Artist Basic is $2.99/mo. Simple pricing for independent artists.

View pricing

Privacy Policy

Effective Date: January 1, 2024 · Last Updated: April 1, 2026

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Sharing Your Information
  4. 4. Your Rights
  5. 5. Data Security
  6. 6. Data Retention
  7. 7. Children's Privacy
  8. 8. SMS/Text Message Terms
  9. 9. International Data Transfers
  10. 10. Data Deletion
  11. 11. Shopify Sales Channel Data
  12. 12. Updates to This Policy
  13. 13. Contact

Fanaura, Inc. and our parent, subsidiary, and affiliate companies (collectively, “Fanaura,” “we,” “us,” “our”) is a Delaware corporation providing a fan engagement and analytics platform designed to help artists, managers, and labels connect more effectively with their audience. This Privacy Policy (this “Privacy Policy”) explains how we collect, use, and share information, including Personal Information (defined below) about each visitor, user, or customer (each, a “user” and specifically you, “you” or “your”) or our owned and operated website, https://www.fanaura.com/, and of our other affiliated websites, subdomains, mobile versions, applications (including mobile applications), and online media under our operation and control, as well as all backup, mirror, replacement, or substitute websites or webpages we make available as part of the services we provide (collectively, the “Service”), the use of which shall be subject at all times to the Terms of Service.

We are committed to respecting the privacy and privacy rights of our users and recognize the need for appropriate protection and management of information that may be used, either alone or in combination with other information, to personally identify an individual or household (“Personal Information”) and, as a subset thereof, Personal Information that may be considered sensitive personal information under Data Privacy Laws (defined below) (“Sensitive Personal Information”) that is shared with us in connection with users' use of the Service. You may choose whether to provide or disclose Personal Information in connection with your use of the Service. If you choose not to provide the Personal Information we request, you may still visit and use parts of the Service, but may be unable to access or use certain features, options, programs, and services thereof. If you do not agree with any of the terms of this Privacy Policy, please do not use the Service.

1. Information We Collect

A. Personal Information

We collect information you provide when registering for an Account via the Service, some of which may constitute Personal Information, such as your first and last name, email address, phone number, and company affiliation.

B. Usage Data

As described in the Section titled “Information Collected Automatically”, below, we may automatically collect usage data, some of which may constitute Personal Information, including your IP addresses, device/browser types, log data, and interactions for performance and security improvements.

C. Fan Data

The Service enables users to collect and analyze data about their audiences, some of which may constitute Personal Information, including:

  • Names, email addresses, and phone numbers (solely when fans opt-in either via the Service or applicable third-party platforms)
  • Geographic location data (city, state, country)
  • Engagement metrics (pre-saves, RSVPs, purchases)
  • Communication preferences

D. Third-Party Platform Data

When users connect third-party accounts (such as Instagram, Spotify, or Shopify), we may receive data from those platforms, some of which may constitute Personal Information, in accordance with their terms and our users' permissions. This includes:

  • Instagram: Username, profile information, and direct message content for automation purposes
  • Spotify: Artist and track information for pre-save campaigns
  • Shopify: Product catalog data, order data, and customer data associated with orders attributed to the Fanaura sales channel (see Section 12 for full details)

In addition, we may from time to time collect information, including Personal Information, about you from Shopify Inc. (“Shopify”). When you purchase a subscription, via the Service, Shopify, may collect your transaction information, such as the form of payment and the associated account number and billing address used to purchase such subscription, which may be shared with us via encrypted and tokenized methods. To learn more about Shopify's data privacy practices, please visit Shopify's privacy policy located at: https://www.shopify.com/legal/privacy.

E. Shopify Customer Data

When a merchant installs the Fanaura sales channel on their Shopify store, we access and process customer data, some of which may constitute Personal Information, from orders that are attributed to the Fanaura sales channel. This data is received through Shopify's APIs and webhooks and includes:

  • Customer name (first and last name): Used to create and match fan profiles across the merchant's music, merchandise, and tour engagement data
  • Customer email address: Used as the primary identifier to match Shopify customers with existing fan records from music pre-saves, tour RSVPs, and other engagement activities
  • Customer phone number: Used as a secondary identifier for fan matching and, with the merchant's consent, for SMS marketing communications where the customer has opted in
  • Customer geographic location (city, state, country from shipping/billing address): Used for geographic fan analytics, regional tour promotion targeting, and understanding audience distribution
  • Order details: Order number, items purchased, quantities, prices, order total, currency, financial status, and fulfillment status
  • Cart activity: When customers add items to cart through Fanaura smart links, we track the cart event to provide conversion analytics to the merchant

