EVEN LABS INC.

Here is what you should know about your privacy on EVEN.

If you are a fan:

When you buy a Release, subscribe to a Membership, or interact with an artist on EVEN, the artist (or their label) can see some of your information. This includes your name, email, location, what you bought, and how much you spent. If you give your phone number, they can see that too. Artists use this to communicate with you and build their community.

If you opt in to hear from an artist, they may email or text you through our Fan Connect feature. You can opt out anytime. Opting out of one artist does not opt you out of others.

Artists may add tracking pixels (from companies like Meta, Google, or TikTok) to their EVEN pages. Those companies may collect data about your visits to those pages.

If you download music, the files may contain an invisible watermark tied to your account. This helps artists protect their work from piracy.

EVEN reports all sales to Luminate (the company behind the Billboard charts) every day. We do not send them your name or email, but we do report transaction data.

We use Stripe to process payments. We never see your full card number.

If you post in Community Chat, your messages are visible to everyone who bought that Release and to the artist. Chat is not private.

If you are an artist or label:

You have access to Fan Data through Backstage: names, emails, phone numbers, locations, purchase history, and spending. You can use this data to communicate with your fans and analyze engagement. You cannot sell or rent it to third parties.

If you export Fan Data from Backstage, you become responsible for keeping it secure and handling it lawfully. If a fan asks to be deleted, we will notify you and you must delete their data from your systems.

If your fans are in the EU, UK, or Switzerland, you may need to sign a Data Processing Addendum with us before accessing their data. Contact privacy@even.biz.

EVEN collects your Stripe Connect account information (including identity verification and bank details) through Stripe. We receive payout and transaction records.

If you run a Label Account, we store documentation of your artist relationships.

EVEN reports your sales data to Luminate daily. Once reported, that data cannot be taken back.

EVEN also reports usage data to performing rights organizations (ASCAP, BMI, SESAC, GMR) and The Mechanical Licensing Collective as required by our blanket licenses.

The full policy follows below.

This summary is provided for your convenience and is not a substitute for reading the full Privacy Policy.

Last Updated: April 20, 2026.

EVEN Labs Inc. (“EVEN,” “we,” “us,” or “our”) knows that you care about how your Personal Data is collected and used, and we take your privacy seriously. Please read the following to learn more about how we collect, use, disclose, and safeguard your Personal Data when you access or use the www.even.biz website and domain name, mobile applications, and any other linked pages, features, content, or application services offered from time to time by EVEN in connection therewith (collectively, the “Service”), or otherwise interact with us. It covers Personal Data of users, fans, visitors and also artists, record labels, distributors, and other Licensors (as defined in our Terms of Use). When we use the term “Personal Data” in this policy, this means any information related to an individual who can be identified either directly or indirectly from such information. “Personal Data” does not include information that is considered publicly available, aggregated, or deidentified under applicable law.

1. What Personal Data Does EVEN Collect?

The Personal Data we collect varies depending upon the nature of the Services provided or used and our interactions with individuals. The categories of Personal Data we may collect and process (but only to the extent and in a manner consistent with applicable law) are as follows:

Information We Collect From Everyone

The website and platform are not meant for users under thirteen (13) years of age. We do not knowingly collect data from users under thirteen (13) years of age. If you believe we have collected data for a user under thirteen (13) years of age, you can request deletion by emailing support@even.biz

Account information: Name, username, email address, photograph or other likeness, settings, date of birth, and any other information you provide in connection with your user account. If you are over thirteen (13) years of age but under eighteen (18) years of age, you must submit parent or guardian consent via this form.

A parent or guardian can request data, correct it, delete it, restrict or object to processing by emailing support@even.biz

Payment information: Your credit or debit card number, bank account number, and billing and shipping address. This information is collected and processed by our payment provider, Stripe, Inc., (who is a separate controller in respect of such Personal Data, depending on your jurisdiction of residence), as necessary to complete your purchase. We do not receive your credit card information directly, but we may receive information about the transaction, such as the date and time it occurred. This section applies to fan purchases. Licensor payout and financial verification data is described separately under “Information We Collect From Artists and Labels” below.

Website activity information: IP address, browser information, device identifiers, and metrics generated in the normal operation of the Service.

Information collected via cookies and similar technologies: more information about the cookies and similar technologies that are deployed, and your options for consent and controlling such technologies, is made available to you when you visit our Services and at any time through the cookie settings on the website.

