Skip to content
  • Home
  • Discover
BLACKNWHITESIX

Independent music, uncompressed. A platform for artists who refuse to compromise and listeners who demand more.

Platform

  • Discover
  • Library
  • Dashboard
  • Upload

Company

  • About
  • Artists
  • Careers
  • Press

Legal

  • Terms
  • Privacy
  • Artist Agreement
  • Content Policy
  • Refunds
© 2026 BLACKNWHITESIX (Pty) Ltdsupport@blacknwhitesix.com

Privacy Policy

Last updated: 13 April 2026

1. Introduction

BLACKNWHITESIX (Pty) Ltd (“BLACKNWHITESIX”, “we”, “us”, or “our”) is committed to protecting the privacy and personal information of our users. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you access or use the BLACKNWHITESIX platform (the “Platform”), including our website, mobile applications, and all associated services.

We process personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) of the Republic of South Africa, and all other applicable data protection legislation. By using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal information as described herein.

2. Information We Collect

2.1 Account Registration Data

When you create an account on the Platform, we collect the following information:

  • Email address
  • Display name (username)
  • Date of birth (used for age verification and content filtering)
  • Password — your password is cryptographically hashed before storage and is never stored in plain text. We cannot view or retrieve your password.

2.2 Artist Verification Data

If you register as an Artist, we additionally collect the following for identity verification and payment processing purposes:

  • Government-issued identity document (such as a South African ID card, passport, or driver’s licence)
  • Banking details (bank name, account number, branch code) required for the disbursement of earnings

2.3 Profile Information

You may optionally provide additional profile information, including a profile photograph, biography, social media links, and genre preferences. This information is provided voluntarily and is displayed publicly on your profile.

2.4 Payment Information

Payment transactions are processed by our third-party payment processor, Paystack. When you make a purchase, your payment card details are transmitted directly to Paystack via their secure payment interface. We do not store, process, or have access to your full credit or debit card numbers. We retain only a tokenised reference and transaction metadata (such as amount, date, and status) necessary for record-keeping and dispute resolution.

2.5 Automatically Collected Information

When you access or use the Platform, we automatically collect certain technical and usage information, including:

  • Device Information — device type, operating system, browser type and version, screen resolution, and unique device identifiers
  • Usage Data — pages visited, features used, listening history, search queries, interaction patterns, and session duration
  • IP Address — your Internet Protocol address, which may be used for approximate geolocation, security monitoring, and abuse prevention

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate the Service — to create and manage your account, process transactions, deliver Content, and facilitate interactions between Artists and Listeners
  • Identity Verification — to verify Artist identities, prevent fraud, and ensure compliance with applicable regulations
  • Communication — to send transactional notifications (such as purchase confirmations, payout updates, and account alerts), and to respond to your enquiries and support requests
  • Safety and Security — to detect, prevent, and address fraud, abuse, security incidents, and technical issues; to enforce our Terms of Service; and to protect the rights and safety of our users
  • Age-Appropriate Content — to enforce age-based content filtering for users under the age of 18 by reference to the date of birth provided at registration
  • Analytics and Improvement — to analyse usage patterns and trends in aggregate form so that we may improve the Platform’s functionality, performance, and user experience

4. Legal Basis for Processing (POPIA)

Under the Protection of Personal Information Act (POPIA), we process your personal information on the following lawful grounds:

  • Consent — you have given your explicit consent for the processing of your personal information for one or more specific purposes, such as account creation and optional profile information
  • Contract — processing is necessary for the performance of a contract to which you are a party (for example, processing payments for purchased Content or managing your artist subscription)
  • Legitimate Interest — processing is necessary for our legitimate interests (such as platform security, fraud prevention, and service improvement), provided that such interests are not overridden by your rights and freedoms
  • Legal Obligation — processing is necessary to comply with a legal obligation to which we are subject, including tax record-keeping requirements and responses to lawful government requests

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

  • Paystack — payment information is shared with Paystack, our payment processor, solely for the purpose of processing transactions. Paystack is a PCI DSS-compliant payment provider.
  • Cloud Infrastructure — your data is stored on encrypted cloud infrastructure services. All data is encrypted in transit and at rest using industry-standard encryption protocols.
  • Supabase Storage — audio files, artwork, and other media Content are stored using Supabase Storage, which provides server-side encryption and access controls.
  • Legal Requirements — we may disclose your personal information if required to do so by law, regulation, legal process, or enforceable government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following table summarises our standard retention periods:

