Skip to content
LegalSpotify Developer Terms

Spotify Developer Terms

Version 9, effective as of 8 May, 2023

Introduction

Hello and welcome to the Spotify Developer Terms (the "Developer Terms")!

Please read these terms carefully before using our developer platform.

Principles

When reviewing our Developer Terms, please keep in mind these two principles:

  1. Our users are very important to us. Let’s work together to give them tools to access, discover, manage, and share content. While doing so, please respect their data and privacy settings.
  2. We work hard to make sure that all of the content on Spotify is fully licensed so that we can compensate the people who have made it. And we have an obligation and a responsibility to make sure that this is reflected in what we support (or don’t) on our platform.

Section I Acceptance of Terms

  1. Components of the Agreement. The Developer Agreement (the “Developer Agreement”) is comprised of the following:
    1. these Developer Terms, including the Data Protection Appendix and the Developer Policy;
    2. our Terms and Conditions of Use;
    3. our Branding Guidelines; and
    4. the Documentation.
  2. Precedence. If there is an irreconcilable conflict between these Developer Terms and any other document(s) comprising the Developer Agreement, these Developer Terms shall govern. Please note that if you use any of the Spotify Widget (defined below), you will be bound by the separate Spotify Widget Terms.
  3. Acceptance of Developer Agreement. We invite you to review, download and use our Spotify Platform. Please note that this invitation is subject to your review of and agreement with the Developer Agreement. You are not required to agree to the Developer Agreement. However, if you reject the Developer Agreement, you do not have any right to use the Spotify Platform. If you use or otherwise access the Spotify Platform, you will be deemed to have accepted the Developer Agreement and entered into a legally binding contract with Spotify AB (“Spotify”, “we”, and sometimes “us”). You may not use the Spotify Platform for any purpose that is not expressly authorized in the Developer Agreement.
  4. Acceptance on Behalf of an Organization. If you are developing on behalf of an organization, you agree to the terms of the Developer Agreement for that organization and promise that you have authority to bind that organization and its parents, subsidiaries, and sister companies to the Developer Agreement. In that case, “you” and “your” will refer to that organization, its parents, subsidiaries, and sister companies.
  5. Language. In the event that the Developer Agreement, or any part thereof, is translated into other languages and there is a discrepancy between versions in different languages, the English language version shall prevail to the extent that such discrepancy is the result of an error in translation.
  6. Independent Contractors. There is no joint venture, partnership, agency, or fiduciary relationship existing between you and Spotify, and the parties do not intend to create any such relationship by the Developer Agreement.
  7. Capitalized terms not otherwise defined herein have the meaning given in our other terms and policies, including our Terms and Conditions of Use. The term “including” means “including without limitation.”
  8. If you are an Australian consumer or small business (as defined by Australian Consumer Law): These terms do not exclude or limit any statutory rights or remedies you may have under Australian Consumer Law. However, to the extent permitted by the Australian Consumer Law, Spotify’s liability for any breach of the consumer guarantees is limited to (as elected by Spotify) the resupply of the goods or services to which the breach relates or the payment of the cost of replacing the goods or resupplying the services.

Section II Definitions

Before we go any further, we think it would be helpful to define a few key terms. Any defined terms not set out in this section will be clearly defined elsewhere in these Developer Terms.