Information We Collect From Fans

Profile and preference data: user-provided name, date of birth, email address, country of residence, zip/postal code, picture, location, phone number, and biography.

Purchase and transaction data: Records of your purchases, Membership subscriptions, gift purchases, and spending history on the Site.

Membership data: If you subscribe to a Membership, we collect your subscription status, billing history, renewal and cancellation records, and content access logs for the duration of your subscription.

Event Release data: If you purchase an Event Release, we collect your ticket or access pass information. For in-person events, the Licensor (not EVEN) may separately collect attendance, check-in, or location data at the event itself. EVEN is not responsible for data collected by Licensors at events.

Fan Connect data: If you opt-in to receive communications from an artist or label (a “Licensor”), we collect your email address and/or phone number, communication preferences, opt-in and opt-out records, and message engagement data (opens, clicks).

Link Page data: If you submit information through a Licensor’s fan capture landing page (a “Link Page”), we collect the information you provide, which may include your name, email address, and phone number. This information is shared with the applicable Licensor.

Community Chat data: If you participate in Community Chat, we collect the content of your messages, timestamps, and your identity as visible to other Holders of the applicable Release and to the Licensor. Community Chat messages are not private.

Download data: If you download content from the Site, we record the files downloaded, timestamps, IP addresses, and device identifiers. EVEN may embed invisible digital watermarks in downloaded audio files that are linked to your account for content protection purposes.

Gift recipient data: If someone purchases a Release as a gift for you, we receive your email address from the purchaser to deliver the gift.

Information We Collect From Artists and Labels

Artist profile and content:.User-provided biography, location, genre, social media links, and all content uploaded to the Backstage dashboard including sound recordings, musical compositions, artwork, metadata, video, promotional materials, pricing, and release configuration.

Stripe Connect financial data: If you are a Licensor, Stripe, Inc. collects your identity verification documents, tax identification numbers, and bank account details as required by applicable law and Stripe’s terms. EVEN receives transaction records, payout history, Revenue Split configurations, and account status. EVEN does not directly collect or store your identity documents or bank account numbers.

Label Account documentation: If you operate a Label Account, we may collect information about your entity and documentation of your artist relationships (recording agreements, distribution agreements, management agreements, or other written authorizations).

DDEX and distributor data: If your content is delivered via DDEX, we receive metadata and content files from your distributor.

Content identification data: EVEN may use third-party content identification services (such as audio fingerprinting technology) to compare uploaded content against databases of registered works. This processing is used to detect potential copyright infringement and to enrich metadata. The content identification provider may receive audio fingerprints derived from your uploads but does not receive your Personal Data.

2. How Does EVEN Use Your Personal Data?

For All Users

To allow you to use the Service, to set up a user account and profile, to fulfill legal obligations, and to allow users to identify each other by displaying Personal Data to other users and visitors of the Service.

To provide you with EVEN access associated with your Releases, Memberships, Event Releases, and Downloads.

To personalize and tailor content we send or display on our Services.

To operate, evaluate and improve our business, including developing new products and services, managing our communications, and analyzing our products and services.

To respond to your inquiries.

To apply and enforce our Terms of Use and other agreements.

To protect the rights, property, or safety of EVEN, our employees, our users, or others, including by taking measures to prevent fraud and reduce credit risk.

To verify your age and, where required, to collect and store records of parental consent.

For Fans

To process your purchases, Membership subscriptions, gift deliveries, and Event Release access.

To deliver Fan Connect communications from Licensors you have opted in to hear from, including email and SMS.

To provide your Fan Data (name, email, phone number, location, purchase history, spending) to the Licensors whose Releases you have purchased or whose communications you have opted into, via the Backstage dashboard.

To report sales data to Luminate Data, LLC for music industry chart reporting and analytics. EVEN reports all transactions daily. We do not send Luminate your name or email address.

To detect and prevent piracy and unauthorized distribution, including through digital watermarks embedded in downloaded files and download activity logging.

For Artists and Labels

To provide you with Fan Data through the Backstage dashboard so you can engage with your audience.

To process payments to you through Stripe Connect and to manage Revenue Split distributions.

To report your sales to Luminate Data, LLC. Once reported, this data is subject to a perpetual, irrevocable license to Luminate and cannot be retracted.

To verify Label Account eligibility and the authenticity of documented artist relationships.

