Effective as of March 8, 2023
"Any reference in this Policy to “Anchor” or the “Anchor Service” is a reference to the hosted experience of Spotify for Podcasters"
This Policy describes how we process your data when you use Anchor, a service provided by Spotify.
It applies to your use of Anchor ("Anchor" or "Anchor Service") and any recordings, audio, transcript, or other material that is made available through Anchor. References to "Spotify", "we", "us", or "our" are to the legal entity indicated at Section 11 "How to contact us"
From time to time, we may develop new or offer additional services. They'll also be subject to this Policy, unless stated otherwise when we introduce them.
This Policy is not...
However, the Spotify Privacy Policy may also apply if you choose to link your Anchor account with your Spotify account to unlock certain additional functionalities.
Privacy laws, including the General Data Protection Regulation ("GDPR"), give rights to individuals over their personal data.
See your rights and their descriptions in this table.
| It's your right to... | |
|---|---|
| Access | Be informed of the personal data we process about you and to request access to it |
| Rectification | Request that we amend or update your personal data where it’s inaccurate or incomplete |
| Erasure | Request that we delete certain of your personal data |
| Restriction | Request that we temporarily or permanently stop processing all or some of your personal data |
| Object | Object to us processing your personal data at any time, on grounds relating to your particular situation Object to your personal data being processed for direct marketing purposes |
| Data portability | Request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service |
| Not be subject to automated decision-making | Not be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect |
If you would like to exercise any of these rights, you can contact us at [email protected]. If you would like to change your push notification preferences, you can use the notification settings on your mobile device. Email marketing messages also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send you).
You also have the right to contact the Swedish Authority for Privacy Protection or your local data protection authority about any questions or concerns.
If you are a resident of the state of California, after January 1,2020, please see our supplemental policy "Additional California Privacy Disclosures" which will discuss additional privacy rights you may have under applicable law regarding the processing of your personal data.
These tables set out the categories of personal data we collect and use.
| Collected when you sign up for the Anchor Service or when you update your account | |
|---|---|
| Categories | Description |
| User Data | Personal data that we need to create your Anchor account and enables you to use the Anchor Service. The type of data collected depends on if you use third party services to sign in. This may include:
We receive some of this data from you, e.g. from the sign up form or account page. We also collect some of this data from your device e.g. country. For more information about how we collect country, see "Your general (non-precise) location". You also have the option to provide us other information about yourself, such as:
|
| Collected through your use of the Anchor Service | |
|---|---|
| Categories | Description |
| Usage Data | Personal data collected about you when you’re accessing and/or using the Anchor Service. There are a few types of information this includes, detailed in the following sections. Information about how you use Anchor Examples include:
Your technical data Examples include:
Your general (non-precise) location This may be understood from technical data (e.g. your IP address, language setting of your device, or payment currency). |
| Additional data you may choose to give us | |
|---|---|
| Categories | Description |
| Payment and Purchase Data | If you are a listener and choose to support a creator, we collect your name and email address. Our payment processor collects your payment information. If you are a creator, monetizing your content on the Anchor Service, we will collect and process personal data for the purposes of providing you payouts and administrating your tax reports. This may include:
Our payment partner also collects your bank account information. |
| Contest, Surveys, and Sweepstakes Data | When you complete any forms, respond to a survey or questionnaire, or take part in a contest or sweepstakes, we collect the personal data you provide. |
| Collected from other ('third party') sources | |
|---|---|
| Categories | Description |
| Authentication partners | If you register for or log into the Anchor Service, using another service, we’ll receive your information from them to help create your account with us. |
| Third party applications and services you connect to your Anchor account | If you connect your Anchor account to a third party application and/or service, we may collect certain information from them to make the integration possible. We’ll ask for your permission before we collect your information from certain third parties. |
| Technical service partners | We work with technical service partners that give us certain data, such as mapping IP addresses to non-precise location data (e.g. city, state). |
The table below sets out:
Here is a general explanation of each "legal basis" to help you understand the table:
| Purpose for processing your data | Legal Basis | Categories of personal data used for the purpose |
|---|---|---|
To provide the Anchor Service in accordance with the contract with you. For example, when we use your personal data to:
| Performance of a Contract |
|
To provide further parts of the Anchor Service. For example, when we use your personal data to enable additional features. | Legitimate Interest Our legitimate interests here include:
