Menu
We value your trust in us to safeguard your information. Our commitment to maintaining that trust starts with transparency. This Napster Privacy Policy ("Policy") explains what personal information Napster Corporation and its affiliates (collectively, "Napster" or "we"), collect, why we collect it, how we use it, and your choices regarding your information. Throughout this Policy, we refer to "personal information," which includes information that identifies, relates to, describes, or could reasonably be linked to you as an individual or to your household, or to a device you use to interact with our Platform (as defined below).
This Policy describes the information and data we collect and process to support our platforms (including the Napster platform, Obsess platform, and the Thunder Studios and TalentX websites) (collectively, the "Platform"). By using the Platform or any of Napster's services you confirm you have agreed to the Napster Terms of Service and have read and understood this Privacy Policy. Capitalized terms have the meanings used in the Napster Terms of Service unless they are specifically defined in this Privacy Policy.
This Policy applies to the collection and processing of personal information for which Napster Corporation acts as a data controller, meaning that Napster determines the purposes and means of processing your personal information. When Napster acts as a data controller, this Policy governs how we handle your personal information and describes your rights with respect to that information.
In certain circumstances, Napster may provide services to enterprise customers through products such as Napster Spaces, Napster Learn, Napster Station, Napster Pulse, or other enterprise-facing offerings. In those circumstances, Napster may act as a data processor on behalf of the enterprise customer, which serves as the data controller. When Napster acts solely as a data processor, this Policy does not apply to the personal information processed on behalf of that enterprise customer. In such cases, the enterprise customer's own privacy policy and data practices govern the collection and use of your personal information, and you should direct any privacy-related inquiries to the applicable enterprise customer.
Where Napster acts as a data processor, such processing is governed exclusively by the applicable data processing agreement or similar contractual instrument entered into between Napster and the enterprise customer. Napster processes personal information in that capacity only as directed by, and on behalf of, the enterprise customer, and in accordance with the terms of such agreement. To the extent Napster processes personal information as a processor on behalf of an enterprise customer, the applicable data processing agreement or enterprise agreement shall govern and supersede any conflicting provisions of this Privacy Policy with respect to such processing.
Enterprise customers are solely responsible for ensuring that their collection, use, and processing of personal information through Napster's services complies with all applicable privacy laws and regulations, including but not limited to the GDPR, the UK Data Protection Act, the CCPA/CPRA, and any other applicable state, federal, or international privacy laws. Napster makes no representations or warranties, and assumes no liability, with respect to any enterprise customer's compliance with applicable privacy laws or any failure by an enterprise customer to fulfill its obligations as a data controller. Napster shall have no liability to any individual arising from an enterprise customer's failure to provide required notices, obtain necessary consents, or otherwise fulfill its legal obligations as a data controller.
We collect the content, communications and other information you provide when you use the Platform, including when you sign up for an account, sign up for our newsletters or for information about our services, create or share content, and message or communicate with others. Some ways to communicate may include but are not limited to text, audio and video. This can include information about the content you provide (like metadata), such as the location of a photo or the date a file was created. It can also include activity through features we provide. Our systems automatically process content and communications you and others provide for the purposes related to the Platform. We use your information to perform our contractual obligations with you and/or to comply with legal obligations. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you and to provide you with the features you request, and to improve the Platform features we provide to you.
To help users connect with people they know, we may offer you the option on some of our Platforms to invite friends to join the Platform and connect you with people in your contacts that are registered on the Platform. To take advantage of this feature, users can opt in to share contacts from their contact list. If you share your contacts with us, we will collect your contact list information to help you find people you know and grow your friends and followers by suggesting connections for you and others, as well as helping you find communities you may be interested in and for the other purposes discussed in this Privacy Policy. We use your information to perform our contractual obligations with you and/or to comply with legal obligations. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you and to provide you with the features you request.