To report usage data to performing rights organizations (example: ASCAP, BMI, SESAC, GMR) and The Mechanical Licensing Collective (known as “MLC”) as required by EVEN’s blanket licenses. This data relates to musical compositions and does not include fan Personal Data.

We also may use the information in other ways for which we provide specific notice at the time of collection. We may combine information that we have collected offline with information we collect online, or we may combine information we get from a third party with information we already have.

If you submit any Personal Data relating to other people to us, you represent that you have the authority to do so and have informed that other person about the contents of this Privacy Policy.

AI Generated Content and Data

When a user uploads content to EVEN, we collect information you provide regarding that content, including whether you designate the artist, content or release as artificial intelligence (“AI”) generated. This may include metadata such as tags, descriptions, artist profile information, and other details associated with what you upload. EVEN may also generate or assign its own classifications or labels to content based on internal review processes or automated detection tools.

We use AI-related disclosures and associated metadata for the following purposes:

To display AI-generated content labels to users across the platform, including, but not limited to on artist profiles, release pages, and in search results

To promote transparency and to help users make informed decisions about the content they engage with.

To enforce our Terms of Service and related policies.

To detect, prevent, and address violations such as misrepresentation, nondisclosure, or impersonations.

EVEN may use automated systems to analyze uploaded content and related metadata to identify whether content may be AI-generated or otherwise subject to our platform policies. If content is designated by you or determined by EVEN to be AI-generated, this designation may be displayed publicly.

We may share AI-related metadata and classifications with third party service providers that assist us with:

Data hosting, analytics, and platform functionality

Fraud prevention and security monitoring

Content moderation and trust and safety operations

We may also disclose information as required by law or to protect the right, safety and integrity of EVEN, our users or the public.

We retain AI-related disclosures, classifications and associated metadata for as long as necessary to:

Perform a contract which can include to provide and operate the EVEN platform

Legitimate interests, which include enforce our Terms of Service and policies, transparency, fraud protection and platform integrity

Compliance with legal obligations and resolve disputes.

We may process content and related information to detect and prevent impersonation, unauthorize use of a person’s likeness or other deceptive practices. EVEN does not intentionally collect or process biometric identifiers such as facial recognition data or voiceprints for identification purposes.

You may email support@even.biz if you feel that content has been incorrectly labeled as AI generated or to request correction of inaccurate or incomplete information. Any changes or labels are in EVEN’s sole discretion.

We may update this section from time to time to reflect changes in our practices, technologies or legal requirements. Updates will be reflected by a revised “Effective Date” in this Privacy Policy. Your continued use of EVEN’s platform and website after such changes constitute acceptance of the revised policy.

3. Communications

Email and SMS Communications from EVEN or Licensor:

When you opt-in, EVEN may provide your name, email and phone number to Licensors via their Backstage dashboard. By opting-in, you expressly consent to receive automated marketing, promotional and informational text messages and communications from EVEN or the Licensor at the email address and phone number you provide.  These messages may be sent using an automatic telephone dialing system or other automated technology. Message frequency may vary. Message and data rates may apply. Consent is not a condition of purchase. You may opt out of text messages at any time by replying STOP or request assistance by replying HELP. You may unsubscribe from marketing emails at any time by using the unsubscribe link.

You represent that you are at least 18 years old, or, if required by applicable law, that you have obtained parental or guardian consent. EVEN and/or Licensor may retain records of your consent to demonstrate compliance with applicable laws, including the U.S. Telephone Consumer Protection Act (TCPA), Canada’s Anti-Spam Legislation (CASL), and the European Union General Data Protection Regulation (GDPR).

Shopify App Data

If you install the EVEN Shopify App, we collect and store the following merchant data: store domain, Shopify shop ID, storefront access token, and collection configuration (selected collections and their visibility settings). This data is used solely to sync your selected Shopify collections with the EVEN platform.

We do not store your Shopify admin access token. We do not collect or store personally identifiable data about your customers through the Shopify App.

Our checkout analytics pixel tracks anonymized checkout events (checkout started, checkout completed) to provide sales performance insights. This pixel only runs when the customer has granted consent, in accordance with Shopify's customer privacy controls. No personally identifiable customer information is stored by the pixel.

Session data (used for authentication within the Shopify admin) is stored locally and automatically deleted when the app is uninstalled.

Upon uninstalling the app, your storefront access token is immediately revoked, and your store is marked as inactive. All store data — including collections and setup tokens — is permanently deleted within 48 hours in compliance with Shopify's mandatory data removal requirements (shop/redact webhook). Customer data redaction requests (customers/redact) and customer data access requests (customers/data_request) are processed automatically via Shopify's mandatory compliance webhooks.