We do NOT access or store:

  • Payment card numbers, CVV codes, or bank account information (all payments are processed entirely by Shopify)
  • Customer data from orders that are not attributed to the Fanaura sales channel
  • Customer browsing history or cookies from the merchant's Shopify storefront
  • Store financial data, billing information, or Shopify plan details

F. Information Collected Automatically

We may from time to time automatically collect certain information when you access or use the Service by means of various software tools described below (depending on your choices). In such circumstances, we use such information for log-in and systems administration purposes, information security and abuse prevention, to track user trends, and to analyze the effectiveness of the Service and to otherwise personalize the Service to you. Alone or in combination with other information, such automatically collected information may constitute Personal Information.

We may automatically collect the following information, some of which may constitute Personal Information, when you access or use the Service:

Log Files on the Service. The information inside the log files may include, amongst other similar types of information, IP addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages, and any other information your browser may send to us.

Cookies. When you use or visit the Service, our servers may send a cookie to your computer. Cookies are small pieces of data that a website asks your browser to store on your computer or mobile device. A cookie contains an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies do not typically contain information that individually identifies you, but Personal Information that we store about you may be linked to the information stored in and obtained from cookies. We use cookies to make interactions with the Service easy and meaningful. We may use cookies that are session-based and persistent. Session cookies exist only during one session and disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that, if you disable your web browser's ability to accept cookies, you will be able to navigate the Service but you may not be able to successfully use all the features of the Service.

If you are based in the United Kingdom or the European Economic Area, we will seek your consent to set non-essential cookies when you first visit our Service. If you click Reject All, we will only set Required Cookies.

Cookie TypePurposeCan be disabled?
Required CookiesEssential for the Service to function (authentication, security, session management)No
Analytics CookiesHelp us understand how users interact with our ServiceYes
Marketing CookiesUsed to deliver relevant advertising and track campaign effectivenessYes

Further, when you use or visit the Service, we may collect your IP address to track and aggregate information. We may also use, either alone or in conjunction with cookies, clear electronic images called “web beacons” (including pixels and tags) that can recognize certain types of information on your computer, such as cookies, when you view a particular site tied to the web beacon. This is used to compile information about your usage of the Service, your interactions with email communications from us, the effectiveness of our advertising campaigns, and to operate and improve the Service, our email communications, and our advertising campaigns.

We also use a third-party product analytics and session replay provider to better understand how users interact with the Service. This provider may collect information such as your IP address, browser type, device type, and details about your interactions with the site, including pages visited, clicks, and navigation behavior. Session replays may capture user activity on the Service to help us diagnose issues and improve functionality and user experience. Our analytics provider processes this data on our behalf under contractual obligations, and a copy of its privacy practices is available upon request by emailing privacy@fanaura.com.

2. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process payments and manage subscriptions
  • To personalize features and offer recommendations
  • To communicate with users about updates and support
  • To send SMS and email notifications (with explicit consent)
  • To enable marketing automation features
  • To match fan identities across music, merchandise, and tour engagement data to provide merchants with a unified view of their audience
  • To provide merchants with analytics about their fan base, including geographic distribution, purchasing behavior, and cross-platform engagement
  • To comply with applicable law, including, without limitation, under U.S. federal, state, local, and foreign laws, regulations, rules, judicial or governmental orders or requests, legal process, and treaties (as may be amended from time to time, collectively, “Applicable Law”)

3. Sharing Your Information

We may share data with:

Service Providers, who are engaged under strict contractual obligations and fall into the following categories:

  • Cloud hosting, database, and content delivery providers
  • Payment processing providers
  • AI and machine learning providers (for AI-powered features)
  • Communications providers (email and SMS delivery)
  • Analytics providers
  • E-commerce platform providers (Shopify, for the Fanaura sales channel)

We will comply with Applicable Law regarding Personal Information transfers and use commercially reasonable efforts to only engage or interact with third-party service providers and business partners that take appropriate measures to protect your Personal Information; however, it is the responsibility of each of those third-party service providers and business partners to comply with Applicable Law and their respective privacy policies, and we take no responsibility for their privacy practices or compliance therewith.

Legal Authorities: We may disclose Personal Information about you if required to do so by Applicable Law or if we believe in good faith that such disclosure is reasonably necessary or helpful to (i) comply with legal process, (ii) enforce the Terms of Service, including investigations of potential violations thereof, (iii) detect, prevent, or otherwise address fraud or security issues, or (iv) protect the rights, property, or personal safety of Fanaura, other Service users, and the public.

