Legal draft · July 11, 2026
Privacy Policy
This policy explains what information Entropy collects, why we use it, when we share it, and the choices and rights available to you.
Effective date: [DATE APPROVED FOR PUBLICATION]
1. Who we are
Entropy is a social music service operated by Entropy Media Inc. ("Entropy," "we," "us," or "our"). For purposes of the European Economic Area (EEA), United Kingdom, and similar privacy laws, Entropy Media Inc. is the controller of the personal information described in this policy unless we say otherwise.
Registered address: [FULL LEGAL ADDRESS]
Privacy contact: privacy@entropy-music.com
EU/UK representative, if required: [NAME AND CONTACT DETAILS]
2. Scope
This policy applies to the Entropy iOS app, entropy-music.com, and related support, safety, and account services that link to it (together, the "Service"). It does not govern Apple Music, websites linked from posts, or other third-party services, which have their own privacy practices.
The entropy-music.com website is designed to operate without non-essential cookies, third-party tracking pixels, or advertising SDKs. If that changes, we will update this policy and, where required, obtain consent before setting non-essential cookies. [VERIFY THE PRODUCTION SITE SETS NO NON-ESSENTIAL COOKIES OR THIRD-PARTY REQUESTS BEFORE PUBLISHING THIS SENTENCE.]
3. Information we collect
Information you provide
- Account and profile information: your Sign in with Apple identifier, name, email address (including an Apple private relay address), username or handle, biography, profile and header images, and linked-account information.
- Content and social activity: posts, captions, comments or conversations where available, photos, videos, GIFs, links, polls, prompt responses, music and people tags, location tags, likes, follows, blocks, mutes, reports, and other interactions. Content you post publicly may be visible to anyone and may be reshared outside Entropy.
- Music information: music-taste selections and the songs, albums, artists, playlists, podcasts, or catalogue pages you view, search for, attach, play, save, or otherwise interact with. If you authorize Apple Music access, the app may access information permitted by MusicKit, such as authorization status and relevant library or playback information.
- Communications: messages you send through features that are available in your version of the Service, support requests, privacy requests, reports, appeals, and other correspondence.
- Optional location: a place you choose to tag and, if you grant iOS location permission, your approximate or precise device location as needed to suggest nearby places. [CONFIRM WHETHER PRECISE COORDINATES LEAVE THE DEVICE AND HOW LONG THEY ARE KEPT.]
Information collected automatically
- Device and network data: device and app identifiers, push-notification token, IP address, device model, operating-system and app version, language, time zone, and network information.
- Usage data: screens and features used, searches, content impressions and interactions, playback-related activity, notification interactions, referring pages, timestamps, and session information.
- Diagnostics and security data: crash reports, performance data, logs, suspected-abuse signals, and information used to prevent spam, fraud, and unauthorized access.
Information from others
We may receive information from Apple when you sign in or use MusicKit; from other users when they tag, mention, follow, report, or interact with you; from service providers that help us operate and secure Entropy; and from public music catalogues or rights holders. What Apple shares depends on your Apple settings and permissions.
4. How and why we use information
| Purpose | Examples | GDPR/UK GDPR lawful basis |
|---|---|---|
| Provide the Service | Create and secure accounts; publish content; provide feeds, search, playback integrations, social features, uploads, notifications, and support. | Performance of our contract with you. |
| Personalize and improve | Rank and recommend people, music, and posts; remember preferences; understand feature use; test and improve reliability. | Our legitimate interests in operating and improving a relevant service, balanced against your rights; consent where required. |
| Safety and integrity | Review reports; detect spam, fraud, security incidents, and policy violations; enforce our Terms and Community Guidelines; protect users and the public. | Our legitimate interests, performance of our contract, compliance with law, and protection of vital interests where necessary. |
| Communicate with you | Send service notices, account and security messages, respond to requests, and send optional product or marketing updates. | Performance of our contract and legitimate interests for service messages; consent for marketing where required. |
| Comply with law | Respond to valid legal requests; preserve records; establish, exercise, or defend legal claims. | Compliance with legal obligations and our legitimate interests. |
We do not use solely automated decisions that produce legal or similarly significant effects on you. Feeds and recommendations may use automated ranking based on signals such as who you follow, your interactions, music preferences, recency, and safety or quality signals. [CONFIRM RANKING INPUTS AND WHETHER USERS CAN SELECT A NON-PERSONALIZED OR FOLLOWING-ONLY FEED.]
5. When we disclose information
- Other users and the public. We display information according to the audience and privacy settings you select. Public content and profile information may be indexed, copied, or reshared by others.
- Service providers. Vendors may process information for authentication, hosting, storage and content delivery, push notifications, crash diagnostics, customer support, security, and other operational services. Current or anticipated providers include Apple/MusicKit, Firebase or other Google services, Cloudflare (including R2), and our API and infrastructure hosting providers. [REPLACE WITH A VERIFIED PRODUCTION PROCESSOR LIST AND FUNCTIONS.]
