Legal

Privacy Policy

Effective Date: January 1, 2024 · Last Updated: February 20, 2026

Fanaura, Inc. ("we," "us," "our") is a Delaware corporation providing a fan engagement and analytics platform designed to help artists, managers, and labels connect more effectively with their audience. This Privacy Policy explains how we collect, use, and share information through our services, websites, and applications (collectively, the "Service").

1. Information We Collect

A. Personal Information

We collect information you provide when registering, such as your name, email address, phone number, payment details, and company affiliation.

B. Usage Data

We automatically collect data including IP addresses, device/browser types, log data, and interactions for performance and security improvements.

C. Fan Data

Our platform enables users to collect and analyze data about their audiences, including:

  • Names, email addresses, and phone numbers (when fans opt-in)
  • Location data (city, state, country)
  • Engagement metrics (pre-saves, RSVPs, purchases)
  • Communication preferences

D. Third-Party Platform Data

When users connect third-party accounts (such as Instagram, Spotify, or Shopify), we may receive data from those platforms in accordance with their terms and our users' permissions. This includes:

  • Instagram: Username, profile information, and direct message content for automation purposes
  • Spotify: Artist and track information for pre-save campaigns
  • Shopify: Product catalog data, order data, and customer data associated with orders attributed to the Fanaura sales channel (see Section 12 for full details)

E. Shopify Customer Data

When a merchant installs the Fanaura sales channel on their Shopify store, we access and process customer data from orders that are attributed to the Fanaura sales channel. This data is received through Shopify's APIs and webhooks and includes:

  • Customer name (first and last name): Used to create and match fan profiles across the merchant's music, merchandise, and tour engagement data
  • Customer email address: Used as the primary identifier to match Shopify customers with existing fan records from music pre-saves, tour RSVPs, and other engagement activities
  • Customer phone number: Used as a secondary identifier for fan matching and, with the merchant's consent, for SMS marketing communications where the customer has opted in
  • Customer geographic location (city, state, country from shipping/billing address): Used for geographic fan analytics, regional tour promotion targeting, and understanding audience distribution
  • Order details: Order number, items purchased, quantities, prices, order total, currency, financial status, and fulfillment status
  • Cart activity: When customers add items to cart through Fanaura smart links, we track the cart event to provide conversion analytics to the merchant

We do NOT access or store:

  • Payment card numbers, CVV codes, or bank account information (all payments are processed entirely by Shopify)
  • Customer data from orders that are not attributed to the Fanaura sales channel
  • Customer browsing history or cookies from the merchant's Shopify storefront
  • Store financial data, billing information, or Shopify plan details

2. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process payments and manage subscriptions
  • To personalize features and offer recommendations
  • To communicate with users about updates and support
  • To send SMS and email notifications (with explicit consent)
  • To enable marketing automation features
  • To match fan identities across music, merchandise, and tour engagement data to provide merchants with a unified view of their audience
  • To provide merchants with analytics about their fan base, including geographic distribution, purchasing behavior, and cross-platform engagement
  • To comply with legal obligations

3. Sharing Your Information

We may share data with:

Service Providers under strict contractual obligations:

  • Supabase Inc. (database hosting and authentication)
  • Vercel Inc. (application hosting and CDN)
  • Stripe, Inc. (payment processing)
  • OpenAI, L.L.C. (AI features)
  • Telnyx/Twilio (SMS services)
  • Resend (email services)
  • Shopify Inc. (e-commerce platform and sales channel hosting)

Legal Authorities, when required by law or to protect rights

In Business Transfers, if Fanaura, Inc. is acquired or merges, data may be transferred

We do not sell personal data. We do not sell, rent, or trade any personal data — including customer data received from Shopify — to third parties for their own marketing or advertising purposes.

4. Your Rights

Depending on your jurisdiction (e.g., EU, California):

  • Access or update your personal information
  • Request deletion of your data (see Section 11)
  • Opt-out of promotional messages
  • Exercise GDPR/CPRA rights including data portability, access, and correction
  • Withdraw consent for data processing at any time

Rights of Shopify Store Customers (End Consumers)

If you are a customer who purchased a product through a Fanaura smart link:

  • Your data is processed on behalf of the merchant (the artist or label who operates the Shopify store)
  • The merchant is the data controller; Fanaura acts as a data processor
  • You may exercise your privacy rights by contacting the merchant directly or by contacting us at privacy@fanaura.com
  • We honor all data deletion requests received through Shopify's mandatory GDPR webhooks (see Section 12)

5. Data Security

We implement industry-standard safeguards including:

  • TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Regular security audits and penetration testing
  • SOC 2 compliant infrastructure providers (Supabase, Vercel, Stripe)
  • HMAC-SHA256 verification for all incoming Shopify webhooks
  • Encrypted data backups with access controls
  • Separation of test and production environments
  • Data loss prevention strategy
  • Security incident response policy
  • Access logging for all personal data operations

However, no system is 100% secure.

