ENCORE is used to manage music catalogues, contacts, right holders, performers, authors, agreements, declarations, claims, invoices, payment vouchers, receipts, revenue accounts, sales data, tasks, notifications, and related administration for Fusion Records MY / FRMY operations.
1. Information We Collect
We collect information that you provide directly, information generated while you use ENCORE, and information needed to operate, secure, and administer the service.
Account and identity information
We may collect and store:
- name, contact name, salutation, first name, middle name, last name, and display name;
- username, password hash, password change date, and username change date;
- user role and access permissions;
- account settings such as theme, redirect preference, and enabled features;
- authentication tokens and active session records;
- login attempt records, including username entered, time, IP address, user agent, device fingerprint, attempt status, failure reason, suspicious login indicator, and risk score.
Contact and profile information
ENCORE stores contact records for users, artists, authors, performers, right holders, customers, suppliers, media contacts, staff, and related parties. This may include:
- email addresses and phone numbers;
- postal address and country;
- contact type and role indicators such as staff, author, performer, customer, supplier, media, or local contact;
- identification information such as NRIC, foreign ID number, ID type, and related remarks;
- pseudonyms, performer names, author names, and public/professional names;
- profile photos or other uploaded profile images.
Bank, payment, and finance information
Where needed for payments, royalties, claims, invoices, vouchers, and account administration, we may collect:
- bank account holder name;
- bank name;
- bank account number;
- claim details and claim descriptions;
- invoice, bill, receipt, purchase order, and payment voucher details;
- transaction slips, payment advice files, and supporting attachments;
- revenue account balances and revenue account transactions;
- royalty and sales information imported from platforms or telco/DSP reports.
Music catalogue and rights information
ENCORE processes information related to albums, tracks, musical works, song bank entries, lyrics, audio/video assets, release metadata, Content ID metadata, rights shares, right holders, performers, composers, lyricists, producers, arrangers, publishers, ISRC, ISWC, UPC, platform URLs, and related attachments.
Some of this information may identify natural persons, especially performers, authors, composers, right holders, and payees.
Agreements, declarations, and signing information
For document workflows, ENCORE may collect:
- agreement and declaration content;
- signer names, contact IDs, email addresses, and signing status;
- signature images or typed signature data;
- date and time of viewing or signing;
- IP address recorded at signing;
- GPS/location coordinates recorded at signing where the browser location service is used and permitted;
- generated PDF documents and audit history.
Public form and subscription information
Public pages may collect information through contact forms, newsletter or update requests, notify me forms, payment uploads, claim forms, public contact update links, and document verification tools. This may include your name, email address, phone number, message content, uploaded documents, selected preferences, and reCAPTCHA response tokens.
Files and attachments
Depending on the module, ENCORE may store or process:
- profile photos;
- audio files, telco clips, artwork, lyrics, and music delivery files;
- agreement and declaration PDFs;
- claim receipts and supporting documents;
- invoice payment advice;
- payment voucher transaction slips;
- task attachments;
- media submission files or access logs.
Technical, security, and log information
We may automatically collect:
- IP address;
- browser user agent;
- device or session information;
- authentication token/session records;
- timestamps of access, login, actions, uploads, downloads, and document views;
- application logs, error logs, database connection logs, WebDAV logs, cleanup logs, and action audit logs.
2. Cookies and Similar Technologies
ENCORE uses cookies and session data to keep the application working securely. Current cookies and session mechanisms include authentication and preference-related values such as:
- authentication tokens;
- contact/session cookies used by the application to identify returning users or display account context;
- theme or preference cookies;
- PHP session cookies where required by pages and API calls.
These cookies are used for login, session validation, access control, user preferences, and security. If cookies are disabled, parts of ENCORE may not work correctly.
ENCORE also uses Google reCAPTCHA on selected public forms and verification/payment flows. Google may process technical information as part of bot and abuse prevention.
3. How We Use Information
We use information for the following purposes:
- to create and manage ENCORE accounts;
- to authenticate users and protect sessions;
- to provide role-based access to user, company, catalogue, business, contact, and administration modules;
- to manage contacts, profiles, right holders, authors, performers, customers, suppliers, media recipients, and staff;
- to administer music catalogue records, rights data, releases, assets, sales reports, and royalty/revenue account records;
- to generate, send, sign, verify, and archive agreements, declarations, invoices, receipts, claims, bills, payment vouchers, purchase orders, and related documents;
- to process claims, payments, payment advice, transaction slips, and bank/payment records;
- to send system notifications, reminders, newsletters, birthday messages, account setup links, contact update links, document completion notices, and other operational emails;
- to submit or share media materials with media recipients and track whether recipients accessed audio, lyrics, or artwork;
- to provide public verification pages for documents;
- to detect fraud, abuse, suspicious login attempts, spam, unauthorized access, and system misuse;
- to maintain audit trails and action histories;
- to troubleshoot errors, monitor system health, and improve the service.
4. Legal or Business Basis for Processing
Depending on the context, we process personal information because it is necessary to:
- provide the ENCORE service and related account access;
- perform or administer contracts, agreements, declarations, royalty arrangements, claims, invoices, and payment obligations;
- comply with accounting, tax, audit, legal, regulatory, and record-keeping obligations;
- protect the security and integrity of ENCORE;
- communicate with users, right holders, performers, authors, customers, suppliers, media contacts, and staff;
- pursue legitimate business and operational interests connected to music catalogue administration, rights management, royalty accounting, media submissions, and document management;
- obtain consent where required, such as for optional location collection during signing or optional email updates.
