LIVE ON AIR
NERSIRADIOIT.COM
// LEGAL

Privacy Policy

Last updated · May 1, 2026

NERSI RADIO ("NERSI RADIO", "we", "us" or "our") operates the music-distribution and promotion platform available at nersiradioit.com and its sub-domains (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data. By using the Service, you agree to the practices described below.

1. Who we are

NERSI RADIO is operated from Via Torino 213, 10015 Ivrea (TO), Italy. For any privacy-related question, contact us at nersiradioit@gmail.com.

2. Information we collect

We only collect the data we need to operate the Service:

  • Account data — email, password (hashed), legal name, artist / DJ / label name, profile photo, bio, social handles, country and account type (Fan, Artist, DJ, Label, Admin).
  • Payout information — PayPal email, IBAN, account holder name, or Stripe Connect ID, used solely to send you the royalties you earn.
  • Content you upload — audio files, video files, cover art, release metadata (ISRC, UPC, track titles, contributors), DJ mixtapes, fan posts. You retain ownership of all content you upload.
  • Usage data — pages visited, smart-link views, DSP clicks, plays, downloads, country (derived from IP), referrer, user agent. This data is aggregated and never sold.
  • Cookies — strictly necessary cookies for authentication (httpOnly JWT access + refresh tokens) and a session cookie to power the live "On Air" player and listener counter.

3. How we use your information

  • Operate, secure and improve the Service.
  • Deliver your music to Digital Service Providers (DSPs) you select.
  • Send transactional emails (welcome, release-live notifications, daily digest opt-in) and account-security alerts.
  • Process payments via Stripe and pay you royalties via PayPal, Stripe Connect or bank transfer.
  • Detect, prevent and respond to fraud, abuse or violations of our Terms of Service.
  • Comply with applicable legal obligations (tax, anti-money-laundering, court orders).

4. Third-party services we share data with

NERSI RADIO uses carefully selected providers. Each one only receives the minimum data needed to perform their function:

  • Google (YouTube Data API v3) — when you connect your YouTube channel, we use Google OAuth to upload videos on your behalf. NERSI RADIO's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We never sell Google user data, never use it for advertising, and never let humans read it except (a) with your explicit consent, (b) for security, (c) to comply with the law, or (d) to debug a specific issue you reported. You can revoke access at any time at myaccount.google.com/permissions.
  • Mixcloud — when you connect your Mixcloud account, OAuth tokens allow us to upload mixtapes on your behalf.
  • Stripe — payment processing for subscriptions (Artist / Label plans). Stripe is PCI-DSS compliant and we never see your card number.
  • PayPal — outgoing royalty payouts via the PayPal Payouts API.
  • Resend — transactional email delivery.
  • DSPs (Spotify, Apple Music, YouTube Music, Tidal, Deezer, Amazon Music, etc.) — we transmit the metadata and audio/video files of the releases you ask us to distribute. Each DSP applies its own privacy policy once the music is live on their platform.
  • Cloud storage and CDN — Emergent Object Storage hosts your uploaded files securely.

5. Data retention

We retain account data for as long as your account is active, and for up to 24 months after deletion to comply with accounting and royalty reporting obligations. You can request immediate deletion of any non-required data at any time by emailing nersiradioit@gmail.com.

6. Your rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate data.
  • Delete your account and personal data ("right to erasure").
  • Export your data in a portable format ("data portability").
  • Object to or restrict certain types of processing.
  • Withdraw consent at any time without affecting prior processing.
  • Lodge a complaint with your local data protection authority (in Italy: Garante per la Protezione dei Dati Personali).

To exercise any of these rights, email nersiradioit@gmail.com. We respond within 30 days.

7. Security

Passwords are stored with bcrypt one-way hashing. All traffic is served over HTTPS / TLS. Authentication uses short-lived (15-minute) access tokens with refresh rotation. We apply brute-force lockout, an admin-email whitelist, and audit-log every administrative action. No method of transmission over the Internet is 100% secure, but we apply commercially reasonable safeguards.

8. Children

The Service is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will delete it.

9. International transfers

Data may be processed in countries outside the European Economic Area, including the United States, where our infrastructure providers (Stripe, PayPal, Google, Resend) operate. These providers participate in the EU-U.S. Data Privacy Framework or equivalent Standard Contractual Clauses.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email (to the address associated with your account) or via a notice on the Service at least 14 days before they take effect.

11. Contact

Questions, complaints or requests: nersiradioit@gmail.com.

Made with Emergent