You can choose to provide information to the Platform about your religious views, political views, who you are interested in, or your health. This and other information (such as racial or ethnic origin, philosophical beliefs, or trade union membership) constitutes special category personal data under GDPR Article 9 and may be subject to additional protections under applicable U.S. state privacy laws, including the CCPA/CPRA. We process special category personal data only where we have a valid legal basis under GDPR Article 9(2), including: (a) your explicit consent under Article 9(2)(a); (b) where processing is necessary for the establishment, exercise, or defense of legal claims under Article 9(2)(f); or (c) where you have manifestly made the data public under Article 9(2)(e). We will identify the applicable Article 9(2) basis in any supplemental disclosure provided at the time of collection. We use your information to perform our contractual obligations with you and/or to comply with a legal obligation. We also use this information with your consent, or because we have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you.
We collect information about the people, pages, accounts, communities, events, interests and groups you are connected to and how you interact with them across the Platform. We also collect contact information if you choose to upload or import into the Platform (such as an address book or contact list). We use your information to perform our contractual obligations with you and/or to comply with a legal obligation. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you, to effectively market to you and to provide you with the features you request, and to improve the Platform features we provide to you.
Automatically, as well as with some manual (human) processing, we collect information about how you use the Platform, such as the types of content you view or engage with; the features you use; the actions you take; the people, communities or accounts you interact with; and the time, frequency and duration of your activities. For example, we log when you are using and have last used the Platform, and what content you view. We use your information to perform our contractual obligations with you and/or to comply with legal obligations. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you, to effectively market to you and to provide you with the features you request, and to improve the Platform features we provide to you.
If you sell or purchase goods or services on the Platform or perform other transactions, we may collect information about the sale, purchase or transaction, such as your credit or debit card number and other card information, other account and authentication information or billing, shipping and contact details. We use your information to perform our contractual obligations with you and/or third parties who help facilitate the transaction and to comply with a legal obligation. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you and to provide you with the features you request.
If you enter a defined area in the Platform ("Space") that has been built and created by another user ("Host"), we may be able to see what you click on and how you interact with the Space and how you move through the same. Hosts are responsible for ensuring that their collection and processing of information, including personal information in the Spaces the Host has created, complies with all applicable law. The Host is responsible for the security, integrity and authorized usage of personal information about the Users that enter their Space, and for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such personal information. We recommend that all Hosts publish and maintain clear and comprehensive privacy policies on their Host Spaces in accordance with any applicable laws and regulations, and that all Users carefully read those policies.
We also receive and analyze content, communications and information that other people provide when they use the Platform. This can include information about you, such as when others share or comment on a photo or video you created, send a message to you, interact with you regarding content you are viewing or engaging with, or upload, sync or import your contact information. We use your information to perform our contractual obligations with you and/or to comply with a legal obligation. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you, to effectively market to you, and to provide you with the features you request.
We collect information from and about the computers, phones, connected TVs and other web-connected devices you use that integrate with the Platform, and we combine this information across different devices you use. For example, we use information collected about your use of the Platform on your phone to better personalize the content (including advertisements) or features you see on the Platform on another device, such as your laptop or tablet, or to measure whether you took an action in response to a communication we sent you or advertisement we showed you on your phone on a different device.
Information we obtain from these devices includes: (i) device attributes such as the operating system, hardware and software versions, browser type, and app; (ii) identifiers such as unique identifiers, device IDs, and other identifiers; (iii) device settings such as your GPS location, camera or photos; (iv) network and connections such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address and, in some cases, information about other devices that are nearby or on your network; and (v) information from cookies. We use your information to perform our contractual obligations with you and/or to comply with legal obligations. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you, to effectively market to you and to provide you with the features you request, and to improve the Platform features we provide to you.
In connection with certain features of the Platform, including Digital Twin creation, voice conversion, voice cloning, AI avatar generation, and related features, we may collect biometric information, including face scans, facial imagery, voice scans, voice prints, and biometric identifiers derived there from (collectively, "Biometric Data"). Collection of Biometric Data is subject to the following. Note that the sharing of Biometric Data is separately restricted and governed by the provisions below; general sharing controls described in the "Sharing You Control" section do not apply to Biometric Data.