To request deletion of your data at any time, contact us at support@even.biz.

Imported Contacts

Licensors may import contacts into Fan Connect. Licensors represent to EVEN that they have a pre-existing relationship with each imported contact and their consent to receive communications. If you receive a communication and did not expect it, you may opt out or contact us at support@even.biz.

4. What is EVEN's Lawful Basis for the Use of Your Personal Data?

We may collect and use Personal Data when:

We have asked for and you have consented to the use of your Personal Data. For example, if you provide consent to the use of cookies which are not strictly necessary, or if you opt-in to receive Fan Connect marketing communications. We will make it clear through the Services if we are asking for your consent.

We need your Personal Data to provide you with the contracted services (including processing purchases, delivering content, managing Memberships, and facilitating payments)

We also use your data to fulfill obligation to use your Personal Data, for example, in responding to and dealing with consumer queries or transaction, comply with age requirements in your Country, records retention or complying with music industry reporting obligations including reporting to Luminate Data, LLC and collective management organizations.

We have a legitimate interest in using your Personal Data. This includes our legitimate interests to ensure and improve the safety, security and performance of our products and services, including to detect and prevent piracy, unauthorized distribution of copyrighted content, and to facilitate artist-fan engagement..

5. When and How Does EVEN Receive Personal Data About You?

We may receive Personal Data relating to you:

From you directly, for example when you are registering or choosing to correspond with us.

Automatically when you use EVEN's Service.

From Licensors, when they import your contact information into Fan Connect.

From Link Pages, when you submit your information through a Licensor's fan capture landing page.

From gift purchasers, when someone buys a Release as a gift for you and provides your email address.

From Stripe, when payment transaction data is generated in connection with your purchases or Licensor payouts.

From distributors, when Licensor Content and associated metadata is delivered via DDEX.

From third-party tracking pixels installed by Licensors on their EVEN pages (such as Meta, Google, TikTok, or X), which may collect data about your interactions with those pages.

6. How Long Does EVEN Keep Your Personal Data For?

EVEN stores Personal Data only for as long as it is necessary for the fulfilment of the purpose for which it was collected, unless otherwise required or authorized by applicable law. For example, in relation to contractual records, we keep them for the statutory limitation period. Cookie data retention periods are set out in our cookie consent settings within the Service. We take measures to destroy or permanently de-identify Personal Data if required by law or if the Personal Data is no longer required for the purpose for which we collected it.

Specific retention periods:

Luminate reporting data is provided under a perpetual, irrevocable license and cannot be retracted once submitted.

SMS consent and opt-out records are retained for the duration required by applicable law (EVEN retains these for at least four years to support TCPA compliance).

Unclaimed payment records are retained for at least twenty-four (24) months, and longer if required by applicable escheatment or unclaimed property laws.

Download logs and watermark identifiers are retained for the duration necessary to enforce content protection and respond to rights holder inquiries.

Label Account artist verification documents are retained for the duration of the Label Account relationship and for a reasonable period thereafter.

Account deletion. If you delete your account, EVEN will delete your Personal Data within thirty (30) days, except where retention is required for: (a) legal compliance (including tax records and transaction history); (b) dispute resolution or enforcement of our Terms of Use; (c) completion of pending transactions or payouts; or (d) data that has already been reported to Luminate (which is subject to a perpetual license and cannot be retracted). Membership billing records are retained for the applicable statutory limitation period.

Analytics data. EVEN uses server-side analytics tools (including PostHog) to understand how users interact with the Service. Analytics data is retained in identifiable form for no longer than twenty-four (24) months and is thereafter aggregated or deleted.

7. How Will EVEN Share Personal Data?

We neither rent nor sell your Personal Data to anyone. We disclose your Personal Data only as described below.

Service Providers

To third party companies and people that we engage to process payments, authenticate, provide cloud infrastructure and the like, on our behalf or to provide you with certain products and services under contractual protections. Our key service providers include, but are not limited to: Stripe, Inc. (payment processing and Licensor payouts), Magic Labs (authentication), and cloud infrastructure providers (Amazon Web Services). These providers process data on our behalf under contractual protections.

