Your music, your money, your fans. Here is how we protect all three.
WAVjunkie
April 10, 2026 · 5 min read
Most platforms say they take security seriously. We want to show you exactly what that means for WAVjunkie — what we can see, what we cannot, and the specific measures in place to protect what matters most to you as an independent artist.
Trust is slow to build and fast to lose. We know that. Independent artists have spent years watching platforms make promises that turn out to be vague, change terms without meaningful notice, and treat artist data as an asset to be leveraged rather than a responsibility to be protected.
WAVjunkie is built differently. And rather than asking you to take our word for it, we want to be specific.
The infrastructure
WAVjunkie is built on SOC 2 Type II and ISO 27001:2022 certified infrastructure. These are not badges we added to a marketing page — they are independent, third-party audited certifications that verify the security practices of the infrastructure layer your data sits on.
| Certification / Measure | Status |
|---|---|
| SOC 2 Type II | ✓ Certified |
| ISO 27001:2022 | ✓ Certified |
| Data encrypted at rest | ✓ Active |
| Data encrypted in transit (TLS) | ✓ Active |
| HTTPS everywhere | ✓ Active |
| Cloudflare Turnstile bot detection | ✓ Active — login and signup |
| Sentry real-time monitoring | ✓ Active |
The live status of every platform component is publicly visible at wavjunkie.statuspage.io. If something is wrong, you will see it there before you need to contact us.
Critically, the platform status bar and bug report button are loaded above the fold on every page of WAVjunkie — before any other content renders. This is a deliberate design decision. Even during a major outage, when other parts of the platform may be unavailable, the status bar remains visible and reflects the live state of our systems. You are never left guessing whether a problem is on your end or ours.
Your music files
WAVjunkie administrators cannot access, download, or alter your uploaded music files. Your music belongs to you. Administrative file access is limited to two specific scenarios — and both are logged.
Routine maintenance
Occasionally, files become orphaned — unlinked from a release during a technical process. Administrators can identify and remove these orphaned files as part of routine platform maintenance. This is the only general file access available to the WAVjunkie team.
Fulfilment recovery
In the rare event that a confirmed purchase does not correctly trigger a download, an administrator may manually assign that file to the purchaser's download area. This action is only ever performed against verified payment confirmation and is logged internally. It exists solely to ensure a completed transaction results in the buyer receiving what they paid for.
That is the complete list of administrative file access. Nothing else.
Your financial information
WAVjunkie never stores your card details, bank account numbers, or sensitive financial credentials. Full stop.
No WAVjunkie employee or administrator can see your full bank account number, card details, or financial credentials. These are held exclusively by Stripe under their own PCI DSS compliance framework.
All payment processing is handled by Stripe. All payout information is handled by Stripe Connect. WAVjunkie only ever sees what Stripe explicitly and securely shares — transaction amounts, payout statuses, and account verification outcomes.
Your account
We want to be precise about what WAVjunkie administrators can and cannot do with your account. Not vague. Precise.
| Action | Admin access |
|---|---|
| View display name, email, role, joined date | Yes — moderation only |
| View release count, plays, earnings, purchases | Yes — moderation only |
| View flag count and compliance history | Yes — moderation only |
| Suspend artist from uploading | Yes — policy violations only |
| Suspend user account | Yes — Terms of Service violations only |
| Delete user account | Yes — at your request or under our Terms |
| Log into or access your account | No |
| View private messages or unpublished content | No |
| Access, lock, or secure your account | No |
| Force a password change | No |
Your password
WAVjunkie enforces strong password requirements at account creation and whenever a password is changed. Weak passwords are rejected automatically.
Passwords that are known to have appeared in public data breaches or credential leak databases are blocked from use entirely. This protects your account from credential stuffing attacks — where attackers use leaked passwords from other services to try to access your WAVjunkie account — even if a password you have used elsewhere has been compromised.
Login security
Every time you log in to WAVjunkie more than 24 hours after your last session, a security code is sent to your registered email address. You must enter this code to proceed. This means that even if someone has your password, they cannot access your account without also having access to your email inbox.
For artists who want to go further, WAVjunkie supports two-factor authentication via any authenticator app — Google Authenticator, Authy, 1Password, or any TOTP-compatible app. Once enabled, you will be prompted to enter a time-sensitive verification code on each login in addition to your password. 2FA is optional but strongly recommended, particularly for artists with active Stripe Connect accounts and earnings on the platform.
Two-factor authentication can be enabled at any time from your account security settings. It takes less than two minutes to set up.
Your Fan Mail subscribers
Your subscriber list belongs to you. WAVjunkie sends your campaigns on your behalf using our verified sending domain — but your subscriber data is not sold, shared with third parties, or used for any purpose other than sending the communications you authorise.
You can export your subscriber list at any time from your dashboard. If you ever close your WAVjunkie account, your subscriber data is removed within 30 days.
Frequently asked questions
Can WAVjunkie access my uploaded music files?
No. WAVjunkie administrators cannot access, download, or alter your uploaded music files. File access is limited to removing orphaned files during routine maintenance, and manually assigning purchased files to a buyer's library in the event of a verified fulfilment failure. All such actions are logged internally.
Does WAVjunkie store my bank details or card information?
No. WAVjunkie never stores your card details, bank account numbers, or sensitive financial credentials. All payment processing is handled by Stripe and all payout information is handled by Stripe Connect. No WAVjunkie employee can see your full bank account number or card details.
Does WAVjunkie have two-factor authentication?
Yes. WAVjunkie supports 2FA via any TOTP-compatible authenticator app including Google Authenticator, Authy, and 1Password. It is optional and enabled in your account security settings. All accounts also require an email security code on any login more than 24 hours after the last session.
Who owns my Fan Mail subscriber list?
You do. Your Fan Mail subscriber list belongs to you as the artist. WAVjunkie processes emails on your behalf but does not sell, share, or use your subscriber data for any purpose other than sending the campaigns you authorise.
What happens if I think my account has been compromised?
Reset your password immediately via the login page — this is the most effective immediate action since WAVjunkie cannot force a password change on your behalf. Then contact us at admin@wavjunkie.com and we will investigate promptly.
Our full security policy is published at wavjunkie.com/security. If you identify a security vulnerability, our responsible disclosure policy is at wavjunkie.com/security/disclosure.
WAVjunkie. Secure your success.
WAVjunkie — The ultimate destination for independent music.