  1. Approved Devices” means only desktop computers, laptops, netbook PCs, tablets, mobile, and such other devices that we approve in writing from time to time.
  2. Audio Preview Clips” means 30-second preview clips accessible using the Spotify Platform.
  3. Data Protection Appendix” means the data protection appendix at Appendix A to these Developer Terms.
  4. Developer Agreement” has the meaning given to it in Section I.1.
  5. Developer Website” means the website at developer.spotify.com and its subdomains.
  6. Documentation” means the documents, texts and materials made available to you on our Developer Website.
  7. Non-Streaming SDA” is an SDA that does not provide any Streaming functionality.
  8. Spotify Content” means any content, data, information or material made available through the Spotify Platform, Spotify Service or by Spotify. This may include, among other things, sound recordings, short-form videos, cover art, musical works, podcasts, artist biographies, song lyrics, metadata, playlists, and user data including Spotify Personal Data.
  9. Spotify Developer Application” or “SDA” means any application, website or service that accesses the Spotify Service or Spotify Content through, or which incorporates, the Spotify Platform. Please note that Widgets are not included in the definition of an SDA.
  10. Spotify Marks” means all trademarks, service marks, logos, brand names, or trade names used to identify Spotify and its products or services.
  11. Spotify Personal Data” has the meaning given to it in the Data Protection Appendix.
  12. Spotify Platform” means our developer tools accessible (e.g. APIs, SDKs, Widgets) and documentation described on our Developer Website.
  13. Spotify Service” means the service, websites, software applications and clients provided by Spotify.
  14. Streaming” means using the Spotify Platform to enable playback of sound recordings available through the Spotify Service, including using the Spotify Platform to control a background Spotify application. Please note that the use of (i) Widgets or (ii) Audio Preview Clips, are not included in the definition of Streaming for purposes of these Developer Terms.
  15. Streaming SDA” is an SDA or Approved Device that provides Streaming functionality or some subset of Streaming functionality, regardless of whether it also provides additional functionality.
  16. Term” has the meaning given to it in Section IX.8
  17. Widgets” means the widgets made available via the Spotify Platform, including the Spotify Play Button (or any iteration thereof) and the Spotify Follow Button. As noted above, the use of Widgets are governed by the Spotify Widget Terms of Use.

Section III Licenses and Permissions

  1. License to Developer. Subject to and conditional upon your compliance at all times with the Developer Agreement, Spotify grants to you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right during the Term to do the following:
    1. Streaming and Non-Streaming SDAs. Use the Spotify Platform to develop and distribute Streaming SDAs and Non-Streaming SDAs that comply with the Branding Guidelines: (i) for private personal use; and (ii) on Approved Devices; and (iii) in accordance with the Developer Policy.
    2. Spotify Platform. Distribute the Spotify Platform only in binary form as part of an SDA, make a reasonable number of copies of the Spotify Platform, and use the Spotify Platform to access and use Spotify Content as necessary for the sole purpose of operating the SDA.
    3. Use the Spotify Marks. Use any of the Spotify Marks found in the Branding Guidelines solely to promote your use, and the results of your use, of the Spotify Platform. You agree that, except for the limited license above, these Developer Terms do not grant you any rights to the Spotify Marks and that all goodwill generated through your use of such marks is to the sole benefit of Spotify. If you use any Spotify Marks, you will at no time contest or aid in contesting the validity or ownership of those Spotify Marks or Spotify’s rights in them, including applying to register any trademark, trade name or other designation that is confusingly similar to the Spotify Marks.
  2. No Grant of Proprietary Rights. Except as expressly granted in these Developer Terms, neither party grants the other party any intellectual property rights or other proprietary rights. As between you and Spotify, Spotify, its corporate affiliates, and its applicable licensors retain all intellectual property rights (including all patent, trademark, copyright, trade secret, and other proprietary rights) in and to the Spotify Platform (including its documentation and specifications), Spotify Content, the Spotify Service, and any derivative works thereof.
  3. Third Party Software. The Spotify Service and Spotify Platform may include open source software or third party software. Any such software is made available to you under the terms of the applicable licenses. Please review information here for the applicable notices and license terms related to the Spotify Platform.
  4. License to Spotify. For the duration of these Developer Terms, you grant to us a paid-up, royalty-free, non-exclusive, worldwide, transferable, sublicensable, irrevocable right and license, under all of your intellectual property rights, to:
    1. Use, perform, make available, display to the public, reproduce, distribute, and import your SDA and your name, likeness, or brand (which includes all of your trademarks, service marks, logos, brand names or trade names, your “Marks”) solely to the extent necessary for us to provide the Spotify Platform and Spotify Service;
    2. Link to and direct users to your SDA; and
    3. Sublicense the foregoing rights to our corporate affiliates or any third parties that are working with us as development partners, hosting facilities, and in similar capacities, in order to enable them to perform their services for us.
  5. Upon Termination. Following the termination of the Developer Terms and upon written request from you, Spotify shall make commercially reasonable efforts, as determined in its sole discretion, to remove references and links to your SDA and any of your Marks from the Spotify Service. Spotify shall have no other obligation to delete copies of, or references or links to, your SDA.