Cookies, Tokens, Tags, SDKs, pixels, clear gifs, iframes, web beacons or similar technologies are small pieces of text or code used to store information on web browsers or apps. These are used to store and receive identifiers and other information on computers, phones, and other devices. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this Policy, we refer to these technologies collectively as "Cookies." You can make choices about Cookies we and third parties place on our Platform through our Platform settings.
Cookies may help us understand the information we receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in. Cookies also may help us provide, protect and improve the Platform and our services. We use Cookies for the following purposes:
We use your information from Cookies with your consent, to perform our contractual obligations with you and/or to comply with a legal obligation, and pursuant to our legitimate interest in making the Platform and its features relevant and personalized to you, effectively marketing to you, and improving the Platform.
For users located in the European Union, the European Economic Area, or the United Kingdom, we obtain your consent for non-essential cookies before placing them on your device, in accordance with the ePrivacy Directive and applicable national implementing laws. Non-essential cookies include analytics, advertising, personalization, and measurement cookies that are not strictly necessary for the operation of the Platform. We present a cookie consent banner or preference center when you first visit the Platform, which allows you to accept all cookies, reject non-essential cookies, or manage your preferences by category. Your consent choices are recorded and honored throughout your session and on subsequent visits until you modify your preferences or your consent expires. You may withdraw or modify your cookie consent at any time through the cookie settings tool available in the Platform footer or settings menu. Withdrawal of consent does not affect the lawfulness of cookie processing that occurred prior to withdrawal. Strictly necessary cookies that are essential to the operation of the Platform (such as session authentication and security cookies) do not require consent and will be set regardless of your preference choices. We do not use cookies for purposes beyond those disclosed in your consent, and we refresh consent where required by applicable law following material changes to our cookie practices.
Other parties, including third-party analytics providers, may use cookies on the Platform to provide analytics and other services to us and the businesses that advertise on or use the Platform. Your browser or device may offer controls or settings that allow you to choose whether cookies or other technologies are set and to delete them. Please understand that certain parts of the Platform may not work properly if you have disabled browser cookie use.
Other parties, including third-party analytics providers, may use cookies on the Some web browsers and devices allow you to broadcast a preference that you not be tracked online. At this time, Napster does not alter its data collection or use practices in response to general "do not track" browser signals. There is currently no industry-wide standard or consensus on what "do not track" means or how to respond to such signals. Third parties that operate on or through the Platform may have their own practices with respect to "do not track" signals, and we are not responsible for those third parties' practices. Notwithstanding the foregoing, Napster does recognize Global Privacy Control (GPC) opt-out preference signals as described in the Do Not Sell or Share section below. We will continue to monitor developments regarding "do not track" and similar technologies and may update this section in the future. Platform to provide analytics and other services to us and the businesses that advertise on or use the Platform. Your browser or device may offer controls or settings that allow you to choose whether cookies or other technologies are set and to delete them. Please understand that certain parts of the Platform may not work properly if you have disabled browser cookie use.
We use the information we collect for the following purposes, subject to the legal bases described below:
We use the information, including location-related information, to deliver the Platform, including to personalize features and content and make suggestions for you. We use your connections, preferences, interests and activities based on the data we collect and learn from you and others, how you use and interact with the Platform and the people, places, content or things you are connected to and interested in, to personalize the Platform so that it is as unique and relevant to you as possible. We use your information to perform our contractual obligations with you and/or to comply with a legal obligation. We also have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you and to improve Platform features.
We may use anonymized and aggregated technical data derived from usage to improve and enhance the Platform and for other development, diagnostic and corrective purposes in connection with the Platform and other Napster offerings. We may disclose such data solely in aggregate or other de-identified form in connection with our business. We do not use customer conversation data to train foundation AI models. For purposes of this Policy, "improve the Platform" or "improve the Service" includes debugging, safety monitoring, abuse prevention, performance optimization, and feature development, and does not include training or fine-tuning foundation models on identifiable personal information. For additional detail on how we handle AI-generated data, please see the AI Data Processing section below.
