CIRO Distribution (“CIRO”, “we”, “our”) respects your privacy and is fully committed to protecting your
personal data.
This Privacy Policy explains what personal information we collect, how we use it, how we share it, and how
we protect it when you use our website, platform, or services.
By accessing or using CIRO, you agree to the terms outlined in this policy.
If you do not agree, please do not use our services.
We may collect the following types of information:
• Account Information: Full name, email address, password, country, artist or label name.
• Billing address, payment method (e.g., PayPal, Stripe, cryptocurrency), transaction history.
• Music and Content Data: Audio files, cover artwork, metadata (including song titles, credits, release
dates), publishing rights.
• Technical Data: IP address, browser type, device type, system language, usage logs, cookies.
• Support Interactions: Messages sent via contact forms, live chat, or email.
• Payout Verification Data:
For users requesting payouts, we may collect additional data such as residential address, phone number, and
preferred payment method.
For Iranian Rial (IRR) payouts: valid National ID number and a bank account in the user’s name (to ensure
ownership match and prevent fraud)
We use your information to:
• Register and manage user accounts.
• Process subscription payments and transactions.
• Provide Manager Plan functionalities (e.g., enabling managers to
create custom-branded artist panels
without CIRO branding)
• Deliver music to Digital Service Providers (DSPs) like Spotify, Apple Music, and others.
• Manage promotional campaigns (playlist placements, influencer campaigns, and platform-based promotions).
• Verify eligibility for custom label activation (for accounts with 5+ artists).
• Respond to support inquiries and technical issues.
• Prevent fraud and abuse.
• Analyze usage and improve our platform.
• Communicate product updates, feature announcements, or promotional offers.
• Verify identity for payout requests and match National ID with bank account ownership for IRR withdrawals.
We process personal data based on:
• Your consent – e.g., for marketing emails.
• Contractual necessity – to fulfill services you’ve subscribed to.
• Legal obligations – e.g., tax compliance.
• Legitimate interests – e.g., maintaining service security and quality.
We share data only when necessary and only with:
• Digital Service Providers (DSPs) for music distribution.
• Payment processors such as PayPal, Stripe, or cryptocurrency gateways.
• Cloud and server infrastructure providers.
• Analytics and tracking tools such as Google Analytics.
All third-party providers acting as data processors are contractually obligated to:
• Use data exclusively for services agreed upon.
• Apply robust technical and organizational security measures (e.g., GDPR Article 32 compliance).
• Notify CIRO of any data breaches without undue delay.
We do not sell, rent, or trade your personal information under any circumstances.
To assign ISRC and UPC codes, CIRO may securely share select metadata and audio content with trusted
third-party providers.
These providers are legally and contractually obligated to:
• Use the data only for technical processing of code assignments.
• Prohibit storing, reusing, or redistributing the content.
All transfers are handled under strict confidentiality and data protection standards.
Depending on your jurisdiction, you have the right to:
• Access your personal data.
• Correct inaccurate or incomplete data.
• Request deletion of your data (“right to be forgotten”).
• Restrict or object to data processing.
• Withdraw consent at any time.
• Request portability of your data.
• File a complaint with a Data Protection Authority.
We respond to all requests within 30 days, or 60 days if complexity or volume requires it.
We use cookies and similar technologies to:
• Maintain login sessions.
• Remember user preferences (e.g., language).
• Track behavior for analytics and performance.
You can manage cookie preferences in your browser. Disabling cookies may affect certain features of the
platform.
We retain personal data as long as needed for:
• Account operation.
• Legal or financial obligations.
• Royalty tracking and audit requirements.
Upon account deletion, non-essential data will be erased. Certain records may remain archived for legal
compliance.
We implement industry-standard encryption, access control, and secure infrastructure to protect your data.
While we take these precautions seriously, no system is 100% secure.
By using CIRO, you acknowledge and accept the inherent risks of online data sharing.
Users are eligible to request withdrawals once their earnings reach at least €10 (or equivalent).
However, payouts are only processed if the user’s account has an active subscription.
If a subscription expires, the earnings will be preserved but payouts will be paused until the subscription
is renewed.
Your data may be stored and processed in countries outside your residence, including the European Union,
Ireland, Italy, and the United States.
We ensure that all international transfers are protected by legal safeguards such as Standard Contractual
Clauses (SCCs) or equivalent protection frameworks.
We may update this policy at any time to reflect legal, technical, or service-related changes.
Changes take effect immediately upon posting on our website.
We recommend reviewing this page regularly to stay informed.
CIRO does not currently have a formally appointed Data Protection Officer (DPO).
If required, users may request to contact a privacy representative by emailing us at the address below.
For any support inquiries, please contact:
Email: support@cirodistribution.com
Last Updated: September 2025