TheFlow Privacy Policy
Last updated: October 6, 2025
Welcome to TheFlow. This Privacy Policy explains how we collect, use, and protect your information you provide directly to us when you use our music platform in the United States. This Privacy Policy is a part of our Terms.
This policy describes how we collect, process, retain, and disclose personal data about you when providing the Service to you, and our practices for using, maintaining, protecting, and disclosing that information.
If you are a California resident, please review our California Privacy Notice which supplements this policy.
Our Privacy Philosophy
As a creator-owned cooperative, we believe your data belongs to you. We're committed to transparency, user control, and using data only in ways that serve our community's interests and support authentic human creativity.
Table of Contents
6. International Data Transfers
7. Data Retention
8. Children's Privacy
9. Creator-Specific Privacy Rights
10. Analytics & Personalization
11. Cookies & Tracking Technologies
12. Third-Party Integrations
13. Your Privacy Rights by Location
14. Changes to This Policy
15. Contact Us
1. Information We Collect
1.1 Information You Provide Directly
Account Information
Name, email address, username, and password
Profile information, bio, and profile images
Payment and billing information (processed securely by third-party processors)
Verification documents for identity confirmation when required
Content You Create
Music files, artwork, metadata, and lyrics you upload
Posts, comments, playlist descriptions, and other social content
Messages sent through our platform
Feedback and correspondence with our support team
Voluntary Surveys & Research
Responses to optional surveys about your creative process, platform experience, or industry needs
Participation in user research, focus groups, or community feedback sessions
1.2 Information We Collect Automatically
Platform Usage Data
Pages visited, features used, and time spent on different sections
Search queries and discovery interactions
Content interactions (plays, likes, shares, saves)
Device and browser information (type, operating system, IP address)
Listening & Engagement Analytics
What music you listen to, when, and for how long
Skip patterns, repeat behavior, and playlist activity
Social interactions with artists and other users
Geographic location (country/region level for licensing compliance)
Technical & Performance Data
Error logs and crash reports to improve platform stability
Network connection information and performance metrics
Feature usage patterns to guide product development
1.3 Information from Other Sources
Social Media Connections (with your permission)
Basic profile information when you connect social accounts
Contact lists if you choose to find friends on our platform
Payment Processors
Transaction completion status and payment verification
Fraud prevention data from our payment partners
Public Sources
Publicly available information about artists and their work for verification purposes
Industry databases for rights verification and anti-fraud measures
2. How We Use Your Information
2.1 Core Platform Services
Music Streaming & Discovery
Deliver personalized music recommendations
Enable search and discovery features
Process streaming royalties through our "paid attention" model
Maintain your listening history and preferences
Community Features
Enable social interactions between users and artists
Support community discussions and content sharing
Support community discussions and content sharing
Power our Flowji recognition and channel systems
Creator Services
Process uploads and manage your music catalog
Calculate and distribute earnings accurately
Provide detailed analytics about your audience and performance
Support Backstage Pass subscriptions and fan relationships
2.2 Platform Improvement & Innovation
Product Development
Analyze usage patterns to develop new features
Identify and fix technical issues
Test new functionality with user groups
Research industry trends that benefit our community
Algorithmic Enhancement
Improve music recommendation quality
Refine our "Algorithm for Human Flourishing"
Optimize content discovery and curation
Enhance spam and abuse detection
2.3 Business Operations
Legal & Compliance
Verify identity and rights ownership for creators
Comply with copyright, tax, and financial regulations
Respond to legal requests and prevent illegal activity
Maintain platform security and prevent fraud
Communication
Send important updates about your account or our services
Provide customer support and respond to inquiries
Share community news and platform developments
Deliver optional marketing communications (with consent)
2.4 Cooperative Governance
Member Services (for cooperative members)
Verify voting eligibility and facilitate democratic participation
Support board elections and member proposals
Maintain records of cooperative ownership and participation
Enable transparent governance processes
3. Your Data Ownership & Control Rights
3.1 Data Ownership Principle
You Own Your Data
We believe your personal information, creative content, and audience relationships belong to you. TheFlow acts as a steward of this data to provide services, but you retain fundamental ownership and control.
Creator Content Rights
All music, artwork, and creative content you upload remains your property. Our platform license (detailed in our Terms of Service) is limited, revocable, and exists solely to provide services to you and your audience.
3.2 Data Portability
Export Your Information
Download your complete profile, content, and account data
Access your audience analytics and engagement metrics
Export your music catalog with metadata
Receive your listening history and preferences
Industry-Standard Formats
Data provided in commonly used, readable formats (JSON, CSV, etc.)