We use the information we have to help advertisers and other partners measure the effectiveness and distribution of their advertisements, content and services and understand the types of people who use their services and how people interact with their websites, apps, and services. We have a legitimate interest in using your information to perform these activities, to effectively market to you, and to analyze trends and patterns among our users. To provide the Platform, we may also, as necessary, store and transfer data across our systems located all over the world, including outside of your country of residence. We complete such data transfers in compliance with applicable law.
We use the information we have to verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, maintain the integrity of the Platform, and promote safety and security on the Platform. For example, we use data we have to investigate suspicious activity or violations of our Terms of Service or other policies. We also use your information to perform our contractual obligations with you and/or to comply with a legal obligation.
We may use the information we have to send you marketing communications, communicate with you about the Platform, or let you know about any changes to our policies or terms and conditions. We also use your information to respond to you when you contact us. We have a legitimate interest in using your information to make the Platform and its features relevant and personalized to you, to effectively market to you, and to provide you with the features you request.
Napster uses automated processing, including artificial intelligence and machine learning, to analyze your personal information in order to personalize content and features, surface connections and communities, target advertising, and assess engagement patterns across the Platform. This processing constitutes profiling within the meaning of GDPR Article 4(4) and may have effects on the content, features, and advertising you see on the Platform.
Napster does not make solely automated decisions that produce legal effects concerning you or that similarly significantly affect you — for example, we do not use automated processing as the sole basis for decisions to deny access to the Platform, terminate accounts (except in automated spam or abuse detection contexts where human review is available upon request), or determine credit or employment eligibility. Where automated content moderation or account-action systems operate, human review is available and you may request that a human review any automated decision that affects your account by contacting Customer Care.
The legal basis for profiling-related processing is our legitimate interest in providing a personalized and commercially viable Platform, or your consent where required by applicable law. For EU and EEA users, you have the right to object to profiling for direct marketing purposes at any time, and the right to request human review of any automated decision that significantly affects you, as described in the Special Notice for EU and UK Users section below. For California residents, you have the right to opt out of certain automated profiling as described in the Special Notice for California Residents section below.
Our Company utilizes generative artificial intelligence technology to enhance and improve the Services we provide. Napster is an application-layer deployer — it does not train, fine-tune, or develop foundation AI models. The following describes how we handle personal information in connection with AI features on the Platform:
Napster does not use customer conversation data — including your prompts, inputs, and AI-generated outputs — to train foundation AI models. Napster does not permit its enterprise model providers, including Microsoft (Azure OpenAI) and Google (Gemini), to use Napster customer data for model training purposes. These providers are contractually prohibited from using Napster customer data for model training purposes pursuant to enterprise agreements between Napster and those providers.
Napster may use anonymized and aggregated technical data derived from usage — data that does not identify you individually and cannot reasonably be linked to you — to improve Service functionality, including debugging, safety monitoring, performance optimization, and feature development. For clarity, such use does not include training or fine-tuning foundation models on identifiable user content.
User prompts and AI outputs are logged and may be reviewed by authorized Napster personnel for the following specific purposes: quality assurance, abuse prevention, dispute resolution, regulatory compliance, incident investigation, and claims defense. Access to conversation data is restricted to authorized personnel for these defined purposes only. Conversation data is encrypted in transit and at rest within Napster-controlled infrastructure, consistent with industry-standard security practices.
AI conversation logs are retained for aperiod of twelve (12) months from the date of the applicable interaction, after which they are deleted or de-identified in accordance with our data minimization obligations, subject to the following exceptions: (i) logs that are the subject of a pending or reasonably anticipated legal, regulatory, or governmental proceeding are retained for the duration of such matter plus any applicable statute of limitations period; (ii) logs retained for active disputere solution or claims defense are retained until final resolution; and (iii)logs required to be retained under applicable law are retained for the periodr equired. These retention periods apply to AI conversation logs specifically and are subject to the general Data Retention provisions of this Policy for other categories of personal information.
