audora may collect:

  • Identity documentation (only upon request)
  • Information related to suspected misuse, fraud, or artificial streaming

Such data is collected only when required and retained for the minimum period necessary.

2.4 Technical & Usage Data

  • IP addresses
  • Device and browser information
  • Log files
  • Usage data related to platform activity

2.5 Generated Content & Metadata

Audora may process:

  • Metadata related to music releases
  • Content generated using Audora's tools (e.g. images, media, or other generated assets)
  • Associated technical data required to operate and improve the service

3. Purposes & Legal Bases for Processing

PurposeLegal Basis
Providing and operating the servicePerformance of contract
Processing payments and managing subscriptionsPerformance of contract
Distributing music to streaming platformsPerformance of contract
Ensuring platform security and preventing fraudLegitimate interest
Improving the platform and analyzing usageLegitimate interest
Communicating service updatesLegitimate interest
Complying with legal obligations (accounting, tax)Legal obligation

4. Analytics & Cookies

Audora uses limited analytics tools (e.g. Google Analytics 4) to understand how the service is used and to improve platform performance.

  • Only necessary and analytical cookies are used
  • No marketing or retargeting cookies are deployed
  • Cookie handling complies with EU consent standards
  • The Global Privacy Control (GPC) browser signal is honored — analytics cookies are automatically suppressed when GPC is active

You can manage your cookie preferences at any time using the "Cookie Settings" button in the site footer. Further details are available in our Cookie Policy.

5. Data Storage & Location

  • All personal data is stored within the European Union
  • Audora does not transfer personal data outside the EU/EEA
  • Appropriate technical and organizational security measures are applied

6. Data Sharing & Processors

Audora may share data with trusted processors solely to operate the service, including:

  • Payment providers (e.g. Stripe)
  • Cloud infrastructure & hosting (e.g. Supabase)
  • Digital distribution partners (e.g. The Orchard)
  • Email delivery (e.g. Resend)
  • AI content generation (e.g. OpenAI, Anthropic, Google Vertex AI, Replicate)
  • Analytics providers (Google Analytics 4, limited non-marketing use)

All processors are bound by data processing agreements in compliance with GDPR. Audora does not sell personal data. A complete and current list of sub-processors is maintained on our Sub-Processor Registry.

7. Retention Periods

Personal data is retained only as long as necessary:

  • Account data: for the duration of the account and legal retention periods
  • Financial data: as required by accounting and tax law
  • Anti-fraud and verification data: retained only while necessary
  • Consent records: retained for at least 3 years, then anonymized automatically
  • Inactive accounts: data may be anonymized or deleted after statutory periods

Audora operates automated data retention processes that periodically purge expired data, anonymize old consent records, and execute approved account deletion requests in compliance with applicable retention obligations.

8. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure ("right to be forgotten"), where applicable
  • Object to processing based on legitimate interest
  • Request restriction of processing
  • Data portability
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
  • Lodge a complaint with a supervisory authority

Self-service data rights

You can exercise many of these rights directly from your account. Visit Account Settings → Privacy & Data to:

  • Download a copy of all your personal data (data portability)
  • Manage your privacy preferences and withdraw consent
  • Request permanent account deletion (with a 30-day cooling-off period)

In Sweden, the supervisory authority is Integritetsskyddsmyndigheten (IMY).

Requests can also be sent to support@audora.music.

9. California & International Privacy Rights

Although Audora is based in Sweden and primarily governed by EU GDPR, we extend certain privacy rights to all users regardless of location.

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, and disclose
  • The right to delete your personal information
  • The right to opt out of the "sale" or "sharing" of personal information
  • The right to non-discrimination for exercising your privacy rights

Audora does not sell your personal data. For more information and to manage your preferences, visit our Do Not Sell or Share My Personal Information page.

9.2 Global Privacy Control (GPC)

Audora honors the Global Privacy Control (GPC) signal. When your browser sends a GPC signal, we automatically disable non-essential analytics cookies and treat the signal as a valid opt-out request under applicable laws including CCPA/CPRA and GDPR.

9.3 Other Jurisdictions

We aim to comply with applicable data protection laws worldwide, including the UK GDPR, Brazil's LGPD, and Canada's PIPEDA. If you have jurisdiction-specific questions, contact support@audora.music.

10. Content Reporting

In accordance with the EU Digital Services Act (DSA), Audora provides a mechanism for reporting potentially illegal or infringing content. You may submit a report through our Content Takedown Request form. Reports are reviewed and actioned in compliance with DSA Article 16 requirements.

11. Security

Audora implements appropriate technical and organizational measures to protect personal data, including:

  • Encrypted data transmission
  • Access controls
  • Secure infrastructure
  • Limited internal access on a need-to-know basis

12. Changes to This Policy

Audora may update this Privacy Policy to reflect changes in legal requirements or service functionality. Material changes will be communicated via the platform or email.

13. Language

This Privacy Policy is written in English. Any translated version is provided for convenience only. In case of conflict, the English version shall prevail.