Privacy Policy

What personal data Simuze collects, why we use it, and the rights you have over it.

Effective date: 10 June 2026 Last updated: 10 June 2026

Simuze cares about your privacy. Not in the buzzword sense — in the practical, structural sense. We built Simuze without tracking, without third-party analytics, and without advertising. We only collect what we actually need to run the platform.

This Privacy Policy explains what data we collect, why, what we do with it, and what your rights are. It applies to everyone who uses Simuze.

1. Who is responsible for your data

The data controller for Simuze is Atypisch.nl, the company that operates Simuze.

  • Registered office: Europalaan 2b, 3525KS Utrecht
  • KvK: 08092524
  • VAT: NL001582477B96
  • Privacy contact: support@atypisch.nl

If you have any privacy question or want to exercise a right, support@atypisch.nl is the address to use.

2. The short version

We collect:

  • Account information you give us when you register (via SIMEZU).
  • Content you post — music, profiles, messages, comments, etc.
  • Transaction information when you buy or sell.
  • Minimal technical data needed to deliver pages, keep you logged in, and prevent abuse.

We do not:

  • Run third-party analytics. No Google Analytics, no Matomo, no Plausible, no Mixpanel, nothing.
  • Use tracking cookies or cross-site tracking.
  • Use advertising. There are no ads on Simuze.
  • Sell, rent, or share your data with advertisers or data brokers. Ever.
  • Build behavioural profiles of you.
  • Use your content to train AI models, or let anyone else do so.

The rest of this document spells this out in detail.

3. What we collect and why

3.1 Account data (via SIMEZU)

When you create an account, SIMEZU (our shared account service) collects:

  • Your chosen username and display name
  • Your email address
  • A password (stored as a salted hash, not as readable text)
  • The date you created the account

Optional, only if you provide them:

  • Profile photo, biography, location, links to your other profiles
  • For artist/label/venue accounts: project name, genre, location, links
  • For sellers: legal name and address (required for invoicing), KvK and VAT number if you're a professional seller

Why: to give you a working account and to let other users find and interact with you. Legal basis: performance of our contract with you (the Terms of Service). Retention: as long as your account exists, plus a limited period after closure (see section 7).

3.2 Content you post

Music files, artwork, text, comments, messages, group posts, event listings — everything you upload or write — is stored so we can show it to the audience you've chosen.

Why: that's the platform; without storing your content we have nothing to display. Legal basis: performance of our contract; for content shared in public areas, also legitimate interest in operating a community platform. Retention: until you delete it, you close your account, or it's removed for breaching our rules.

3.3 Transaction data

When you buy or sell on Simuze, we and SIMEZU process:

  • What was sold, when, at what price, with what VAT
  • Buyer and seller identities (account-level)
  • Payment status and payment method type (e.g. "iDEAL", "Visa") — never the card number itself (that stays at the payment processor)
  • Billing address where required for invoicing or VAT
  • Refund history

Why: to process the payment, issue invoices, pay out sellers, comply with tax law, and resolve disputes. Legal basis: performance of contract (the sale), and legal obligation (tax and accounting law). Retention: at least 7 years for invoices and accounting records, as required by Dutch tax law. Other transactional data is kept for shorter periods.

3.4 Technical data

To deliver the platform and protect it from abuse, we process:

  • Your IP address (in server logs and abuse-prevention logs)
  • Your browser type and operating system, from the User-Agent header your browser sends
  • Pages you visit on Simuze (in time-limited application logs)
  • Timing data needed for security (login attempts, password change events)

Why: to deliver the requested pages, keep you logged in, prevent abuse, and diagnose technical issues. Legal basis: legitimate interest in running a secure service; partly also performance of contract. Retention: IP addresses and detailed access logs are retained for no more than 30 days unless we're actively investigating an abuse incident. Security event records (e.g. "this account had three failed logins") may be retained longer if necessary.

3.5 Plays, downloads, and favourites

When you stream a track, download a purchased file, or favourite something, we record the action. This is shown to the artist as an aggregate count, and we use it to show you your library and play history.

Why: artists need to know how their work is doing; you need to find what you've favourited and bought. Legal basis: performance of contract. Retention: for as long as your account exists. You can clear your play history from your settings at any time.

We don't combine this data into behavioural profiles for marketing.

3.6 Communications

If you message another user or contact us, we store the messages.

Why: so the conversation works, and so we can investigate abuse if it's reported. Legal basis: performance of contract; legitimate interest for abuse investigation. Retention: as long as your account exists, or until you delete the conversation. Reported messages may be retained as part of an abuse case.

4. What we do not do

For clarity, because this is unusual on today's internet:

  • We do not load any third-party analytics scripts.
  • We do not load any third-party advertising scripts.
  • We do not place tracking cookies, pixels, fingerprinting scripts, or session replay tools.
  • We do not embed third-party social media widgets that track you on Simuze.
  • We do not share your data with advertisers, data brokers, AI training companies, or data aggregators.
  • We do not use your content to train AI or machine learning systems, and we don't let anyone else do so.