PLEASE DO NOT ENTER OR PROVIDE CONFIDENTIAL INFORMATION, SENSITIVE PERSONAL INFORMATION, OR OTHER DATA IN YOUR CONVERSATIONS WITH ANY AI FEATURE THAT YOU WOULD NOT WANT A HUMAN REVIEWER TO ACCESS FOR THE LIMITED PURPOSES DESCRIBED IN THIS POLICY.
We may contract with third parties to provide certain AI-related services, including Google (Gemini AI, Gemini Pro/Flash, Vertex AI) and Microsoft (Azure OpenAI). These third parties use and process your information in accordance with their respective privacy policies and our enterprise agreements with them, which prohibit use of Napster customer data for model training. Please review the privacy policies for these third-party service providers.
AI technology is experimental and evolving. While we strive to offer accurate and efficient results, there may be instances where AI features may not function as intended, may experience performance limitations, or may produce unexpected, fictitious, incorrect, or offensive outcomes that do not represent the views of the Company. By using AI features on the Platform, you acknowledge and accept that the use of generative AI comes with inherent risks. AI safety and governance measures are operational practices designed to reduce risk and are not guarantees of detection, prevention, outcome, or performance. Please see the Napster Terms of Service for additional information regarding AI limitations and assumption of risk.
Where AI features collect Biometric Data(including voice scans, voice prints, face scans, and related biometric identifiers), such data is processed as described in the Biometric and Sensitive Biometric Information section above and subject to the applicable retention schedule. Biometric Data processed in connection with AI features is not used to train foundation models and is not shared with third parties except as described in this Policy.
In addition to Biometric Data, Voice Conversion and Digital Twin features generate personal data that is not itself a biometric identifier but is sensitive personal data under applicable law, including Personal Voice Models, Third-Party Voice Models, Digital Twin outputs, and associated metadata (collectively, "Synthetic Identity Data"). Synthetic Identity Data is retained as follows:
We may share information with others in the following ways:
When you share content or communicate using the Platform, you have the ability to choose who you want to share with, such as a group, all of your friends, or the public. Public information can be seen by anyone, including if they do not have an account on the Platform. This includes your Platform username, any information you share with a public audience, and information in your public profile. Note that Biometric Data and Synthetic Identity Data are not subject to user-controlled sharing and are governed exclusively by the Biometric and Sensitive Biometric Information section and the Voice Conversion and Digital Twin Data Retention section of this Policy.
You should consider who you choose to share with, because people who can see your content and activities on the Platform can choose to share it with others on and off the Platform. For example, when you share content with specific friends or accounts, they can download, screenshot, or reshare that content to others across or off the Platform. If you are uncomfortable with what others have shared about you on the Platform, you can report the content to Customer Care.
When you choose to use third-party apps, websites, or other services that use, or are integrated with, the Platform, they may receive information about content you post or share. When you download or use such third-party services, they may be able to access your public profile on the Platform. Apps and websites may access your list of Platform friends or followers if you choose to share that information. Information collected by these third-party services is subject to their own terms and policies, not our Terms of Service, this Privacy Policy, or our other policies.
We share information and data with providers of analytics services which provide reports to us about the use of our Platform to help us better understand how users of the Platform are interacting with other users, and the content and services provided on the Platform. We impose restrictions on how such service providers can use and disclose such information and data. We provide advertisers with reports about the types of people viewing advertisements and how their advertisements are performing, but we do not share personally identifiable information about our users without your permission.
We work with third parties who help us provide, analyze data on, and improve the Platform. We also contract with thirdparties to provide certain services and to facilitate the operation of our Platform. For example, we may use Stripe as a third-party payment processor for some of our Services. Stripe uses and processes your complete payment information in accordance with Stripe's privacy policy. We impose restrictions on how third parties can use and disclose the data we provide.
Advertisers, app developers, and publishers can send us information they use about your activities off the Platform, including information about your device, websites you visit, purchases you make, advertisements you see, and how you use their services, whether or not you are logged into the Platform. We also receive information about your online and offline actions and purchases from third-party data and analytics providers who have the rights to provide us with your information. We require each of these parties to have lawful rights to collect, use and share your data before providing any data to us.