Section IV Restrictions

  1. Our developer policy. Make sure to read our Developer Policy which sets out some of the key restrictions and principles when developing with the Spotify Platform.
  2. General restrictions.
    1. Misuse of the Spotify Platform. Do not misuse the Spotify Platform, including by
      1. using the Spotify Platform or any Spotify Content to train a machine learning or AI model or otherwise ingesting Spotify Content into a machine learning or AI model;
      2. modifying, editing, altering, creating derivative works, disassembling, decompiling, reverse-engineering, or extracting source code from the Spotify Platform (including any client libraries), Spotify Service, or Spotify Content (except to the extent such restrictions are expressly prohibited by law). You may adjust the size of metadata or cover art as necessary;
      3. distributing or making copies of the Spotify Platform or making the Spotify Platform available to any person, except as expressly provided in these Developer Terms; or
      4. interfering, or attempting to interfere, with the proper functioning or performance of the Spotify Platform or Spotify Service.
    2. Unauthorized access. Do not facilitate unauthorized access to the Spotify Service or Spotify Content, including
      1. enabling access to, or use of, the Spotify Service or Spotify Content in violation of the Developer Agreement;
      2. attempting to circumvent or render ineffective any geographical restrictions, including IP address-based restrictions; or
      3. facilitating “stream ripping” or other functionalities that make it easier for users to capture or otherwise make permanent copies of Spotify Content.
    3. Illegal or unauthorized purpose. Do not use the Spotify Platform, Spotify Service or Spotify Content for any illegal or unauthorized purpose, including:
      1. failing to comply with applicable laws and regulations; or
      2. misusing Spotify Intellectual Property, such as using Spotify Marks as part of the name of your company or service.
    4. Improper use. Do not improperly access, alter or store the Spotify Service or Spotify Content, including
      1. using any robot, spider, site search/retrieval application, or other tool to retrieve, duplicate, or index any portion of the Spotify Service or Spotify Content (which includes playlist data) or collect information about Spotify users for any unauthorized purpose;
      2. making excessive service calls that are not strictly required for the proper functioning of your SDA;
      3. requesting, collecting, soliciting or otherwise obtaining access to user names, passwords, or other authentication credentials for the Spotify Service, other than through the means specifically provided for by the Spotify Platform and as strictly necessary to offer and operate your SDA.
    5. Transfer to third parties. Except as otherwise set out in these Developer Terms, do not transfer Spotify Content to third parties, including directly or indirectly transferring any data (including aggregate, anonymous or derivative data) received from Spotify to, or use such data in connection with, any ad network, ad exchange, data broker, or other advertising or monetization-related toolset, even if a user consents to such transfer or use. You may transfer Spotify Content to third party data processors, such as server providers for providing your SDA and consistent with your privacy policy and the permissions users have given you. You are responsible for any acts or omissions of those third parties.
    6. Harmful code. Do not use any viruses, worms, Trojan horses, or any other harmful code that could affect the Spotify Platform, Spotify Service, Spotify Content, Spotify users and/or their devices.
    7. Liability and reputation. Do not take any action in connection with the Developer Agreement, that could:
      1. create liability for Spotify;
      2. adversely affect Spotify’s commercial reputation; or
      3. otherwise reflect unfavorably on Spotify, including any action that may damage, disparage, or be detrimental to Spotify, the Spotify Service, Spotify Content, or Spotify’s content providers, corporate affiliates, and partners.
    8. Do not use the Spotify Platform, Spotify Content, Spotify Service, or Spotify Marks in any way to promote or distribute an application, product, service, website, or other offering, including any SDA that:
      1. is associated with, promotes, features, encourages, facilitates, or condones (a) illegal activity or the illegal or unauthorized use or sharing of audio and/or audiovisual content; (b) violence; (c) political positions or political candidates and/or religious causes; (d) the sale or advertisement of tobacco products, ammunition, firearms, and/or pornography;
      2. contains content that (a) is illegal, obscene, sexually explicit, deceptive or fraudulent; (b) could be considered offensive, defamatory, malicious, or discriminatory in any way, including on the basis of race, disability, sex, sexual orientation, or religion, or otherwise violates the user guideline set out in the Spotify Terms and Conditions of Use;
      3. infringes any intellectual property or other right of Spotify or any third party, including any right of privacy, publicity, copyright, trademark, patent, or contractual right; or
      4. used to harass, embarrass, harm, or improperly target any Spotify user or artist.
  3. Storing Spotify Content
    1. Storing and displaying content.
      1. Except as otherwise set out in these Developer Terms, you may not store, aggregate or create compilations or databases of Spotify Content, other than as strictly necessary to operate your SDA. You must use reasonable efforts to ensure that any data you display to users is the most up to date data available through the Spotify Platform, and to delete older data. Do not store Spotify Content indefinitely.
      2. Spotify Personal Data (as defined in the Data Protection Appendix) must be stored and deleted in accordance with Section V.
    2. Local caching. Do not locally cache any Spotify Content, except as strictly necessary to enhance the performance of your SDA and its functionality, and limited to the temporary caching of:
      1. metadata and cover art; or
      2. Conditional Downloads of sound recordings. Caching of Conditional Downloads of sound recordings must only be available to subscribers to the Premium Service. “Conditional Downloads” means time-limited offline syncing.