Content exported in original file formats when possible
Documentation explaining data structure and meaning
3.3 Real-Time Control
Granular Privacy Settings
Control who can see your listening activity
Control who can see your listening activity
Manage discovery preferences and algorithmic personalization
Set communication preferences for different types of messages
Content Control
Remove or modify uploaded content at any time
Control how your music appears in playlists and recommendations
Choose whether to participate in platform features and promotions
Manage social features and fan interaction preferences
3.4 Account Management
Data Correction & Updates
Update, correct, or modify your personal information
Request human review of automated decisions affecting your account
Appeal content moderation or policy enforcement actions records of cooperative ownership and participation
Maintain accurate and current profile information
Account Deletion
Complete account deletion with secure data removal
Selective deletion of specific data categories
Grace periods for accidental deletion requests
Clear timelines for data removal processes
4. Information Sharing & Disclosure
4.1 Our Commitment: No Data Sales
We Never Sell Your Data
TheFlow will never sell, rent, or license your personal information to third parties for their marketing or commercial purposes. This commitment is fundamental to our cooperative values.
No Advertising Revenue Model
We don't rely on advertising revenue, which removes common incentives to share user data with advertisers or data brokers.
4.2 When We Share Information
With Your Explicit Consent
Social media integrations you authorize
Third-party services you choose to connect
Information you choose to make public through platform features
Service Providers We Trust
Payment processing partners (Trolley, Stripe) for secure transactions
Cloud infrastructure providers (with strict data protection agreements)
Analytics partners that help us improve our services (with anonymized data)
Customer support tools that help us assist you better
Legal Requirements
Valid court orders or subpoenas
Legal compliance requirements (tax reporting, copyright enforcement)
Protecting safety and preventing illegal activity
Enforcing our Terms of Service when necessary
Cooperative Governance
Aggregated, anonymized data for member voting and governance decisions
Transparency reporting about platform usage and community health
Democratic oversight mechanisms for member-owners
4.3 Public Information
What's Public by Default
Your display name, profile image, and bio
Music and content you choose to publish
Public posts, comments, and community interactions
Playlists you mark as public
What Remains Private
Your listening history (unless you choose to share)
Personal contact information
Private messages and conversations
Detailed analytics and earnings data
Account and payment information
4.4 Business Transfers
Protecting You During Changes
If TheFlow is ever sold, merged, or undergoes significant corporate changes:
Your data rights transfer with you to any successor organization
We'll notify you 60 days in advance of any such transaction
You'll have the option to delete your account before the transfer
The same privacy protections must be maintained by any successor
5. Data Security & Protection
5.1 Technical Safeguards
Encryption & Security
All data encrypted in transit using industry-standard TLS
Sensitive data encrypted at rest using AES-256 or equivalent
Regular security audits and penetration testing
Multi-factor authentication for enhanced account security
Access Controls
Principle of least privilege for employee access to user data
Regular access reviews and permission audits
Secure development practices and code review processes
Incident response procedures for potential security issues
5.2 Organizational Safeguards
Employee Training
Regular privacy and security training for all staff
Clear policies on data handling and user privacy
Background checks for employees with data access
Confidentiality agreements and ongoing compliance monitoring
Vendor Management
Due diligence on all third-party service providers
Data processing agreements with strict privacy requirements
Regular audits of vendor security practices
Contractual requirements for data breach notification
5.3 Incident Response
If a Data Breach Occurs
Immediate containment and assessment of the incident
Notification to affected users within 72 hours
Detailed explanation of what happened and what data was involved
Free credit monitoring or other protective services if appropriate
Transparent reporting on lessons learned and improvements made
6. International Data Transfers
6.1 Global Platform, Local Protection
Where Your Data Goes
Primary data storage in secure facilities in the United States
Content delivery networks may cache your public content globally for performance
Some service providers may process data in other countries with adequate protections
Transfer Protections
All international transfers comply with applicable data protection laws
Standard Contractual Clauses or equivalent protections for EU data
Regular review of international transfer mechanisms and requirements
User notification of any significant changes to data location practices
6.2 Regional Compliance
European Union (GDPR)
Full compliance with General Data Protection Regulation requirements
Lawful bases for processing clearly identified
Data Protection Officer available for EU-related inquiries
Regular Data Protection Impact Assessments for new features
California (CCPA/CPRA)
Compliance with California Consumer Privacy Act and amendments
Clear disclosure of data collection, use, and sharing practices
Respect for California residents' privacy rights and choices
Annual transparency reporting on data requests and compliance
7. Data Retention
7.1 Retention Principles
Keep What We Need, Delete What We Don't
Data retained only as long as necessary for stated purposes
Regular reviews of data retention needs and legal requirements
Automated deletion processes where possible
Clear retention schedules for different types of information
7.2 Retention Periods
Account Information
Active accounts: Retained while your account is active
Deleted accounts: Most data deleted within 30 days, some retained for legal/safety purposes
Payment information: Retained as required by financial regulations
Content & Creative Work
Your music and uploads: Retained until you remove them or delete your account
Analytics data: Aggregated data may be retained indefinitely for platform improvement
Support communications: Retained for 3 years to track issue resolution
Usage & Technical Data
Detailed logs: Typically retained for 90 days, then aggregated or deleted
Aggregated analytics: May be retained indefinitely in anonymized form
Security logs: Retained for 1 year for safety and fraud prevention
7.3 Legal & Safety Exceptions
Longer Retention When Required
Legal hold obligations from valid legal processes
Ongoing investigations of Terms of Service violations
Financial records as required by tax and accounting regulations
Safety issues involving potential harm to users or our community
8. Children's Privacy
8.1 Age Requirements & Protection
Minimum Age
TheFlow requires users to be at least 13 years old (or the minimum legal age in your country). We do not knowingly collect personal information from children under this age.