All of our rights and obligations under our Privacy Policy are freely assignable by us in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.
We, and our service providers and vendors, may disclose any collected information to enforce our Terms of Service and to protect and defend the legal rights, interests, and safety of the Platform, our employees, agents, contractors, sponsors, and users, members of the general public, or others.
We share information with law enforcement or in response to legal requests as necessary to meet legal requirements or fulfill our Terms of Service, this Privacy Policy, and our other policies. We access, preserve and share your information with or without notice to you, withlaw enforcement, governmental agencies, regulators or others in response to alegal request (like a search warrant, court order or subpoena) as we deemrequired or appropriate and when we have a good-faith belief it is necessary todetect, prevent and address fraud, unauthorized use of the Platform, violationsof our terms of service or policies, or other harmful or illegal activity; toprotect ourselves (including our rights, property or other services), you orothers, including as part of investigations or regulatory inquiries; or toprevent death or imminent bodily harm. Information we receive about you(including financial transaction data related to purchases) may be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or for investigations of possible violations of our terms of service or other policies.
We may also share your information with thirdparties for other or unanticipated reasons with your consent.
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. If we are required by law to inform you of a breach to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Our Platform permits you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account. Regardless of the measures and efforts we take, we cannot and do not guarantee the absolute protection and security of your personal information, or any other information you upload, publish or otherwise share with us or anyone else. We encourage you to set strong passwords for your user account and Host Spaces and avoid providing us or anyone with any sensitive personal information of which you believe its disclosure could cause you substantial or irreparable harm.
We retain personal information for as long as we determine is reasonably necessary to fulfill the purposes described in this Privacy Policy, to provide and improve the Platform and our services, and to comply with our legal and business obligations. In determining how long to retain personal information, we consider a number of factors, including but not limited to: applicable legal and regulatory retention requirements; tax, accounting, and financial reporting obligations; the existence or reasonable anticipationof litigation, disputes, investigations, or regulatory proceedings; our record-keeping and audit requirements; whether you maintain an active account with us; and any contractual obligations we may have to you or third parties.
The following general retention periods apply to the principal categories of personal information we collect, subject to the exceptions and overrides described below:
The following category-specific retention schedules control over the general provisions of this section to the extent ofany conflict: (i) Biometric Data retention is governed by the Biometric and Sensitive Biometric Information section; (ii) AI conversation log retention is governed by the Logging, Human Review, and Access Controls section of AI Data Processing; and (iii) Synthetic Identity Data retention is governed by the Voice Conversion and Digital Twin Data Retention section.
We store data until we believe it is no longer necessary to the Platform and the purposes described in this Privacy Policy. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or depersonalize it so that we cannot identify you. We may retain and use anonymized, pseudonymized, aggregated, orde-identified data derived from your personal information indefinitely and without restriction, as such data does not constitute personal information under applicable law.
In the event of any complaint, dispute, claim, or anticipated or pending legal, regulatory, or governmental proceeding involving Napster or its affiliates, we reserve the right to retain relevant personal information for as long as necessary to resolve such matter, including any applicable statute of limitations period and any period required for the enforcement or defense of legal rights.
When you delete your account, we will delete your content and posts, and they will no longer be recoverable. Information that others have shared about you is not part of your account and will not be deleted. If you do not want to delete your account but want to temporarily stop using the Platform, you can suspend your account. Account deletion requests are subject to our applicable retention obligations; accordingly, a deletion request may not result in the immediate removal of your personal information, and we may decline to delete or restrict information that we are required or permitted to retain under applicable law or pursuant to our legitimate business interests.
As a global platform we share information globally, both internally and externally with our partners and with those you connect and share with around the world in accordance with this Policy. Information will be stored and processed in the United States or other countries outside of where you live for the purposes described in this Policy. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws of your country. These data transfers are necessary to globally operate and provide the Platform to you.