Section V Users & Data

  1. You agree that the Data Protection Appendix shall govern any processing by you of Spotify Personal Data (as defined in the Data Protection Appendix), and that it is expressly incorporated into these Developer Terms.
  2. You agree not to circumvent any privacy features (e.g., opt outs) offered by Spotify, you, or by third parties.
  3. You will only request the data you need to operate your SDA.
  4. When users connect with your SDA, they may consent to the sharing of certain categories of Spotify Personal Data with you, with those categories selected by you in advance. For all other Spotify Personal Data obtained through use of the Spotify Platform, you must obtain explicit consent from the user who provided the data to us before using it for any purpose other than displaying it back to the user on your SDA.
  5. You will not sell any Spotify Content or other data obtained from Spotify.
  6. You will not email Spotify users unless you obtain their explicit consent or obtain their email address and permission through means other than Spotify.
  7. You may only process Spotify Personal Data for as long as is necessary to provide your SDA to the applicable user, and consistent with the specific consent they’ve granted to you.
  8. You must provide all users with a working and easily accessible mechanism to disconnect their Spotify Service account from your SDA at any time and provide clear instructions on how to do so. Further, when a user disconnects their Spotify Service account or otherwise expresses an intent to prevent your SDA from accessing their data, you agree to delete and no longer request or process any of that user’s Spotify Personal Data.
  9. If Spotify informs you of a Spotify user having required rectification, erasure or restriction of processing of Spotify Personal Data to you, you must comply with such requests.
  10. Prior to using the Spotify Platform, you must have in place industry standard security and protections for any Spotify Content (including Spotify Personal Data) in your possession and/or control. You are also responsible for the security measures used by third parties providing services to you.
  11. You must display and require end users to agree to an enforceable end user agreement reflecting at least the following minimum terms:
    1. not make any warranties or representations on behalf of Spotify and expressly disclaim all implied warranties with respect to the Spotify Platform, Spotify Service and Spotify Content, including the implied warranties of merchantability, fitness for a particular purpose and non-infringement;
    2. prohibit modifying or creating derivative works based on the Spotify Platform, Spotify Service or Spotify Content;
    3. prohibit decompiling, reverse-engineering, disassembling, and otherwise reducing the Spotify Platform, Spotify Service, and Spotify Content to source code or other human-perceivable form, to the full extent allowed by law;
    4. state that you are responsible for your products and disclaim any liability on the part of third parties (e.g., Spotify);
    5. state that Spotify is a third party beneficiary of your end user license agreement and privacy policy and is entitled to directly enforce your end user license agreement.
  12. You must display a privacy policy to end users before they install or signup to your SDA. You will make a complete and accurate disclosure to end users of the privacy practices and policies applicable to your SDA, including notice to the end user:
    1. that your collection and use of data is subject to your privacy policy;
    2. of the information you collect from users;
    3. about how you collect, use, and share that information;
    4. about how users can contact you with inquiries regarding their information;
    5. about your use of Cookies;
    6. whether you allow third parties to place Cookies on users’ browsers in order to collect information about their browsing activities; and
    7. about users’ options for Cookie management.
  13. Any access, use, processing, and disclosure of Spotify Personal Data shall comply with (i) these Developer Terms; (ii) your end user agreement and privacy policy; (iii) the permissions and consents obtained from users, if applicable; (iv) the requirements of any data transfer solution implemented in accordance with paragraph 3 in the Data Protection Appendix; and (v) applicable laws and regulations.
  14. If your application contains content submitted or provided by third parties, you must comply with the following rules:
    1. In the United States, you must take all steps required to fall within the applicable safe harbors of the Digital Millennium Copyright Act including designating an agent to receive notices of claimed infringement, instituting a repeat infringer termination policy and implementing a “notice and takedown” process.
    2. In other countries, you must comply with local copyright laws and implement an appropriate “notice and takedown” process upon receiving a notice of claimed infringement.