Artists and Labels (Licensors)

What Licensors see about you. When you purchase a Release, subscribe to a Membership, or submit information through a Link Page, the applicable Licensor receives your Fan Data through the Backstage dashboard. Fan Data includes: your name, email address, phone number (if provided), country of residence, zip/postal code, purchase history, and spending data.

Fan Data export. Licensors may export Fan Data from Backstage. Once exported, the Licensor is solely responsible for the security and lawful handling of that data.

Licensor termination. If a Licensor’s account is terminated or suspended, EVEN revokes their access to Fan Data in Backstage. EVEN cannot retrieve or delete Fan Data that was exported by the Licensor prior to termination. Former Licensors remain bound by their data handling obligations under the Terms of Use. If you believe that a Licensor whose account has been terminated or suspended continues to retain your personal data, and the Licensor has not responded to your request for deletion, you may contact EVEN at support@even.biz. EVEN will use commercially reasonable efforts to assist you, which may include facilitating communication with the Licensor or, where legally permissible, providing the Licensor’s last known contact information.

Your rights regarding Licensor-held data. If you want to exercise your privacy rights (access, deletion, correction) regarding data held by a Licensor, you may contact EVEN at support@even.biz. EVEN will handle your request, delete applicable data from Backstage, and notify the affected Licensor(s). Licensors are required to comply with deletion requests for any Fan Data they have exported, except where retention is required by law.

Fan Connect communications. If you opt-in, Licensors may send you marketing emails and SMS through Fan Connect. You may opt-out from any Licensor at any time.

Luminate Data, LLC

EVEN reports sales data to Luminate Data, LLC on a daily basis under a Data Supply Agreement. Reported data includes metadata, sales volume, pricing, and anonymized transaction data. EVEN does not share your name, email address, or other directly identifying Personal Data with Luminate. Luminate receives a perpetual, irrevocable license to the reported data. Once submitted, data cannot be retracted.

Performing Rights Organizations and the MLC

EVEN reports usage data to performing rights organizations. The Mechanical Licensing Collective as required by its blanket licenses. This data relates to musical compositions played or distributed through the Site and does not include fan Personal Data.

Third-Party Tracking Pixels

Licensors may install third-party tracking pixels (from companies such as Meta, Google, TikTok, and X) on their EVEN pages. If a Licensor has enabled tracking pixels, those third parties may collect data about your activity on the Licensor’s pages, including page views, clicks, and purchase events. EVEN does not control the data collected by these third-party pixels. For more information, consult the privacy policies of the applicable third-party providers.

User Profiles and Community Chat

User profile information including users' name, email address, purchase history and other information you enter (“User Submissions”) may be displayed to other users in certain cases to facilitate user interaction within the Service. Email addresses are used to add new User Submissions to user profiles and to communicate through User Submissions. Users' email addresses will not be directly revealed to other users by us, except when the user is “connected” to another user via a shared group membership, or an invitation, or if the user has chosen to include their email address in their User Profile. You may designate certain User Submissions, including individual items in your purchase history, as private, in which case they will not be displayed to other users.

Messages you post in Community Chat are visible to all Holders of the applicable Release and to the Licensor. Treat Community Chat as a public forum.

Aggregate Information

We may provide aggregate information to our partners about how our customers, collectively, use our Services. We share this type of statistical data so that our partners also understand how often people use their services and our Service, so that they, too, may provide you with an optimal online experience. EVEN never discloses aggregate information to a partner in a manner that would identify you personally.

Compliance with the Law

We may access, preserve, and disclose collected information if we believe doing so is required or appropriate to: comply with law enforcement requests and legal processes, such as a court order or subpoena; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of EVEN, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

With Your Consent

Except as set forth above, you will be notified when your Personal Data may be shared with third parties and given an opportunity to choose whether or not it is shared.

8. How is Personal Data Kept Secure and Where is it Held?

EVEN aims to protect user information to ensure that your Personal Data is kept private. We take reasonable steps (including appropriate technical and organizational security measures) in an effort to ensure your Personal Data is processed securely and to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. In particular, we take steps to ensure that our employees and service providers who have access to your Personal Data only process it upon our instructions, unless otherwise required by law.

However, no measures are 100% secure, and unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your Personal Data. As such, we cannot guarantee or warrant the security of any information you transmit to us via the internet and any transmission is at your own risk. To protect the security of your data, it is your responsibility to select and protect your password appropriately and limit access to your computer and browser by signing off after you have finished accessing your account.