Where we transfer your personal information from the European Economic Area ("EEA") to a destination in a country outside of the EEA, we utilize standard contractual clauses adopted pursuant to European Commission Implementing Decision (EU) 2021/914 of June 4, 2021, rely on the European Commission's adequacy decisions about certain countries as applicable, and obtain your consent for these data transfers to the UnitedStates and other countries where required by applicable law.
OUR WEBSITES AND ONLINE SERVICES ARE NOT INTENDED FOR INDIVIDUALS UNDER THE AGE OF 18, AND WE DO NOT KNOWINGLY COLLECT OR SHARE PERSONAL INFORMATION FROM INDIVIDUALS UNDER THE AGE OF 18 WITHOUT VERIFIABLE PARENTAL CONSENT. INDIVIDUALS UNDER THE AGE OF 18 SHOULD NOT PROVIDE THEIR PERSONAL INFORMATION TO US. THIS AGE RESTRICTION APPLIES REGARDLESS OF THE AGE OF MAJORITY IN ANY APPLICABLE JURISDICTION.
While the Children's Online Privacy Protection Act (COPPA) imposes specific requirements with respect to children under the age of 13, our Platform is not directed at any individual under 18. We enforce our 18+ age restriction through registration controls and technical and policy measures. If we become aware that we have in advertently collected personal information from an individual under the age of 18 without verifiable parental consent, we will take steps to delete that information as soon as reasonably practicable, consistent with our obligations under COPPA and any applicable state laws. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us at dataprivacy@napster.com so that we can take appropriate action. Company reserves the right, in its sole discretion, to suspend, restrict, or terminate accounts determined to belong to users under 18 or that circumvent or attempt to circumvent such controls.
For enterprise deployments through Napster Learn or other products that may be deployed in educational environments that include minors, applicable COPPA, FERPA, and state student privacy law compliance obligations are the sole responsibility of the deploying institution, as described in the Terms of Service and any applicable enterprise agreement. The foregoing age restrictions do not apply to enterprise deployments where Napster acts solely as a service provider or processor on behalf of an educational institution or enterprise, which is responsible for compliance with applicable laws governing minors.
Under the General Data Protection Regulation("GDPR") and the UK Data Protection Act 2018, you have the following rights, each of which is subject to applicable exceptions, limitations, and conditions under applicable law:
To exercise any of the above rights, please contact us using the contact information in the Questions section below or by emailing dataprivacy@napster.com. Please note that where requests are manifestly unfounded, excessive, or repetitive, we reserve the right to charge a reasonable fee to cover administrative costs or to refuse the request, as permitted under applicable law.
Please be aware that any request you submit to delete, restrict, or otherwise exercise rights over your personal information is subject to our applicable retention obligations and practices. Accordingly, a deletion request may not result in the immediate removal of your personal information, and we may decline to delete or restrict information that we are required or permitted to retain under applicable law or pursuant to our legitimate business interests. We will notify you where a deletion request cannot be fully honored and will explain the applicable basis for retention to the extent required by law.
If you have questions about our data processing activities, or you wish to contact us or notify us regarding issues relating to data processing under the GDPR or UK Data Protection Act, you may contact our EU or UK representative:
EU Representative (designated on behalf of Napster Corporation): Rickert Rechtsanwaltsgesellschaft mbH, Colmantstrasse 15, 53115 Bonn, Germany.
UK Representative (designated on behalf of Napster Corporation): Rickert Services Ltd UK, P.O. Box 1487, Peterborough, PE1 9XX, United Kingdom.
If you believe that we have not complied with data protection laws, and you are a resident of a European Economic Area Member State or the United Kingdom, you have the right to lodge a complaint with your local supervisory authority.
This section applies only to California residents and explains how we collect, use and share your personal information and how to exercise your rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA").
If you are a California resident, you have the following rights, subject to certain exceptions. Your rights are not absolute and are subject to limitations under applicable law:
To exercise any of the above rights, please contact us as described in the Questions section below. To verify your identity, we will ask you to log in to your account. If we cannot verify your identity from the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes. You may designate an authorized agent to make a request on your behalf; we may require that your authorized agent provide written permission from you and verify their identity.