|
|
| To diagnose, troubleshoot, and fix issues with the Anchor Service. | Performance of a Contract |
|
To evaluate and develop new features, technologies, and improvements to the Anchor Service. For example, we analyse how our users react to a particular new feature and see whether we should make any changes. | Legitimate Interest Our legitimate interests here include developing and improving products and features for our users. |
|
For marketing or advertising where the law requires us to collect your consent. For example, when we use cookies to understand your interests or the law requires consent for email marketing. | Consent |
|
| For other marketing, promotion and advertising purposes where the law does not require consent. | Legitimate Interest Our legitimate interests here include marketing and promoting the Anchor Service. |
|
To comply with legal obligations that we are subject to. This might be:
For example, when we use your date of birth when required for age verification purposes. | Compliance with legal obligations |
|
| To comply with a request from law enforcement, courts, or other competent authorities. | Compliance with legal obligations, and legitimate interest Our legitimate interests here include assisting law enforcement authorities to prevent or detect serious crime. |
|
| To fulfill contractual obligations with third parties. | Legitimate interest Our legitimate interests here include maintaining our relationships with other third parties so we can provide the Anchor Service. |
|
| To take appropriate action with reports of intellectual property infringement and inappropriate content. | Legitimate interest Our legitimate interests here include protecting intellectual property and original content. |
|
To establish, exercise, or defend legal claims. For example, if we are involved in litigation and we need to provide information to our lawyers in relation to that legal case. | Legitimate interest Our legitimate interests here include:
|
|
To conduct business planning, reporting, and forecasting. For example, when we look at aggregated user data, like the number of new sign ups in a country, in order to plan new locations to launch our products and features in. | Legitimate interest Our legitimate interests here include researching and planning so that we can keep running our business successfully. |
|
| To process and administer payments. | Performance of a Contract, and consent |
|
To keep the Anchor Service secure and to detect and prevent fraud. For example, when we analyse Usage Data to check for fraudulent use of the Spotify Service. | Legitimate Interest Our legitimate interests here include protecting the Anchor Service and our users against fraud and other illegal activity. |
|
To conduct research, and surveys. For example, when we contact our users to ask for your feedback. | Legitimate Interest Our legitimate interests here include to understand more about how users think about and use the Anchor Service. |
|
Retention
We keep your personal data only as long as necessary to provide you with the Anchor Service and for legitimate and essential business purposes, such as
Deletion
If you close or request that we close your account, we’ll delete or anonymise your personal data so it no longer identifies you, unless we’re required to keep something or we still need to use it for a legally justifiable reason.
Here are some examples of situations where we’re legally allowed or required to keep some of your personal data:
When carrying out the activities described in this Policy, Spotify shares your personal data internationally with other Spotify group companies, subcontractors and partners. They may process your personal data in countries whose data protection laws are not considered to be as strong as EU laws or the laws which apply where you live. For example, they may not give you the same rights over your data.
Whenever we transfer personal data internationally, we use tools to:
We do this using a variety of protections, as appropriate for each data transfer. For example, we use:
You can exercise your rights under the Standard Contractual Clauses by contacting us or the third party who processes your personal data.
We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data. However, be aware that no system is ever completely secure.
We have implemented various safeguards including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
To protect your user account, we encourage you to:
The Anchor Service has a minimum “Age Limit” in each country. The Anchor Service is not directed to children whose age:
We do not knowingly collect personal data from children under the applicable Age Limit. If you’re under the Age Limit, please do not use the Anchor Service, and do not provide any personal data to us.
If you’re a parent of a child under the Age Limit and become aware that your child has provided personal data to Spotify via the Anchor Service, please contact us.
If we learn that we’ve collected the personal data of a child under the applicable Age Limit, we’ll take reasonable steps to delete the personal data. This may require us to delete the Anchor account for that child.
We may occasionally make changes to this Policy.
When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances. For example, we may display a prominent notice within the Anchor Service or send you an email or device notification.
For any questions or concerns about this Policy, please contact our Data Protection Officer by emailing [email protected] or by writing to your relevant data controller at the address below.
Data controller if you reside in the US:
Spotify USA, Inc.150 Greenwich StNew York, NY 10007USA
Data controller if you reside in any other country than the US:
Spotify ABRegeringsgatan 19111 53 StockholmSweden