In Business Transfers: Fanaura may assign or transfer its rights and/or delegate its obligations under this Privacy Policy and transfer any Personal Information to any third-party company or entity that either acquires or is acquired by Fanaura, or is merged with or into Fanaura, as part of a merger, acquisition, sale, bankruptcy proceeding, or other change of control.

We do not sell Personal Information. We do not sell, rent, or trade any Personal Information, including customer data received from Shopify, to third parties for their own marketing or advertising purposes.

4. Your Rights

NOTICE TO RESIDENTS OF THE EUROPEAN UNION, EUROPEAN ECONOMIC AREA, AND UNITED KINGDOM

European Economic Area and United Kingdom data protection law requires a “lawful basis” for collecting and retaining Personal Information from citizens or residents of the European Economic Area and the United Kingdom, respectively. Our lawful bases for collecting such information about you are permitted under Article 6, Section 1 of the EU general data protection regulation 2016/679 (as amended from time to time, and as adopted by the United Kingdom, the “GDPR”) and are summarized below.

  • Consent: In certain cases, you have affirmatively provided us with your consent to collect your Personal Information for a specific purpose, such as providing your Personal Information when you contact us through the Service or enter into a contract with us.
  • Contract: We may need your Personal Information to comply with our contractual obligation to you to deliver the Service, such as fulfilling any future transactional services.
  • Legal Obligations: Sometimes the law requires us to collect and use your Personal Information, such as applicable tax laws that may require us to retain records of payments made through the Service or through our contract with you.
  • Legitimate Interests: This is a technical term that means we have a good and fair reason to use your Personal Information and we do so in ways which do not harm your interests and rights, such as to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that do not materially impact your rights, freedom, or interests.

For example, we (i) use identity, device, and location information to prevent abuse of the Service by users and to keep the Service secure, and (ii) analyze how users interact with our Service so we can understand better what elements do or do not work well, what services/functionalities may be necessary or desirable to provide you with the best user experience on the Service, and to ensure the safety and security of the Service, which allows us to improve and develop the quality of the online experience we offer all our users.

In accordance with the GDPR, as a resident of the European Union, European Economic Area, or the United Kingdom, you may have the following rights with respect to your Personal Information:

  • If the processing of Personal Information is based on your consent, the right to withdraw consent at any time for the processing of such Personal Information. This will not affect the lawfulness of any processing carried out before the consent was withdrawn;
  • The right to request access to and rectification of your Personal Information;
  • The right to object to or request restriction of the processing of your Personal Information;
  • The right to request erasure of your Personal Information; and
  • The right to receive, in a structured, commonly used and machine-readable format, the Personal Information you have provided to us based on your consent or a contract and that is processed by automated means, and to have such Personal Information transmitted to another company where technically feasible (i.e., data portability).

To make a request pursuant to your GDPR rights, you can contact Fanaura's Privacy Officer by email at privacy@fanaura.com.

If you are not satisfied with our response to any applicable request made pursuant to your rights under the GDPR, you have the right to lodge a complaint about the processing of your Personal Information with your local data protection authority. If you are located in the United Kingdom, this is the Information Commissioner's Office (ICO). If you are located in the European Economic Area, you can contact the Commission Nationale Informatique & Libertés (CNIL).

U.S. CONSUMER PRIVACY RIGHTS

Depending on your U.S. state of residence, you may have additional privacy rights with respect to your Personal Information. These rights may be accorded to you pursuant to, respectively, the California Consumer Privacy Act; the California Privacy Rights Act; the Colorado Privacy Act; the Connecticut Personal Data Privacy and Online Monitoring Act; the Oregon Consumer Privacy Act; the Texas Data Privacy and Security Act; the Utah Consumer Privacy Act; the Virginia Consumer Data Protection Act; the Montana Consumer Data Privacy Act; Nevada's SB 220; the Delaware Data Protection Act; the Iowa Data Protection Act; the Nebraska Data Privacy Act; the New Hampshire Privacy Act; the New Jersey Data Privacy Act; the Tennessee Information Protection Act; the Minnesota Consumer Data Privacy Act; the Maryland Online Data Privacy Act; the Indiana Consumer Data Protection Act; the Kentucky Consumer Data Protection Act; and the Rhode Island Data Transparency and Privacy Protection Act (collectively, as may be amended from time to time, “US Data Privacy Laws,” and together with GDPR, “Data Privacy Laws”). For the purposes of this section, Personal Information shall have the same meaning as “personal data” as such term is used under US Data Privacy Laws.