Parental Verification
For users between 13-18, we may require parental consent in certain jurisdictions as required by local laws.
Enhanced Protection
Teen users receive additional privacy protections:
More restrictive default privacy settings
Enhanced controls over public visibility
Additional verification for certain monetization features
Proactive monitoring for potential safety issues
8.2 If We Learn About Underage Users
Immediate Action
Prompt deletion of accounts and data for verified underage users
Investigation of how the account was created
Improvements to age verification processes
Notification to parents when legally required
9. Creator-Specific Privacy Rights
9.1 Enhanced Data Control for Creators
Professional Analytics & Insights
Complete ownership of your audience data and analytics
Ability to export detailed fan engagement metrics
Control over how your data is used for platform improvements
Access to raw data behind analytics dashboards
Revenue & Financial Privacy
Private earnings information never shared with other users
Secure financial data processing with trusted payment partners
Complete transaction history available for your records
Tax document management and compliance support
9.2 Creator Content Protection
Intellectual Property Safeguards
Robust protection against unauthorized use of your uploaded content
Clear audit trails for content access and usage
Immediate takedown capabilities for unauthorized distribution
Support for copyright enforcement and protection
Competitive Information
Your strategic data (release plans, collaborations, etc.) kept confidential
No sharing of creator-specific insights with competitors
Protection of unreleased content and creative projects
Secure collaboration tools for working with other creators
9.3 Audience Relationship Protection
Fan Data Ethics
You control how we use data about your audience relationships
No selling or licensing of your fan lists to other parties
Transparent policies about fan data usage for platform features
Respect for fan privacy in our analytics and insights
Community Standards
Enhanced privacy protections during content moderation
Fair appeal processes with human review options
Protection against harassment or targeted abuse
Support for creators facing privacy or safety concerns
10. Analytics & Personalization
10.1 How We Personalize Your Experience
Music Recommendations
Based on your listening history, likes, and engagement patterns
Influenced by artists and users you follow and interact with
Enhanced by our "Algorithm for Human Flourishing" principles
Balanced between discovery and familiar content
Social Features
Personalized community feeds based on your interests and connections
Channel recommendations aligned with your engagement patterns
Content curation that prioritizes human creativity and authentic expression
Flowji suggestions based on your values and recognition patterns
10.2 Analytics Transparency
What We Track
Detailed listening behavior for royalty calculation and music discovery
Social interactions for community features and creator insights
Platform usage patterns for product development and improvement
Performance metrics for technical optimization and reliability
What We Don't Track
Your activity on other websites or apps (no cross-site tracking)
Personal communications outside our platform
Financial information beyond what's necessary for payments
Location data beyond country/region level for licensing
10.3 Your Control Over Personalization
Customization Options
Adjust recommendation algorithms to your preferences
Control data used for personalization features
Opt out of specific analytics or tracking features
Reset your recommendation profile to start fresh
Transparency Tools
View why specific content was recommended to you
See what data influences your personalized experience
Access the logic behind algorithmic decisions affecting your account
Request human review of automated personalization decisions
11. Cookies & Tracking Technologies
11.1 How We Use Cookies
Essential Cookies (Required for platform function)
Login authentication and session management
Security features and fraud prevention
Platform functionality and feature preferences
Load balancing and performance optimization
Analytics Cookies (Help us improve the platform)
Aggregated usage statistics and performance metrics
A/B testing for new features and improvements
Error tracking and technical issue identification
Platform optimization and user experience research
Preference Cookies (Remember your choices)
Display preferences and accessibility settings
Language and regional customization
Content feed and discovery preferences
Privacy settings and consent management
11.2 Your Cookie Choices
Cookie Management
Granular control over different types of cookies
Easy opt-out mechanisms for non-essential tracking
Browser-level cookie controls respected
Clear instructions for managing cookie preferences
Third-Party Cookies
Limited use of third-party cookies for essential services only
No advertising or marketing cookies from external companies
Clear disclosure of any third-party cookies we do use
Regular audits of third-party cookie usage
11.3 Alternative Tracking Technologies
Web Beacons & Pixels
Used only for essential platform functionality
No third-party marketing pixels or tracking beacons
Clear disclosure when these technologies are used
Opt-out options where technically feasible
Device Fingerprinting
Limited use for security and fraud prevention only
No tracking across websites or apps
Transparent disclosure of fingerprinting practices
Privacy-preserving alternatives prioritized