You have the right to appeal any decision we make in response to your privacy rights request by contacting us as stated in the Questions section below.
Napster does not sell personal information for monetary consideration. Certain state privacy laws, including the CCPA/CPRA, define "sale" and "sharing" broadly to include disclosing or making available personal information to third parties for cross-context behavioral advertising or other benefits, even without monetary exchange. Under this broader definition, Napster may share certain categories of personal information — including identifiers (such as IP addresses and device IDs), internet or other electronic network activity, and geolocation data — with advertising partners and analytics providers in ways that may constitute "sale" or "sharing" under applicable law.
The categories of personal information that may be sold or shared in this manner include: identifiers, commercial information, internet or other electronic network activity information, and geolocation data derived from IP address.
To opt out of the sale or sharing of your personal information, please contact us at dataprivacy@napster.com or at the address in the Questions section below. Please note that to the extent you opt-out, we may be unable to offer you some of the features and services of the Platform where sharing such personal information is necessary to provide those services.
Napster recognizes Global Privacy Control (GPC) signals as a valid opt-out request for the sale and sharing of personal information for California residents under the CPRA. When Napster's Platform detects a GPC signal from a California resident's browser or device, we will treat it as a request to opt out of the sale or sharing of that user's personal information and will honor it accordingly. For residents of other jurisdictions, Napster will honor GPC and similar browser-based opt-out preference signals where required by applicable law.
California law requires commercial websites such as ours to disclose to residents of the state how we address "do not track" browser settings. There is currently no industry-wide practice or consensus on how to proceed. We therefore do not alter our existing practices when in receipt of "do not track" signals. Note that GPC signals are honored separately as described in the Do Not Sell or Share section above. See the Do Not Track Signals section above for additional information.
Some U.S. states, including Connecticut, Colorado, Utah, Virginia, and others, provide residents with additional privacy rights regarding personal information. This section describes rights available to residents of such states. When you make a request, we may provide more detailed information regarding whether your request is subject to applicable law and whether any exception or limitation applies.
To exercise any of the rights described in this section, please contact us as stated in the Questions section below. When you submit a request, we will usually ask you to provide an email address to confirm the request was not fraudulently submitted. If you are the parent or guardian of a minor child, you may also submit a request on behalf of your child, subject to verification. You may also designate an authorized agent to submit a request on your behalf, subject to verification requirements.
The following is a summary of the categories of personal information we may collect, depending on how you use our Platform:
We collect and share information with third parties for the purposes described in this Policy. The categories of third parties with whom we may share personal information include: people and accounts you share and communicate with; apps, websites, and third-party integrations on or using our products; third-party service providers such as analytics services providers and payment processors; new owners in the event of a change of ownership or control; affiliate entities controlled by, controlling, or under common control with Napster Corporation; partners including measurement partners, advertisers, and vendors; and law enforcement or other third parties in connection with legal requests.
Our Platform may contain links to third-party websites that are not governed by this Privacy Policy. If you click on a link to a third-party website, you will be taken to a website we do not control. We cannot edit or delete any information that is stored on these websites, including on a blockchain, as we do not have custody or control of these third-party websites. We are not responsible for the privacy practices of third-party websites. We suggest that you read the privacy policies of those websites carefully.
We are committed to providing you control over your personal information. We will do our best to notify you of any changes to this Privacy Policy by posting the new or revised Privacy Policy on our Platform. The date the Privacy Policy was last updated is identified at the beginning of this Privacy Policy, and such changes or amendments will be effective automatically upon the posting of such notification. You are responsible for periodically visiting our Service and this Privacy Policy to check for any changes. Your continued access to or use of the Platforms or any Service following such notice of any change or amendment to this Policy shall constitute your acceptance and agreement to such change or amendment.
If you have questions about this Policy, you can contact us by emailing dataprivacy@napster.com or by mail at:
Napster
Attn: Data Protection Officer
1279 W. Palmetto Park Rd.
PO Box 272504
Boca Raton, FL 33427
