Privacy Policy

Last updated: February 23, 2026

Introduction

Stormi Capital B.V. ("Stormi", "we", "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, and how we use it. It applies to all users of the Stormi platform. If you are only visiting our website without creating an account, a more limited set of data applies to you - this is explained below.

This policy is in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law. Our data controller is Stormi Capital B.V., Beursplein 37, 3011 AA Rotterdam, Netherlands (KvK: 86349465).

Data We Collect

We distinguish between two types of users: website visitors and registered platform users.

Website visitors

When you visit our website without creating an account, we collect standard analytics data, including IP address, browser type, device type, pages visited, and time spent on the site. This data is collected to maintain and improve our website and is processed through third-party analytics tools.

Registered platform users

When you create an account and use the Stormi platform, we collect the following categories of personal data:

  • Full name

  • Email address

  • Phone number

  • Residential address

  • Payment details (processed securely via third-party payment providers)

  • Identity verification documents (such as a government-issued ID or passport), required for payout verification and fraud prevention

  • Music metadata (track titles, release dates, artist names, ISRC codes, and other information you provide during upload)

  • Streaming statistics (play counts, revenue reports, and distribution data as reported by DSPs)

  • IP address and device data

Why We Collect Your Data

We collect and process your personal data only for specific, legitimate purposes. The legal basis for each purpose is listed below.

Account creation and management - To create and maintain your Stormi account and provide you access to our services. Legal basis: performance of a contract.

Music distribution - To distribute your music to DSPs on your behalf, including submitting your metadata and content. Legal basis: performance of a contract.

Payouts and financial administration - To process royalty payments, verify your identity before releasing funds, and maintain accurate financial records. Legal basis: performance of a contract and legal obligation.

Identity verification - To verify your identity in the context of payout requests, fraud prevention, and compliance with applicable regulations. Legal basis: legal obligation and legitimate interest.

Fraud prevention and platform integrity - To detect and prevent artificial streaming, policy violations, and other fraudulent or harmful activity. Legal basis: legitimate interest.

Communication - To send you service-related messages, account updates, and important notifications. Legal basis: performance of a contract.

Legal compliance - To comply with applicable laws and regulations, including responding to lawful requests from authorities. Legal basis: legal obligation.

Analytics and platform improvement - To understand how our platform is used and improve our services. Legal basis: legitimate interest.

Third-Party Tools & Data Processors

We work with trusted third-party service providers to operate our platform. These parties may process your personal data on our behalf and are bound by data processing agreements that ensure your data is handled securely and in accordance with GDPR.

We currently use third-party tools for the following purposes:

  • Payment processing - such as Stripe, to securely handle payouts and financial transactions

  • Analytics - such as Google Analytics, to analyse website and platform usage

  • Music distribution - DSPs and aggregation partners to whom your music and metadata are delivered on your behalf

  • Email and communication - to deliver transactional and service emails

We do not sell your personal data to third parties. We do not share your data with third parties for advertising purposes.

Identity Documents

If you request a payout or if we require identity verification for compliance or fraud prevention purposes, we may ask you to provide a copy of a government-issued identity document (such as a passport or national ID card).

This document is processed solely for verification purposes and is stored securely. We retain identity documents only for as long as required by law or by our fraud prevention obligations, after which they are permanently deleted.

Data Retention

We retain your personal data for as long as your account is active or as long as necessary to provide our services. Specific retention periods are as follows:

  • Account data: retained for the duration of your account, plus 2 years after closure

  • Financial records and payout data: retained for 7 years in accordance with Dutch accounting law

  • Identity verification documents: retained for the duration of the verification process, plus any legally required period thereafter

  • Streaming statistics and sales reports: retained for the duration of your account

  • Website analytics data: retained for up to 26 months

Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access - You can request a copy of the personal data we hold about you.

  • Right to rectification - You can ask us to correct inaccurate or incomplete data.

  • Right to erasure - You can request deletion of your data, subject to legal retention obligations.

  • Right to restriction - You can ask us to limit how we process your data in certain circumstances.

  • Right to data portability - You can request your data in a structured, machine-readable format.

  • Right to object - You can object to processing based on legitimate interest.

  • Right to withdraw consent - Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at the details listed at the bottom of this policy. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl

Cookies

Our website uses cookies and similar tracking technologies. Cookies are small files stored on your device that help us understand how our website is used and improve your experience.

We use the following types of cookies:

  • Essential cookies - required for the website to function properly

  • Analytics cookies - used to collect anonymised data about how visitors use our site (for example, via Google Analytics)

When you first visit our website, you will be asked for your consent to non-essential cookies. You can change your cookie preferences at any time through your browser settings.

Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. Payment data is processed exclusively through certified and encrypted payment providers and is never stored on our own servers.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the platform. The "last updated" date at the top of this page will always reflect the most recent version.

Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Stormi Capital B.V. Beursplein 37

3011 AA Rotterdam Netherlands

KvK: 86349465