6. Data Retention

We retain data only as long as necessary to deliver services or comply with legal obligations:

  • Active account data: Retained while account is active
  • Deleted account data: Purged within 30 days (except as required for legal compliance)
  • Communication logs: Retained for 2 years for compliance purposes
  • Financial records: Retained for 7 years per tax requirements
  • Shopify order data: Retained while the merchant's account is active. Upon merchant disconnection from Shopify, order data is retained for analytics purposes but customer-facing product listings are immediately hidden. Upon merchant account deletion or explicit request, all associated data is deleted within 30 days.
  • Fan profile data from Shopify: Retained while the merchant's account is active. Deleted upon request per Shopify's GDPR webhooks or merchant request.

7. Children's Privacy

We do not knowingly collect data from children under 13 (or 16 in the EU). If we discover such data, it will be deleted promptly. If you believe a child has provided us with personal information, please contact us at privacy@fanaura.com.

8. SMS/Text Message Terms

By providing your phone number and opting in to SMS notifications:

  • You consent to receive SMS messages including verification codes, music release alerts, event reminders, and promotional content
  • Message frequency varies based on your notification preferences
  • Message and data rates may apply
  • You may opt out at any time by replying STOP to any message
  • For help, reply HELP or email support@fanaura.com
  • Consent is not a condition of purchase

9. Compliance Frameworks

  • GDPR: We comply with EU data handling standards and offer rights to EU residents including the right to access, rectify, erase, restrict processing, data portability, and object to processing
  • CCPA/CPRA: We provide opt-out and access rights to California users. California residents may request disclosure of data collected and shared
  • TCPA: SMS marketing requires explicit opt-in from users and includes clear opt-out options
  • CAN-SPAM: All marketing emails include unsubscribe links and honor opt-out requests within 10 business days
  • Shopify API Terms: We comply with the Shopify API License and Terms of Use, the Shopify Partner Program Agreement, and all Shopify protected customer data requirements including data minimization, purpose limitation, and mandatory GDPR webhook handling

10. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States. We use Standard Contractual Clauses and other appropriate safeguards for international transfers.

11. Data Deletion

You may request deletion of your personal data at any time by:

We will process deletion requests within 30 days. Some data may be retained as required by law or for legitimate business purposes (fraud prevention, legal compliance).

12. Shopify Sales Channel Data

This section specifically addresses how Fanaura handles data in connection with the Fanaura sales channel for Shopify.

Role and Relationship

  • The Shopify merchant (artist, manager, or label) is the data controller for their customers' personal data
  • Fanaura acts as a data processor on behalf of the merchant
  • Fanaura processes customer data solely to provide the merchant with fan engagement analytics, cross-platform audience unification, and marketing automation capabilities

Data We Access from Shopify

When the merchant installs the Fanaura sales channel, we access:

  • Product catalog data (titles, descriptions, images, prices, variants, inventory levels) via the Shopify Admin API and webhooks
  • Order data for orders attributed to the Fanaura sales channel, including customer name, email, phone, geographic location, and order details
  • Cart events when customers interact with Fanaura smart links

How We Use Shopify Data

  • Fan matching: Customer email and phone from orders are used to match Shopify customers with existing fan profiles that the merchant has collected through music pre-saves, tour RSVPs, and other Fanaura-powered engagement
  • Unified analytics: Order data is combined with music and tour engagement data to give merchants a complete view of their fans' activity across all verticals
  • Marketing automation: With the merchant's configuration and customer consent, customer contact information may be used in email and SMS automation flows that the merchant creates in Fanaura
  • Geographic analytics: Customer location data (city, state, country) is used to provide merchants with geographic audience insights and to help target tour promotions to relevant regions
  • Sales attribution: Orders are tracked and attributed to the Fanaura sales channel in the merchant's Shopify admin

What We Do NOT Do with Shopify Data

  • We do NOT sell customer data to third parties
  • We do NOT use customer data for our own marketing purposes (only for the merchant's benefit)
  • We do NOT share one merchant's customer data with another merchant
  • We do NOT contact customers directly — all communications are sent by the merchant through the platform
  • We do NOT modify product pricing, inventory, or any store settings

GDPR Compliance

We comply with Shopify's mandatory GDPR webhooks:

  • customers/data_request: When a customer requests their data, we identify and provide all stored data associated with that customer's email address
  • customers/redact: When a customer requests data erasure, we delete all records associated with that customer across our database, including fan profiles, order records, interaction history, and event data
  • shop/redact: When a merchant uninstalls the app and requests data erasure, we delete the store connection and all associated data within 48 hours

Disconnection and Uninstallation

  • When a merchant disconnects the Fanaura sales channel: Products are immediately hidden from smart links, the Shopify access token is revoked, and product data is retained for analytics purposes only
  • When a merchant uninstalls the Fanaura app: The store connection is immediately deleted. Upon receiving the shop/redact webhook, all associated store data is deleted
  • Merchants may request complete deletion of all data at any time by contacting privacy@fanaura.com

13. Updates to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or prominent notice on our website. Continued use of our services after changes indicates acceptance.

14. Contact