By using NCplay, you agree to the collection and use of information in accordance with this policy.
Contact: [email protected]
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name (first and last name)
- Email address (used for login, verification, and communications)
- Phone number (international format, used for account identification)
- Password (stored as a secure bcrypt hash — we never store plaintext passwords)
- Referral code (if you were referred by another user)
1.2 Streaming & Playback Data
When you stream music, we collect:
- Listening duration (how long you listened)
- Completion percentage (how much of the track you played)
- Playback positions (seek positions during playback)
- Audio status (whether audio was playing, muted, or background-manipulated)
- Session identifier (unique per stream session)
- Timestamp of each stream
1.3 Device Information
- Device identifier assigned by the app
- IP address (collected from request headers, including proxy/CDN forwarding)
1.4 Location Data
- Country — resolved from your IP address using ip-api.com, a third-party geolocation service. We store only the country name, not precise location coordinates.
- Country inference — we may also infer your country from your phone number's international calling code.
1.5 Crypto Wallet Data
When your account is created, a custodial cryptocurrency wallet is automatically generated for you. We store:
- Wallet addresses (Bitcoin and BSC/BNB Smart Chain)
- Encrypted mnemonic phrase (encrypted before storage — we hold the encryption key)
- Transaction history (deposits, withdrawals, swaps — including hashes, amounts, addresses, fees, and timestamps)
1.6 Uploaded Content
- Profile picture (avatar image) — uploaded and stored in Cloudflare R2 cloud storage
1.7 Usage & Activity Data
- Play history (tracks played and timestamps)
- Download history (tracks downloaded)
- Follow relationships (users and artists you follow)
- Playlist data (playlists you create and their contents)
- Library data (saved albums)
- Notification history (system messages, crypto events, subscription events)
1.8 Subscription Data
- Subscription plan (free, premium, or premium+)
- Payment details (amount, token used, blockchain transaction hash)
- Subscription period (start and expiry dates)
2. How We Use Your Information
We use your information to:
- Provide the Service — stream music, manage your account, process transactions
- Reward system — calculate and distribute NCT streaming rewards based on your activity and subscription tier
- Fraud prevention — detect and prevent abuse such as device farming, bot activity, and artificial stream manipulation
- Wallet operations — process cryptocurrency deposits, withdrawals, and swaps
- Communications — send OTP codes for verification, password reset emails, and system notifications
- Referral tracking — attribute referral rewards when referred users subscribe
- Content recommendations — suggest music based on your listening history and genre preferences
- Analytics — understand usage patterns to improve the Service (aggregated and per-user)
- Security — monitor for suspicious activity and protect user accounts
- Legal compliance — comply with applicable laws and regulations
3. Fraud Detection & Account Monitoring
To maintain the integrity of the reward system, we employ automated monitoring that analyzes:
- Stream volume — excessive daily streams may trigger a review
- Listening patterns — repetitive looping patterns (e.g., the same sequence of songs played repeatedly) are flagged
- Device sharing — multiple accounts streaming from the same device are flagged
- Listen duration — unrealistic daily listening hours (over 20 hours) are flagged
- Playback integrity — muted streams, background manipulation, and invalid playback data
If suspicious activity is detected:
- Your account may be flagged for admin review
- Pending (unmatured) earnings may be reversed
- Future streaming rewards may be paused until the flag is resolved
4. Third-Party Services
We share data with the following third-party services:
| Service | Data Shared | Purpose |
|---|---|---|
| Sentry (sentry.io) | Error traces, IP addresses, user context | Error monitoring and debugging |
| Resend (resend.com) | Email addresses, OTP codes | Email delivery (verification, password reset) |
| ip-api.com | IP addresses | Country geolocation |
| QuickNode (quicknode.com) | Wallet addresses, transaction data | BSC blockchain RPC queries |
| BlockCypher (blockcypher.com) | Bitcoin addresses | Bitcoin balance and transaction queries |
| PancakeSwap (DEX) | Wallet addresses, token amounts | Token swap execution |
| Cloudflare R2 | Uploaded files (avatars, media) | Cloud file storage |
| Upstash Redis | Rate limiting counters | API rate limiting |
| Neon (neon.tech) | All database records | Managed PostgreSQL hosting |
We do not sell your personal data to third parties.
5. Data Storage & Security
- Database — hosted on Neon (managed PostgreSQL) with SSL encryption in transit
- Passwords — hashed with bcrypt never stored in plaintext
- Crypto wallet keys — encrypted before storage
- File uploads — stored in Cloudflare R2 with access controls (audio/video require signed URLs; cover images are publicly accessible)
- Authentication tokens — JWT access tokens and refresh tokens expires and are rotated on use
- Rate limiting — API endpoints are rate-limited to prevent brute-force attacks
6. Data Retention
- Account data — retained for as long as your account is active
- Streaming data — retained indefinitely for reward calculation and fraud detection
- Transaction history — retained indefinitely (blockchain transactions are permanent)
- OTP codes — deleted after verification or expiry (10 minutes)
- Error logs — retained according to Sentry's data retention policy
7. Your Rights
You have the right to:
- Access your personal data through the app (profile, wallet, earnings, history)
- Update your profile information (name, email, avatar)
- Delete your account — you may delete your account at any time via the app. This permanently removes:
- Your profile and personal information
- Play history and playlists
- Streaming records and earnings
- Crypto wallet data (encrypted mnemonics and addresses)
- Follow relationships and notifications
- Referral relationships and suspicious activity flags
Note: Blockchain transactions are immutable and cannot be deleted from public ledgers
- Withdraw earnings — you may withdraw matured NCT earnings to external wallets before deleting your account
8. Children's Privacy
NCplay is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
9. Cookies & Tracking
NCplay is a mobile application and does not use browser cookies. We use device identifiers and JWT tokens for authentication and session management.
10. International Data Transfers
Your data may be processed and stored in regions outside your country of residence, including but not limited to:
- European Union
- United States
By using the Service, you consent to the transfer of your data to these regions.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through in-app notifications or email. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: [email protected]
Website: https://ncplays.com
Stream unlimited music and enjoy offline playback with NC Play. Download now for the ultimate music experience.