The Service may contain links to other sites. EVEN is not responsible for the privacy policies and/or practices on other sites. When linking to another site you should read the privacy policy stated on that site. This Privacy Policy only governs information collected by EVEN.

Your Personal Data is primarily held by us in the United States (“US”). If you are based in the European Union (“EU”) or United Kingdom (“UK”), your Personal Data is transferred direct to us. Any transfers of Personal Data out of the EU and UK may be subject to additional legal requirements to ensure that such Personal Data is protected. As needed, we ensure that appropriate contractual protections are in place in order to fulfil such requirements.

9. What Are Your Options With Respect To Marketing?

We may contact you to provide you with information about products and Services similar to those which you previously purchased or used if you opt-in. You may be contacted by us or by Licensors whose Releases you have purchased or whose communications you have opted into. For individuals in the EU, we will only contact you for marketing purposes where you have consented to receive these communications.

You can opt-out of communications by clicking Unsubscribe in any message from fanconnect@even.biz. You can opt-out of Fan Connect SMS by replying STOP. Opting out of one Licensor does not opt you out of others.

To make a privacy request to EVEN, please email us at support@even.biz.

We will continue to contact you for transactional or other non-marketing related purposes, or where we need to send certain information to you under a legal, regulatory, or ethical requirement.

10. What Rights Do You Have Regarding Your Personal Data?

Certain jurisdictions have specific legal requirements and grant privacy rights with respect to Personal Data, and we will comply with restrictions and any requests you submit as required by applicable law. Please note that not all rights are absolute and whether the right applies and any exemptions which are applicable to it may vary depending on the nature of the request and the reasons why we are processing the Personal Data.

You may designate certain user submissions you make as private within the Service so that they are not shared with other users.

You can add or update certain information on pages, such as your email address, and your user profile information. If there is other Personal Data that you consider to be inaccurate, you should let us know.

If we have asked for your consent to certain processing, you have a right to withdraw that consent at any time.

You may have a right to object to our processing of Personal Data where we rely on legitimate interests for such processing.

You have the right to request a copy of the Personal Data we process about you, and you may have a right to request that such Personal Data is ported to another provider or restricted.

You have a right to request the deletion of your Personal Data although in some circumstances we may still need to hold certain records, for example for legal compliance purposes or to defend our rights.

If you request deletion of your Personal Data and a Licensor holds your Fan Data (obtained through Backstage, Fan Connect, or data export), EVEN will notify the Licensor and require prompt deletion from their systems, except where retention is required by law.

California Privacy Rights (CCPA/CPRA)

Under California's “Shine the Light” law, California residents have the right to request information from us regarding other companies to whom we have disclosed certain categories of information during the preceding calendar year for the other companies' direct marketing purposes. We do not currently share your information for other companies' direct marketing purposes, but if you are a California resident and would like to make such a request, please email us at support@even.biz.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights, including: the right to know what Personal Data we collect, use, disclose, and share; the right to request deletion; the right to correct inaccurate Personal Data; the right to opt out of the sale or sharing of Personal Data; and the right to non-discrimination for exercising these rights.

EVEN does not sell Personal Data as defined by the CCPA. However, the following activities may constitute ‘sharing’ of Personal Data under the CPRA: (a) making Fan Data available to Licensors via the Backstage dashboard; and (b) the use of third-party tracking pixels (Meta, Google, TikTok, X) installed by Licensors on their EVEN pages. California residents may opt-out by contacting support@even.biz or by using the ‘Do Not Sell or Share My Personal Information’ link on the Site. Until the automated link is available on the Site, California residents may submit opt-out requests by emailing support@even.biz with the subject line ‘CPRA Opt-Out.’

Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at support@even.biz with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as “sales” are defined by Nevada law.

EU/EEA/UK Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent UK legislation, including: the right to access, rectify, and erase your Personal Data; the right to restrict or object to processing; the right to data portability; and the right to lodge a complaint with your local data protection authority.

Joint controller arrangements. Where EVEN and a Licensor both determine the purposes and means of processing your Personal Data - for example, when a Licensor accesses and uses your Fan Data via Backstage - EVEN and the Licensor may be joint controllers under GDPR Article 26. The essence of this arrangement is as follows: (a) EVEN is responsible for collecting your Personal Data, providing this Privacy Policy, maintaining the technical infrastructure, and serving as your primary contact point for exercising your data protection rights; (b) Licensors are responsible for their own use of Fan Data accessed through Backstage, for any data they export, and for any communications they send you through Fan Connect or other channels; (c) you may exercise your rights by contacting EVEN at support@even.biz, and EVEN will handle your request and notify affected Licensors as necessary; (d) the full Data Processing Addendum is available upon request at privacy@even.biz.

