Privacy Policy
DeeMusiq (operated from KwaZulu-Natal, South Africa) is built to work offline by default. You can stream, download and play music without creating an account, and in that mode your data stays on your device. This policy explains what happens on your device, what we collect if you choose to use the optional online features, and the rights you have over your information.
1. What stays on your device
When you use the app without an account, the following is stored locally on your device only and is not sent to us:
- Your music library, playlists, downloads and playback history.
- App settings and preferences.
- Diagnostic logs the app writes locally.
We have no access to this data. Uninstalling the app removes it. Note that even without an account, the app connects to third-party services to function: it fetches music from streaming sources, checks GitHub for app updates, and — only if you enable scrobbling — sends playback history to Last.fm. Those services receive standard connection data (such as your IP address) under their own privacy policies; none of it is sent to us.
2. Optional online features
Some features — the token wallet, purchases and linked accounts — talk to a DeeMusiq backend service. These features are opt-in: nothing is sent until you create an account or start a purchase. If you opt in, the backend stores:
- A device-bound account — an identifier tied to your device that lets the app sign in without a username.
- An optional email address — only if you choose to add one, used to verify and recover your account.
- Your token wallet ledger — a record of tokens purchased, credited and spent, kept so your balance is correct and disputes can be resolved.
- Linked-account tokens — if you connect a third-party music account, the OAuth tokens for it are stored encrypted at rest. Account passwords are never stored in plain text.
3. Payments
Payments are processed by independent third-party providers: PayFast, Stripe and NOWPayments (for cryptocurrency payments). Your card number and full payment credentials go directly to the provider — DeeMusiq never sees or stores card numbers. We keep a record of each transaction (amount, status, payment method, the provider's payment reference and the tokens credited). Each provider processes your data under its own privacy policy.
4. What we don't do
- We do not sell your personal information.
- We do not build advertising profiles or share your data with ad networks.
- We do not collect data from the offline parts of the app.
5. Your rights (POPIA)
We process personal information in line with South Africa's Protection of Personal Information Act (POPIA). You have the right to:
- Access the personal information we hold about you.
- Correct information that is inaccurate or out of date.
- Delete your account and data — the app has a built-in account deletion option that permanently removes your account, wallet ledger and linked-account data from the backend.
- Lodge a complaint with the South African Information Regulator if you believe your information has been mishandled.
6. Retention and security
Account data is kept only while your account exists and is deleted when you delete your account. We protect data in transit with TLS and protect stored secrets with encryption, but no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Children
DeeMusiq is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.
8. Changes to this policy
If this policy changes, the updated version will be posted on this page with a new effective date.
9. Contact
Questions or requests about your data: deemusiq@protonmail.com
10. Data Breach Notification
In the event of a data breach, DeeMusiq will notify affected users via email (if registered) and in-app notification within 72 hours of discovery. The Information Regulator (South Africa) will also be notified as required by POPIA. Security researchers and users can report suspected breaches to deemusiq@protonmail.com.