Requests to Know:

You have the right to request that we disclose:

  • The categories of Personal Information we have collected about you;
  • The categories of sources from which we have collected Personal Information about you;
  • Our use of the Personal Information we have collected about you;
  • The business or commercial purposes for selling or collecting Personal Information about you;
  • The categories of Personal Information sold, shared, or disclosed about you, as well as the categories — and, if you are a resident of Oregon or Colorado, the names — of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom Personal Information was sold; and
  • The specific pieces of Personal Information collected about you for the twelve (12) months prior to the date of your request.

The delivery of our response to your request to know may take place electronically or by mail. We are not required to respond to requests to know more than twice in a twelve (12)-month period.

Requests to Delete:

You have the right to request that we delete any Personal Information about you that we have collected from you and retained, subject to certain exceptions. We may deny your deletion request if retaining the Personal Information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by applicable law;
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • Comply with an obligation under applicable law; and/or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt-Out of the Sale or Sharing of Personal Information:

You have a right to opt out of the sale or sharing of Personal Information and/or Sensitive Personal Information we have collected about you to third parties. If you exercise this right, we will not sell or share Personal Information and/or Sensitive Personal Information about you. Please note that Fanaura does not “sell” or “share” your personal information as such terms are defined under U.S. Data Privacy Laws.

Requests to Correct Inaccurate Personal Information:

You have the right to request that we correct inaccurate Personal Information that we maintain, or which pertains to you. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate Personal Information.

Right to Opt Out of Profiling:

You have the right to opt out of “profiling.” This opt out applies to the automated processing of Personal Information that is used to render decisions that could have a legal or similarly-significant effect on a user. Examples of such decisions include those related to credit and access to fundamental goods or services. Fanaura does not engage in profiling as described above.

Right to Non-Discrimination:

You have the right not to be discriminated against for the exercise of your US Data Privacy Laws rights described above. Unless permitted by US Data Privacy Laws, we will not as a result of such exercise:

  • Deny you services;
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of services; or
  • To the extent applicable, suggest that you may receive a different price or rate for goods or services or a different level or quality of services.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney may submit a request on your behalf.

Methods for Submitting Consumer Requests and Our Response to Requests

To make a request pursuant to your US Data Privacy Laws rights, you must contact Fanaura's Privacy Officer by email at privacy@fanaura.com.

Fanaura reserves the right to verify all requests made pursuant to US Data Privacy Laws. Upon receipt of such request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose. We will acknowledge the receipt of your request within ten (10) days of receipt. Subject to our ability to verify your identity, we will respond to your request within forty-five (45) days of receipt.

If you are a resident of Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, or Virginia, you may appeal our denial of your request pursuant to your US Data Privacy Law rights. To do so, you must email us at privacy@fanaura.com within forty-five (45) days of your receipt of our denial therefor. We will respond to an appeal within sixty (60) days of receipt for residents of Connecticut, Delaware, Iowa, Maryland, Montana, Nebraska, New Hampshire, Texas, Tennessee, and Virginia, and within forty-five (45) days of receipt for residents of Colorado, Minnesota, and New Jersey, and Oregon.

Categories of Personal Information We Have Sold or Shared in the Last Twelve (12) Months:

We have not sold or shared (as such terms are defined under US Data Privacy Laws) any categories of Personal Information during the last twelve (12) months.

Categories of Personal Information We Have Disclosed for a Business Purpose in the Last Twelve (12) Months:

Identifiers, such as your first name, last name, phone number, email address, and mailing address.

Rights of Shopify Store Customers (End Consumers)

If you are a customer who purchased a product through a Fanaura smart link:

  • Your data is processed on behalf of the merchant (the artist or label who operates the Shopify store)
  • The merchant is the data controller; Fanaura acts as a data processor
  • You may exercise your privacy rights by contacting the merchant directly or by contacting us at privacy@fanaura.com
  • We honor all data deletion requests received through Shopify's mandatory GDPR webhooks (see Section 12)

5. Data Security

We implement industry-standard safeguards including:

  • TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Regular security audits and penetration testing
  • SOC 2 compliant infrastructure providers
  • HMAC-SHA256 verification for all incoming Shopify webhooks
  • Encrypted data backups with access controls
  • Separation of test and production environments
  • Data loss prevention strategy
  • Security incident response policy
  • Access logging for all Personal Information operations

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.

