Privacy Policy

Last updated: April 7, 2026

Who We Are

Stembl, Inc. is a Delaware C-Corporation that operates a performance-based music promotion marketplace. Artists pay to promote their music, TikTok micro-creators make videos featuring those tracks, and creators get paid per verified view.

If you have any questions about this policy, contact us at legal@stembl.com.

What Data We Collect

Account Data

When you create a Stembl account we collect your email address, display name, country (stored as a 2-character code), profile image URL, and selected niches.

TikTok Data (Creators)

If you connect your TikTok account we receive your platform user ID, username, display name, avatar URL, and follower count. We also retrieve video-level stats including views, likes, comments, and shares so we can verify promotion performance.

Payment Data

All payment processing is handled by Stripe. We store only your Stripe account ID and account status on our side. We never store credit card numbers, bank account details, or any other raw financial credentials.

Device Data

On mobile we collect push notification tokens (via Expo), a device identifier, and your platform (iOS or Android) so we can deliver notifications about campaign activity and payouts.

Usage Data

We use Vercel Analytics to collect page views and web vitals on our website. Vercel Analytics is privacy-friendly and does not use cookies.

Error Data (Mobile Only)

Our mobile app sends crash reports and basic device information to Sentry so we can fix bugs quickly. Personally identifiable information (PII) collection is disabled in our Sentry configuration.

Waitlist and Newsletter

If you join our waitlist we collect your email and a referral code. For our newsletter we collect your email address only.

How We Use Your Data

We use your data to:

  • Operate the platform and deliver its core features
  • Process payments and payouts through Stripe
  • Verify video views for promotion campaigns
  • Send transactional emails (campaign updates, payout confirmations, account notifications)
  • Prevent fraud and enforce our Terms of Service
  • Improve the service based on aggregated usage patterns

Legal Basis (GDPR)

If you are located in the EU or EEA, we process your data under the following legal bases:

  • Contract performance — we need your data to provide the core features you signed up for (account management, campaigns, payouts).
  • Legitimate interest — fraud prevention, security, and privacy-friendly analytics help us run a safe, reliable service.
  • Consent — marketing emails are only sent with your opt-in consent, and you can unsubscribe at any time.

Third-Party Processors

We share data with the following processors, each of which has their own privacy policy:

  • Supabase — database, authentication, and file storage (US-West-1)
  • Stripe — payment processing and creator payouts (US)
  • TikTok API — OAuth authentication and video performance data
  • Resend — transactional email delivery
  • Sentry — error tracking, mobile app only (US)
  • Vercel — website hosting and privacy-friendly analytics (global edge)
  • Expo — mobile push notification delivery

International Data Transfers

All data is stored in the United States. If you are located in the EU or EEA, transfers of your data to the US rely on Standard Contractual Clauses (SCCs) maintained by our third-party processors. Each processor listed above has committed to appropriate safeguards for cross-border data transfers.

Data Retention

  • Account data is kept for as long as your account is active. If you request account deletion, we remove your data within 30 days.
  • Financial transaction records are retained for 7 years to comply with legal and tax obligations.
  • Sentry crash data auto-expires after 90 days.

Your Rights

GDPR (EU/EEA Residents)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Request erasure of your data
  • Receive your data in a portable format
  • Restrict or object to certain processing
  • Lodge a complaint with your local supervisory authority

CCPA (California Residents)

You have the right to:

  • Know what personal data we collect and how we use it
  • Request deletion of your personal data
  • Opt out of the sale of personal data — though we do not sell your data to third parties
  • Not be discriminated against for exercising your privacy rights

To exercise any of these rights, email legal@stembl.com. We will respond within 30 days.

Cookies

We do not use tracking cookies. The only cookies on our site are essential authentication cookies managed by Supabase to keep you signed in. For more details, see our Cookie Policy.

Children

Stembl is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.

Changes to This Policy

If we make material changes to this policy, we will notify you by email and update the “Last updated” date at the top of this page. Your continued use of Stembl after changes are posted constitutes your acceptance of the updated policy.

Contact

For any privacy-related questions or requests, reach us at legal@stembl.com.