ICO Registration Reference: ZC164843
1. Who We Are
beatid.me is operated by BEAT ID LTD, a company incorporated in England and Wales (Companies House number 17175762). Registered address: Office 18878, 182-184 High Street North, London, England, E6 2JA. BEAT ID LTD is the data controller for all personal data processed through the beatid.me platform.
For all data protection and privacy enquiries, contact us at privacy@beatid.me. We are registered with the UK Information Commissioner's Office (ICO) under registration reference ZC164843.
2. About This Policy
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to DJs (Sellers), Fans (Buyers/subscribers), Bookers and Promoters, and all visitors to beatid.me.
3. What Personal Data We Collect and Why
3.1 DJs (Registered Users / Sellers)
| Data | Purpose | Lawful Basis |
|---|---|---|
| Name, email, profile photo (Google OAuth) | Account creation and authentication | Contract — Art. 6(1)(b) |
| City, bio, social URLs, contact email, Spotify/SoundCloud/RA | Displaying your public profile + EPK | Contract — Art. 6(1)(b) |
| Hero + gallery images; release audio + cover art | Display and deliver purchased tracks | Contract — Art. 6(1)(b) |
| Stripe Connect account ID, payout details, seller tier | Processing payouts + fee rate | Contract — Art. 6(1)(b) |
| Sales order records (amount, currency, fee, buyer country) | Accounting, disputes, tax reporting | Legal obligation 6(1)(c) + LI 6(1)(f) |
| Rights affirmation record (version + timestamp) | IP warranty compliance | Legitimate interests — Art. 6(1)(f) |
Providing this data is necessary to use beatid.me; Stripe Connect payout data is additionally required to receive sales proceeds.
3.2 Fans (Subscribers and Buyers)
| Data | Purpose | Lawful Basis |
|---|---|---|
| Email (subscription) + optional city | Gig alerts / release notifications from the DJ | Consent — Art. 6(1)(a) |
| Email (purchase) | Deliver download link + receipt | Contract — Art. 6(1)(b) |
| Stripe payment token + billing country | Process payment, determine tax treatment | Contract — Art. 6(1)(b) |
| Purchase order records | Purchase history, refunds, disputes | Contract 6(1)(b) + LI 6(1)(f) |
| Download token redemption records | Anti-piracy / anti-sharing | Legitimate interests — Art. 6(1)(f) |
| Refund request details (reason, timestamp) | Processing eligible refunds (14-day window) | Contract — Art. 6(1)(b) |
You can withdraw consent for marketing at any time via the unsubscribe link in any email, or by contacting privacy@beatid.me. Withdrawal does not affect purchase records, which are retained for contractual and legal reasons.
3.3 Bookers and Promoters
We collect your name, email, optional organisation, and booking details (event date, location, territory, message) on the basis of legitimate interests (Art. 6(1)(f)) — enabling genuine business enquiries. Your enquiry is forwarded to the DJ so they can respond, and stored for up to 2 years. To have it deleted, contact privacy@beatid.me.
3.4 All Website Visitors
Page analytics: we record an anonymous page view — only the DJ's page identifier and a counter. No IP addresses, device information, or other personal data are collected for analytics. Session storage: Firebase Authentication uses your browser's local storage to maintain a DJ login session — strictly necessary and exempt from cookie consent under PECR (see the Cookie Policy).
3.5 Community Reports and DMCA / Takedown Requests
If you submit a community report or a DMCA/IP takedown request, we collect the contact details and information you provide, used solely to investigate and action the report. Takedown submissions are retained for up to 6 years for legal record-keeping.
4. Sharing Your Personal Data
We do not sell your personal data. We share it only as follows.
4.1 With DJs: booking enquiry data and fan subscription data are shared with the relevant DJ so they can respond/communicate; purchase order summaries (excluding card details) are shared with the selling DJ for fulfilment, payout reconciliation, and refunds.
4.2 With third-party processors (each under a Data Processing Agreement, processing only on our instructions):
| Provider | Purpose | Transfer Mechanism |
|---|---|---|
| Google Firebase (Auth, Firestore, Storage, Hosting) | Auth, database, file storage, hosting (US) | UK IDTA — Google DPA + UK Addendum |
| Resend | Transactional email (US) | SCCs + UK Addendum |
| Stripe, Inc. | Payments, Connect onboarding, payouts, tax (US) | SCCs + UK Addendum — Stripe DPA |
| Cloudflare R2 | Audio storage + signed-URL delivery | SCCs + UK Addendum — Cloudflare DPA |
International transfers: these providers are predominantly US-based. The US is not subject to a UK adequacy decision; transfers are protected by the UK IDTA or the UK Addendum to the EU SCCs as required by UK GDPR Chapter V.
4.3 Legal obligations: we may disclose data where required by law, court order, or to protect our legal rights, including a valid takedown notice.
5. Data Retention
| Data Category | Retention Period |
|---|---|
| DJ profile data (Firestore + Storage) | Account duration + 30 days after deletion |
| Audio releases + cover art (R2) | Listing availability; deleted within 30 days of removal/account deletion |
| Fan subscriber emails | Until unsubscribe + 30 days |
| Purchase order + entitlement records | 7 years (UK tax + accounting) |
| Download token records | 1 year after expiry/redemption |
| Booking enquiry records | 2 years |
| Refund request records | 7 years |
| DMCA / takedown submissions | 6 years |
| Anonymous page view counters | Indefinite (not personal data) |
6. Your Rights Under UK GDPR
You have rights of access, rectification, erasure, restriction, data portability, objection, and to withdraw consent. Note: purchase and financial records may be retained where we have a legal obligation. Fans and DJs can export and erase their own data directly from their library/account. To exercise any right, contact privacy@beatid.me — we respond within one month and may verify your identity first.
7. Right to Complain
You may lodge a complaint with the ICO — ico.org.uk/make-a-complaint or 0303 123 1113. We'd welcome the chance to resolve any concern directly first.
8. Security
We use Firebase Authentication (Google OAuth — no stored passwords), Firestore Security Rules, HTTPS in transit, single-use signed URLs for audio delivery, Stripe for all card data (we never store raw card details), rate limiting on checkout/upload/download, and restricted admin access.
9. Children
beatid.me is not intended for children under 13; we do not knowingly collect their data. Contact privacy@beatid.me if you believe we have.
10. Changes to This Policy
We may update this policy and will notify registered DJs of material changes by email. The "Last updated" date shows the latest revision.
11. Contact Us
BEAT ID LTD · Office 18878, 182-184 High Street North, London, England, E6 2JA · privacy@beatid.me · ICO ZC164843 · Companies House 17175762.