- Legal and safety reasons. We may disclose information when we reasonably believe it is necessary to comply with law or a valid legal process; protect rights, safety, and property; investigate abuse; or enforce our agreements.
- Business transactions. Information may be disclosed as part of a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality protections.
- With your direction or consent. We disclose information when you connect a third-party service, share content, or otherwise ask us to do so.
Entropy does not sell personal information for money, and we do not currently disclose personal information for cross-context behavioural or targeted advertising. If that changes, we will update this policy and provide any notice and opt-out mechanism required by applicable law, including recognized opt-out preference signals where mandated. [COUNSEL: CONFIRM WHETHER ANY CURRENT OR PLANNED ADVERTISING, CROSS-CONTEXT BEHAVIOURAL ADVERTISING, OR DISCLOSURE CONSTITUTES “SALE,” “SHARING,” OR TARGETED ADVERTISING UNDER APPLICABLE US STATE LAWS. IF SO, ADD THE REQUIRED NOTICE, OPT-OUT LINK, AND GLOBAL PRIVACY CONTROL SUPPORT.]
6. Storage, retention, and deletion
We keep personal information only as long as reasonably necessary for the purposes described above, including providing the Service, maintaining security, resolving disputes, enforcing agreements, and meeting legal obligations. Our retention depends on the type of information:
- account and profile data: while your account is active and for [PERIOD] after deletion;
- posts, uploaded media, and social activity: until you delete them or your account, subject to backups, content shared by others, and legal or safety exceptions;
- support, report, and enforcement records: [PERIOD], depending on severity and legal need;
- logs, diagnostics, and security data: [PERIOD]; and
- backup copies: deleted or overwritten on a rolling basis within [PERIOD].
When retention is no longer necessary, we delete or anonymize information. Account deletion does not necessarily remove copies another user made or content lawfully retained to protect safety, prevent fraud, comply with law, or establish legal claims. See Delete your account for the verified deletion route and details.
7. International data transfers
Entropy is based in Canada, and we and our providers may process information in Canada, the United States, the EEA, and other countries where privacy laws may differ from those where you live. Where the GDPR or UK GDPR requires a transfer mechanism, we use an adequacy decision or appropriate safeguards such as approved Standard Contractual Clauses, together with supplementary measures where appropriate. You may contact us for information about the safeguards relevant to your data. [VERIFY DATA LOCATIONS, CANADIAN ADEQUACY SCOPE, SCC MODULES, TRANSFER IMPACT ASSESSMENTS, AND UK ADDENDUM.]
8. Your choices and privacy rights
You can manage profile and audience settings in Entropy, change iOS permissions for Music, photos, camera, microphone, notifications, and location, unsubscribe from optional marketing, and use in-app block, mute, report, and deletion controls.
Depending on where you live, you may have rights to:
- access and receive a copy of your personal information;
- correct inaccurate or incomplete information;
- delete information;
- restrict or object to certain processing, including direct marketing;
- receive certain information in a portable, machine-readable format;
- withdraw consent at any time, without affecting earlier lawful processing;
- appeal our refusal of a request where applicable; and
- lodge a complaint with your local data-protection or privacy authority. EEA authorities are listed through the European Data Protection Board; in the United Kingdom, the authority is the Information Commissioner's Office; in Canada, the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner.
Submit a request through Privacy Choices or email privacy@entropy-music.com. We may ask for information reasonably necessary to verify your identity and authority. Authorized agents may submit requests where permitted by law. We will not discriminate against you for exercising a privacy right. For GDPR requests, we generally respond within one month, subject to lawful extensions.
You are not required by statute to provide personal information to us. However, some information—such as your Sign in with Apple identifier—is necessary to create and operate an account, and we cannot provide the Service without it. Providing optional information, such as location tags or Apple Music access, is always your choice.
9. Children
Entropy is not directed to children under [13/16 — SELECT BASED ON LAUNCH MARKETS AND AGE-ASSURANCE DESIGN], and they may not create an account. If we learn that we collected personal information from a child contrary to applicable law, we will take reasonable steps to delete it. A parent or guardian may contact us at privacy@entropy-music.com. Age rules and parental-consent thresholds vary by country; the final product controls and policy must align with every market in which Entropy is offered.
10. Security
We use administrative, technical, and physical safeguards designed to protect personal information. No system is completely secure, so we cannot guarantee absolute security. Please use available account-security features and contact security@entropy-music.com if you believe your account or the Service has been compromised. [CONFIRM THIS MAILBOX IS MONITORED.]
11. Changes to this policy
We may update this policy as Entropy changes. We will post the revised version and update its effective date. If a change materially affects your rights or how we use personal information, we will provide additional notice as required by law.
12. Contact us
Questions or requests may be sent to privacy@entropy-music.com or Entropy Media Inc., [FULL POSTAL ADDRESS]. If required, our data protection officer is [NAME OR “NOT APPOINTED”] at [CONTACT].