6. Data Retention

We retain data only as long as necessary to deliver services or comply with legal obligations:

  • Active account data: Retained while account is active
  • Deleted account data: Purged within 30 days (except as required for legal compliance)
  • Communication logs: Retained for 2 years for compliance purposes
  • Financial records: Retained for 7 years per tax requirements
  • Shopify order data: Retained while the merchant's account is active. Upon merchant disconnection from Shopify, order data is retained for analytics purposes but customer-facing product listings are immediately hidden. Upon merchant account deletion or explicit request, all associated data is deleted within 30 days.
  • Fan profile data from Shopify: Retained while the merchant's account is active. Deleted upon request per Shopify's GDPR webhooks or merchant request.

7. Children's Privacy

We do not knowingly collect data, including Personal Information, from children under 18. If we discover such data, it will be deleted promptly. If you believe a child has provided us with Personal Information, please contact us at privacy@fanaura.com.

8. SMS/Text Message Terms

By providing your phone number and opting in to SMS notifications:

  • You consent to receive SMS messages including verification codes, music release alerts, event reminders, and promotional content
  • Message frequency varies based on your notification preferences
  • Message and data rates may apply
  • You may opt out at any time by replying STOP to any message
  • For help, reply HELP or email support@fanaura.com
  • Consent is not a condition of purchase

9. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States. We use Standard Contractual Clauses and other appropriate safeguards for international transfers.

10. Data Deletion

Regardless of your jurisdiction or U.S. state of residency, you may request deletion of your Personal Information at any time by:

We will process deletion requests within 30 days. Some data may be retained as required by law or for legitimate business purposes (fraud prevention, legal compliance).

11. Shopify Sales Channel Data

This section specifically addresses how Fanaura handles Personal Information in connection with the Fanaura sales channel for Shopify.

Role and Relationship

  • The Shopify merchant (artist, manager, or label) is the data controller for their customers' Personal Information
  • Fanaura acts as a data processor on behalf of the merchant
  • Fanaura processes customer data solely to provide the merchant with fan engagement analytics, cross-platform audience unification, and marketing automation capabilities

Data We Access from Shopify

When the merchant installs the Fanaura sales channel, we access:

  • Product catalog data (titles, descriptions, images, prices, variants, inventory levels) via the Shopify Admin API and webhooks
  • Order data for orders attributed to the Fanaura sales channel, including customer name, email, phone, geographic location, and order details
  • Cart events when customers interact with Fanaura smart links

How We Use Shopify Data

  • Fan matching: Customer email and phone from orders are used to match Shopify customers with existing fan profiles that the merchant has collected through music pre-saves, tour RSVPs, and other Fanaura-powered engagement
  • Unified analytics: Order data is combined with music and tour engagement data to give merchants a complete view of their fans' activity across all verticals
  • Marketing automation: With the merchant's configuration and customer consent, customer contact information may be used in email and SMS automation flows that the merchant creates in Fanaura
  • Geographic analytics: Customer location data (city, state, country) is used to provide merchants with geographic audience insights and to help target tour promotions to relevant regions
  • Sales attribution: Orders are tracked and attributed to the Fanaura sales channel in the merchant's Shopify admin

What We Do NOT Do with Shopify Data

  • We do NOT sell customer data to third parties
  • We do NOT use customer data for our own marketing purposes (only for the merchant's benefit)
  • We do NOT share one merchant's customer data with another merchant
  • We do NOT contact customers directly. All communications are sent by the merchant through the platform
  • We do NOT modify product pricing, inventory, or any store settings

GDPR Compliance

We comply with Shopify's mandatory GDPR webhooks:

  • customers/data_request: When a customer requests their data, we identify and provide all stored data associated with that customer's email address
  • customers/redact: When a customer requests data erasure, we delete all records associated with that customer across our database, including fan profiles, order records, interaction history, and event data
  • shop/redact: When a merchant uninstalls the app and requests data erasure, we delete the store connection and all associated data within 48 hours

Disconnection and Uninstallation

  • When a merchant disconnects the Fanaura sales channel: Products are immediately hidden from smart links, the Shopify access token is revoked, and product data is retained for analytics purposes only
  • When a merchant uninstalls the Fanaura app: The store connection is immediately deleted. Upon receiving the shop/redact webhook, all associated store data is deleted
  • Merchants may request complete deletion of all data at any time by contacting privacy@fanaura.com

12. Updates to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or prominent notice on our website. Continued use of our services after changes indicates acceptance.

13. Contact

© 2026 Fanaura, Inc. All rights reserved.