Brazil Privacy Rights (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about data sharing with third parties. To exercise these rights, contact us at support@even.biz.

South Korea Privacy Rights (PIPA)

If you are located in South Korea, you have rights under the Personal Information Protection Act (PIPA), including the right to access, correct, delete, and suspend processing of your Personal Data. The minimum age for using the Service in South Korea is 14. To exercise your rights, contact us at support@even.biz.

If we fall short of your expectations in processing your Personal Data or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. You may contact us  at      support@even.biz . You also have a right to make a complaint to your data protection regulator.

To exercise your rights and choices as described above, please contact us at  support@even.biz .

11. Cross-Border Transfers

For users in the UK and EU. We may sometimes transfer your Personal Data to countries outside the UK and EU, for example if we are using a supplier based elsewhere. The privacy laws in countries outside the UK and EU may be different from those in your home country.

Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we will always have security measures and approved European or UK model clauses (available on the EU's legal website at eur-lex.europa.eu and the UK ones at the ICO website www.ico.gov.uk) or other adequate safeguards in place to protect your Personal Data. Please contact us if you would like more details about our safeguards for data transfers outside of the UK/EU.

For other users. If we transfer your Personal Data to countries outside of your home country, we will take steps to comply with the requirements for such transfer in your home country as required by relevant law.

12. California Do Not Track Disclosure

Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Do Not Track browser settings or signals. For information about Do Not Track, please visit: www.allaboutdnt.org.

EVEN recognizes the Global Privacy Control (GPC) signal as a valid opt-out request under the CCPA/CPRA. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your Personal Data.

13. Cookies

[Existing cookie section (Section 13 of the current policy) remains unchanged in substance. See current policy for full cookie disclosure including types of cookies, Google Analytics, and opt-out instructions.]

[Note] Cookie section is comprehensive as-is. Two editorial updates needed before publication: (1) the existing cookie section references ‘EVEN Albums’ which should be updated to ‘Releases’ for consistency with the TOS; (2) the cookie consent banner implementation (TOS Priority 2) should account for Licensor-installed third-party tracking pixels, which are not traditional cookies but are functionally similar for consent purposes. Also note that PostHog server-side analytics (disclosed in Section 6) are not covered by cookie consent since they do not use client-side cookies - they operate server-side and users have no browser-level control. This is disclosed in the retention section rather than here.

14. Children

The Website and Platform are not meant for use by users under the age of thirteen (13) EVEN does not knowingly collect Personal Data from children under the age of thirteen (13). If we become aware that a child under the age of thirteen (13) has provided Personal Data, we will delete it promptly. In jurisdictions where the minimum age is higher (sixteen in the EEA and UK, fourteen in South Korea, sixteen in Brazil), EVEN does not knowingly collect Personal Data from users below the applicable minimum age without parental or guardian consent.

If you believe a user under the age of thirteen (13) has provided Personal Data without appropriate consent, contact us at support@even.biz.

Users age fourteen (14) but under eighteen (18) must provide parental or guardian consent by having a parent or guardian fill out this form and emailing it to us at support@even.biz

15. Changes to this Privacy Policy

EVEN may amend this Privacy Policy from time to time to reflect our current privacy practices. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. Any changes to this Privacy Policy will be posted on our website and will be effective when posted unless another date is referenced in the notice. We recommend you check the Privacy Policy on a regular basis so that you know the current terms and conditions that apply to you. If we make material changes in the way we use Personal Data, we will notify you by posting an announcement on our Service or sending you an email. If you use our website after any changes are effective, you are agreeing to comply with and be bound by them.

16. Data Breach

If we experience a data breach that involves your data, we will let you know without undue delay.

17. Contact Us

If you have any questions or concerns regarding the privacy of your Personal Data by EVEN, or if you would like to exercise your rights to your Personal Data, please send a detailed message to support@even.biz. Please specify the subject of your request on the subject line and in the body of your message. We will provide the requested information and make every effort to resolve your concerns.

For questions about music publishing rights and licensing: publishing@even.biz

For Data Processing Addendum requests (EU/EEA/UK Licensors): privacy@even.biz

EVEN Labs Inc., 313 N Plankinton Ave, Milwaukee, WI 53203