If we ever change this, it would be a material change and you'd be notified well in advance.

5. Who processes data on our behalf

To run Simuze, we use a small number of service providers ("processors"). They process data on our instructions only, under written agreements that meet GDPR requirements:

  • SIMEZU.com (operated by Atypisch.nl) — accounts and payment orchestration.
  • Wemazu.com (operated by Atypisch.nl) — deployment and server infrastructure.
  • Rozuro (operated by Atypisch.nl) — invoicing for professional sellers.
  • SIMEZU.com — handles card and bank payments. They receive the data needed to process the payment.
  • Nefos Cloud hosting (nefos.com) — hosts the servers Simuze runs on.
  • Nefos Cloud hosting (nefos.com) — sends transactional emails (purchase confirmations, password resets, notifications you opted in to).

We try to keep this list as short as practically possible. We'll keep it accurate; check back here for changes.

Some of these providers may, in turn, use sub-processors. We require them to put equivalent protections in place. Where any data leaves the EU/EEA, we use the European Commission's Standard Contractual Clauses or rely on an adequacy decision.

6. Sharing with other users

The whole point of Simuze is to connect people, so some of your information is visible to other users:

  • Public profile information — your username, display name, photo, bio, and content you've published on public profiles or in public groups, is visible to anyone (including non-users, unless you set your profile private).
  • In private groups — only members can see what you post.
  • In direct messages — only the people in the conversation.
  • Sellers and buyers — when you buy from a seller, they see your username and (where needed for delivery or invoicing) the relevant address details. When you sell, your buyers see your seller name.

You can adjust visibility settings on your profile and groups. Use them.

7. How long we keep data

  • Account data: as long as your account is open, plus up to 90 days after closure to allow for restoration, customer support, and dispute resolution. After that, account data is deleted or fully anonymised, except for items we're legally required to keep.
  • Invoices and tax records: 7 years, as required by Dutch tax law (Algemene wet inzake rijksbelastingen).
  • Content: until you delete it; some technical backup copies may persist for up to 90 days after deletion.
  • Logs: IP and access logs no more than 30 days outside active incidents.
  • Abuse records: for as long as needed to enforce our rules and protect users, typically not more than 24 months from the closure of the case unless required longer.

8. Your rights

Under the GDPR, you have a set of rights. You can exercise them by emailing support@atypisch.nl from the email address on your account, or in writing to our registered office.

  • Right of access — get a copy of the data we hold about you.
  • Right to rectification — correct anything that's wrong.
  • Right to erasure — delete your data (except where we're legally required to keep it).
  • Right to restriction — pause processing in some circumstances.
  • Right to object — object to processing based on legitimate interest.
  • Right to data portability — receive a machine-readable export of the data you've given us.
  • Right to withdraw consent — wherever we rely on consent, you can take it back.
  • Right to lodge a complaint with a supervisory authority. In the Netherlands, that's the Autoriteit Persoonsgegevens (https://www.autoriteitpersoonsgegevens.nl). You can also complain to the authority in your EU country of residence.

For most of these, we'll respond within 30 days. If the request is complex or we receive many, we may extend by up to two months and let you know why.

We'll always try to verify it's really you asking before acting on a request. We won't ask for more information than necessary.

9. Cookies and similar technologies

In short: we use only essential cookies, and only when you're actually logged in. No analytics, no tracking. Full details on our Cookie & Tracking Statement at /legal/cookies.

10. Children

Simuze is open to people of all ages. Under European and Dutch data protection law (GDPR Article 8), if you are under 16 we rely on your parent or guardian to agree to how we handle your personal data, so younger users should sign up together with a parent or guardian. We don't knowingly collect personal data from a child under 16 without that consent. If you think a child has registered without it, contact support@atypisch.nl and we'll review the account and remove the data where we need to.

11. Security

We protect your data through:

  • Encrypted connections (HTTPS / TLS) for everything between your browser and our servers.
  • Salted password hashes (never readable passwords).
  • Limited and logged staff access to production data.
  • Server hardening and timely security updates.
  • Backups, encrypted at rest.
  • A no-tracking architecture, which means there's simply less data to leak in the first place.

No system is perfectly secure. If we ever have a data breach that's likely to affect your rights, we'll notify the Dutch DPA within 72 hours and inform you when required by law.

12. International transfers

Simuze is hosted in the EU. Most data stays in the EU. Where any processor handles data outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision, and we tell you about it in section 5.

13. Changes to this Policy

If we make material changes, we'll tell registered users by email or in-app and update the "Last updated" date. Minor edits (clarifications, typos, formatting) take effect when published.

14. Contact

Privacy questions, data requests, complaints: support@atypisch.nl Postal: Atypisch.nl, attn. Privacy, Europalaan 2b, 3525KS Utrecht

Music

Network

Shows

About

Legal

© 2026 Simuze Built on Modular CMS