Privacy Policy

Can So Entertainment LLC (“CanSo,” “we,” “us”) provides a platform for independent artists to sell music, merchandise, and tickets directly to fans. This policy applies to the CanSo website, artist storefronts we host, and related services. It does not cover third-party sites we link to, which have their own policies.

• Account information — your name, email address, and password (stored only as a salted hash). Artists may add a public profile: artist name, bio, avatar, location, and social links.
• Payment information — payments are processed by Stripe. We never see or store your full card number; Stripe returns a token and the last four digits for receipts. Artists receiving payouts complete Stripe Connect onboarding directly with Stripe.
• Content you upload — audio, cover art, merch images, and the metadata that describes them. Uploaded files are stored in Cloudflare R2.
• Transaction records — what you bought or sold, amounts, and timestamps, which we keep for receipts, payouts, tax, and dispute resolution.
• Usage and device data — basic logs (IP address, browser type, pages requested) used to operate the service, prevent abuse, and diagnose errors.

• To create and operate your account and artist storefront.
• To process purchases, deliver downloads, and pay out artist earnings.
• To send transactional email (receipts, password resets, booking notices) via Resend.
• To keep the platform secure — detecting fraud, abuse, and unauthorized access.
• To respond to support requests and legal notices such as DMCA takedowns.
• To comply with our legal and tax obligations.

We do not sell your personal data, and we do not use your music or listening history to train advertising profiles.

Where the GDPR or UK GDPR applies, we rely on: contract (to provide the service you signed up for), legitimate interests (to secure and improve the platform), legal obligation (tax and accounting records), and consent (for any non-essential cookies, which you can withdraw at any time).

We share data only with the processors needed to run the service:

• Stripe — payment processing, subscriptions, and artist payouts.
• Cloudflare R2 — storage and delivery of uploaded files.
• Resend — delivery of transactional email.
• Our hosting provider — to serve the application.

We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights and safety of our users.

We use a small number of cookies that are essential for signing in, keeping your cart, and remembering your theme preference. For the full list and how to control them, see our Cookie Policy.

We keep account and content data for as long as your account is active. Transaction records are retained for the period required by tax and accounting law (typically up to seven years). When you delete your account, we remove your profile and content and retain only what the law requires.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can update most details in your account settings or by contacting us. We will not discriminate against you for exercising these rights.

We protect data with encryption in transit (HTTPS), hashed passwords, scoped access controls, time-limited signed URLs for private audio, and a strict Content Security Policy. No system is perfectly secure, but we work to limit the impact of any incident and will notify affected users where required.

Our processors may store data in regions outside your own. Where data leaves the EEA or UK, we rely on Standard Contractual Clauses or an equivalent safeguard offered by the processor.

CanSo is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us information, contact us and we will delete it.

We may update this policy as the service evolves. Material changes will be announced on this page with a new “last updated” date, and where appropriate by email.

Questions about your privacy? Reach us through the contact pageand we'll respond promptly.