5. How We Share Information
We do not sell personal information. We may share information only where necessary for ENCORE operations, business administration, legal compliance, or services requested through ENCORE.
Information may be shared with:
- authorized ENCORE users and staff according to their permissions;
- signers, document recipients, payees, customers, suppliers, right holders, authors, performers, and media recipients where needed for the relevant transaction or workflow;
- email service providers and SMTP servers used to send ENCORE emails;
- WebDAV/storage infrastructure used for file storage, download, upload, and document access;
- Google reCAPTCHA for bot and abuse prevention;
- Telegram API where finance or operational notifications are sent;
- SMS service providers where SMS messages are sent;
- music platforms, DSPs, telco platforms, YouTube/Content ID workflows, or media recipients where catalogue, release, rights, or media submission information must be processed;
- hosting, database, logging, backup, and technical service providers;
- professional advisers, auditors, banks, payment processors, regulators, law enforcement, or courts where legally required or reasonably necessary.
6. Third-Party Services and Integrations
The current application setup references or uses third-party services and integrations including:
- Google reCAPTCHA;
- SMTP/email providers and PHPMailer-based email sending;
- WebDAV storage using configured upstream and downstream credentials;
- Telegram Bot API notifications;
- SMS provider configuration;
- music and media platform data fields or workflows, including YouTube, Spotify, Apple Music/iTunes, TikTok, Joox, KKBOX, Deezer, Facebook/Instagram, telco platforms, and DSP sales imports;
- public social media links to Fusion Records MY channels.
These third parties may process information according to their own privacy policies when their services are used.
7. Security
ENCORE uses authentication tokens, access checks, permissions, prepared database operations in many server-side workflows, encrypted or protected configuration outside the public document root, and audit/action logs to help protect information.
Some sensitive values, such as secure keys and service credentials, are stored outside the server document root in a secure configuration file. Some data fields, such as email, telephone, and signature-related values, may be stored in encrypted or encoded form depending on the module.
No web application can guarantee absolute security. Users should keep account credentials confidential, avoid sharing login links or tokens, and notify us promptly if they suspect unauthorized access.
8. Retention
We retain information for as long as needed for the purposes described in this Policy, including account operation, catalogue and rights administration, royalty and payment records, legal agreements, audit trails, accounting records, security monitoring, dispute resolution, and legal compliance.
Different records may have different retention periods. For example, signed agreements, declarations, invoices, payment records, royalty records, and audit logs may need to be kept longer than temporary files, reCAPTCHA tokens, or short-term operational logs.
Temporary files and logs may be cleaned up by scheduled maintenance scripts, but business records may be retained for legal, accounting, contractual, or operational reasons.
9. Your Choices and Rights
Depending on your location and relationship with ENCORE, you may have rights to:
- request access to personal information held about you;
- request correction of inaccurate or incomplete information;
- request deletion where the information is no longer required and deletion is legally permitted;
- object to or restrict certain processing;
- withdraw consent where processing is based on consent;
- request information about how your data is used or shared.
Some requests may be limited where ENCORE must retain information for contracts, accounting, legal obligations, royalty administration, fraud prevention, audit history, or document integrity.
You may update certain profile information from your account settings where available.
10. Public Links, Tokens, and Document Access
ENCORE may generate public or semi-public links for account setup, password recovery, contact updates, claims, document signing, payment submission, media submission, and document verification. These links may contain tokens or UUIDs that provide access to a specific workflow.
Do not share these links with anyone who should not access the related information. If you believe a link was shared or accessed improperly, contact us promptly.
11. Location Data for Signing
Some declaration and agreement signing flows request browser GPS/location access and record location coordinates as proof of signing location. Location access depends on your browser and device permission settings.
If you allow location access, ENCORE may store the location data with the signing record together with the signature, IP address, and signing timestamp. If you do not allow location access, the signing flow may not work or may require an alternative process.
12. Email Tracking and Notifications
ENCORE includes email notification workflows and may track operational email events, such as whether certain email content or media submission materials were accessed. For example, media submission recipients may have access timestamps recorded when they retrieve audio, lyrics, or artwork.
These records are used for operational follow-up, delivery confirmation, audit history, and service administration.
13. International Processing
ENCORE is developed in Malaysia-related business context and may be hosted, accessed, or supported using infrastructure and services that operate in different countries. Information may be transferred or processed outside your country where necessary for hosting, email delivery, storage, security, support, or business operations.
14. Children's Privacy
ENCORE is intended for business, music catalogue, royalty, document, and administration workflows. It is not intended for children. If information about a minor is required for a legitimate rights, performer, author, payment, or legal workflow, it should be provided by an authorized parent, guardian, representative, or responsible party.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in ENCORE, business operations, legal requirements, or integrations. The updated version will show a revised Last updated date.
16. Contact
For privacy questions, correction requests, or data access requests, contact:
Fusion Records MYEmail: general@frmy.my
Website: https://webapp.frmy.my