Privacy Policy
Last updated: 5 May 2026
InterSpace Distribution (“InterSpace Distribution”, “we”, “us” and/or “our”) provides music distribution and related services (together with our website at www.interspacemusic.com and the InterSpace mobile and web applications, the “Services”). This Privacy Policy describes the personal data we collect, how we use and share it, how long we keep it, and the rights you have over it.
By providing us with your personal data, accessing the Site or using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services. For any questions, contact support@interspacemusic.com or our Data Protection Officer at legal@interspacemusic.com.
1. Categories of data we collect
Identity & contact
- Email address (signup, login, OTP delivery, transactional mail)
- First & last name (signup)
- Display / artist name (profile)
- Profile photo (optional, user-uploaded)
- Location — free-text city / country (optional)
Authentication & security
- Password — stored as a salted, one-way hash; never stored in plaintext
- Bearer auth tokens — hashed at rest
- One-time codes — hashed at rest, single-use, with a short expiry
- IP address — rate limiting, fraud signals, audit logs
- User-agent string — audit logs
- Login timestamps and device labels
Device & push
- Firebase Cloud Messaging token (per device)
- Platform (iOS / Android)
- App version
- Last-seen timestamp (90-day rolling retention)
Music content (artist-uploaded)
- Audio files — WAV / FLAC / MP3, stored on AWS S3
- Cover artwork — JPG / PNG, AWS S3
- Artist photos
- Release metadata: titles, ISRC, UPC, lyrics, performer and writer credits, copyright owner and year, language, genre, release date, distribution-platform selections
- Featured / additional artist names
- Smart-link slugs (interspace.ink/<slug>)
KYC / regulatory data (collected only if you request a withdrawal)
- Government-issued ID image — NIN, passport, driver’s licence, national ID, or voter’s card
- Selfie holding the ID (optional but recommended)
- Full legal name and document number
- Date of birth, nationality, country, address (optional)
- A non-reversible fingerprint derived from each uploaded document, retained for fraud and abuse prevention
Financial data
- Bank account details — account-holder name, account number, bank name
- Wire-transfer SWIFT / BIC (when applicable)
- PayPal / Wise email (when applicable)
- Royalty earnings and distributions per period
- Withdrawal history, status, and processing notes
Streaming & analytics
- Per-track / per-album streams imported from DSP CSVs (Spotify, Apple Music, etc.)
- Per-territory and per-platform breakdowns
- Lifetime totals and period trends
Communications
- In-app notifications — release status, royalties, withdrawals, KYC, takedown / update requests
- Push-notification delivery records
- Transactional emails — sign-in code, withdrawal confirmation, royalty receipt, etc.
- Email opt-in via ZapMail (optional marketing list)
Permissions requested by the iOS app
- Camera — KYC selfie, artist photo, cover-art capture
- Photo library — selecting cover art / profile photos
- Push notifications
- Audio session — track-preview playback
- Network
2. Third-party processors
We share data with the following processors strictly for the purposes listed:
| Processor | Purpose | Data flowing to them |
|---|---|---|
| Apple (App Store, TestFlight, APNs) | App distribution and device push delivery | App identifiers, push payloads |
| Google / Firebase | Cloud Messaging push delivery | Device FCM token, push payload |
| AWS S3 | Audio and image storage | Audio files, cover art, KYC documents |
| AWS SES | Transactional email | Email address, name, message body |
| Cloudinary | Image storage | Cover art (historical releases) |
| Paystack (web only) | Subscription payments | Card data — never reaches our servers, tokenised |
| Odesli / songlink.io | Smart-link DSP enrichment | Public release metadata only (UPC, ISRC, title) |
| Spotify, Apple Music, YouTube Music, TikTok, etc. | Distribution to DSPs | Audio, metadata, and cover art per DDEX delivery contract |
3. Retention windows
- Account, profile, catalog, smart links — for as long as the account is active
- Royalty statements, KYC submissions, tax forms, withdrawal history — 7 years (financial-regulation requirement, retained even after account deletion)
- Push tokens — 90 days rolling
- Crash logs and audit logs — 24 months
- API tokens — until revoked or after 90 days of inactivity
- OTPs — 15 minutes
- Magic-link tokens (if re-enabled) — 15 minutes
4. Legal bases for processing (GDPR and similar laws)
- Contract performance — distributing your music, paying royalties, account login
- Legal obligation — KYC, AML, tax reporting, copyright disputes
- Legitimate interest — fraud prevention, abuse detection, security analytics
- Consent — marketing emails (ZapMail), push notifications, optional KYC fields such as date of birth
5. Your rights
- Access, rectification, deletion, and portability of your personal data
- In-app account deletion — Settings → Delete account, processed within 30 days; legally-required records are retained per the 7-year window above
- Email support@interspacemusic.com for GDPR / CCPA / NDPR requests
- Right to lodge a complaint with your local data-protection authority
6. International transfers
Your data may be processed in the United States (AWS, Apple, Google), the United Kingdom, the European Union, and Nigeria. Where data leaves your jurisdiction, we rely on Standard Contractual Clauses or equivalent safeguards.
7. Children
The Services are intended for users aged 13 and over (or the local minimum age — 16 in some EU member states). We do not knowingly collect data from children under that age. If you believe a child has provided us with personal data, please contact support@interspacemusic.com and we will delete it.
8. Contact
- Support: support@interspacemusic.com
- Data Protection Officer: legal@interspacemusic.com
- Mailing address: Suite 12, DDS Complex, 24 Airport Rd, Rukpokwu, 500102, Port Harcourt, Nigeria