Data CategoryRetention Period
Account DataDuration of active account plus 2 years after deletion
Transaction Records7 years (in compliance with tax and financial record-keeping obligations)
Audio Files & ContentDuration of active account (removed upon account deletion)
Identity DocumentsDuration of active account plus 1 year after deletion
Device SessionsAutomatically expired; maximum 3 concurrent sessions enforced
Server Logs90 days

Upon expiry of the applicable retention period, personal information is securely deleted or anonymised so that it can no longer be associated with you.

7. Data Security

We implement a range of technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Password Hashing — all user passwords are cryptographically hashed using industry-standard algorithms before storage. Plain-text passwords are never stored.
  • JWT and Refresh Token Rotation — authentication tokens are short-lived, and refresh tokens are automatically rotated on each use to reduce the risk of token theft and replay attacks.
  • Webhook HMAC Verification — all incoming webhooks from third-party services (such as Paystack) are verified using HMAC signatures to ensure authenticity and prevent tampering.
  • Rate Limiting — API endpoints are protected by rate limiting to prevent brute-force attacks, credential stuffing, and denial-of-service attempts.
  • TLS Encryption — all data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) to prevent interception during transit.
  • Role-Based Access Control — internal access to user data is strictly limited to authorised personnel on a need-to-know basis, enforced through role-based access control mechanisms.

While we take all reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents in accordance with POPIA requirements.

8. Your Rights Under POPIA

As a data subject under the Protection of Personal Information Act, you have the following rights with respect to your personal information:

  • Right of Access — you may request confirmation of whether we hold personal information about you, and if so, request a copy of that information.
  • Right to Correction — you may request that we correct or update any personal information that is inaccurate, incomplete, or misleading.
  • Right to Deletion — you may request the deletion of your personal information where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations.
  • Right to Object — you may object to the processing of your personal information on grounds relating to your particular situation, including processing based on legitimate interest.
  • Right to Data Portability — you may request that we provide your personal information in a structured, commonly used, and machine-readable format for transfer to another service.
  • Right to Withdraw Consent — where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact our Information Officer at legal@blacknwhitesix.com. We will respond to your request within a reasonable time and in any event within the timeframes prescribed by POPIA.

9. Children’s Privacy

The Platform is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information.

  • Users must be at least 13 years of age to create an account on the Platform.
  • Users under the age of 18 are automatically subject to explicit content filtering, which restricts access to Content that has been labelled as containing explicit language or themes. This filter is enforced at the account level and cannot be disabled by the minor user.
  • If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at legal@blacknwhitesix.com so that we may take appropriate action.

10. International Data Transfers

The Platform is primarily operated from and for users within the Republic of South Africa. Your personal information is primarily stored and processed within South Africa.

In cases where your personal information may be transferred to, stored in, or processed in a jurisdiction outside of South Africa (for example, through the use of cloud infrastructure providers with international data centres), we ensure that such transfers are carried out in compliance with Section 72 of POPIA. Appropriate safeguards are implemented, which may include ensuring that the recipient jurisdiction provides an adequate level of data protection, or that the recipient is bound by contractual obligations providing equivalent protection to that afforded under POPIA.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the operation of the Platform. For material changes, we will provide at least fourteen (14) days’ advance notice via email to the address associated with your account and/or through a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. Information Officer

In accordance with POPIA, BLACKNWHITESIX has designated an Information Officer who is responsible for ensuring compliance with data protection obligations and for addressing all queries and requests related to the processing of personal information.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please contact our Information Officer:

BLACKNWHITESIX (Pty) Ltd
Information Officer
Email: legal@blacknwhitesix.com
Address: East London, South Africa

You also have the right to lodge a complaint with the Information Regulator of South Africa if you believe that your personal information has been processed in violation of POPIA:

Information Regulator (South Africa)
Website: https://inforegulator.org.za

Terms of ServicePrivacy PolicyArtist AgreementContent PolicyRefund PolicyVAT & Tax Notice