Section VI Access, Usage and Quotas

  1. Security Codes
    1. As described on our Developer Website, to access and use certain tools provided by the Spotify Platform, you must link your Spotify Service account to a developer account. You will be issued one or more unique I.D.s, client I.Ds, keys, passwords, security codes, or tokens (each a “Security Code”) for accessing the Spotify Platform and managing your account. You agree to provide Spotify with accurate, complete and updated registration and contact information.
    2. You may only access your account with the Security Codes provided by Spotify and the appropriate Security Code must be embedded in your SDA, including in all updates and revisions, in a secure manner not accessible by third parties. You must use a separate Security Code for each SDA. You may not use more than one Security Code for each SDA. If you are developing a Streaming SDA, each call to the Spotify Platform must incorporate a valid Security Code.
    3. You may not sell, transfer, sublicense or otherwise disclose your account or Security Codes to any other party or use it for any other purpose except in connection with your SDA.
    4. You are responsible for maintaining the confidentiality of your account and Security Codes. You agree to notify Spotify immediately if you believe that your account or Security Codes have been compromised and cooperate with Spotify in the investigation of any compromised Security Codes. You are fully responsible for all activities that occur using your account and Security Codes, regardless of whether such activities are undertaken by you or a third party.
  2. Limitations on Use of Spotify Platform. Spotify may limit the number of service calls that your SDA may make, the volume of Spotify Content that may be accessed, or anything else about the Spotify Service as Spotify deems appropriate, in its sole discretion, without notice. Spotify may use technical measures to prevent over-usage or stop usage of the Spotify Platform.
  3. App Reviews. We may review your SDA for compliance from time to time, in our sole discretion. You will cooperate with our reviews and provide any information we request thereof.
  4. Monitoring Usage. You agree that Spotify may monitor your use of, and collect usage data related to, the Spotify Platform to ensure quality, improve the Spotify Service and verify your compliance with the Developer Agreement. You agree not to block or interfere with such efforts and to provide us with reasonable access to information related to your compliance with the Developer Agreement. Spotify may use any technical means to overcome any interference. At our sole discretion we may request, and you will provide, proof that your SDA and any content within your SDA is properly licensed.
  5. Cooperation. You agree to cooperate with Spotify in pursuing any violations of the prohibition against ripping or other capture of streamed content.
  6. Modification of Spotify Platform. Spotify reserves the right to modify the Spotify Platform and to release subsequent versions of the Spotify Platform at any time without notice to you. You may be required to obtain and use the most recent version of the Spotify Platform in order for your SDA to function.
  7. Usage and Quotas.
    1. Spotify may use quotas and place use restrictions to ensure that the Spotify Platform is accessed and used as intended and in accordance with the Developer Agreement.
    2. If your SDA reaches a quota limit, you can apply for a quota extension using the forms provided to you. In that case, your quota extension application must specify the use case for which you need the extension. Spotify makes no promise or guarantee that your quota extension request will be approved.
    3. If Spotify grants an additional quota, you must use the additional quota granted only for the use case that Spotify reviewed. If any of the information you provided to Spotify when requesting the quota changes, you must notify Spotify of the change by submitting the new information to Spotify prior to using the quota extension for a non-reviewed use case.

Section VII Intellectual Property & Confidential Information

  1. Intellectual property.
    1. Spotify respects intellectual property rights, and expects you to do the same. The Spotify Platform, Spotify Service, Spotify Content and any Spotify Marks (our “Intellectual Property”) are the property of Spotify or Spotify’s licensors and protected by intellectual property rights. You do not have the right to use the Intellectual Property in any manner not covered by the Developer Agreement.
    2. Nothing in the Developer Agreement shall be construed to convey, and by virtue of the Developer Agreement you will not acquire, any ownership interest in the Intellectual Property.
    3. You will not contest, or assist others in contesting, the validity, enforceability, ownership, or title of any Intellectual Property. You agree not to attempt to use or register any trademark or domain name that includes the word “Spotify,” any other Spotify trademark, or any name that is confusingly similar to any of them.
    4. Further, you may not remove or alter any copyright, copyright protection technology, trademark, or other intellectual property notice contained in or provided through Spotify’s Intellectual Property.
  2. Confidentiality. In your interactions with Spotify, you may be given access to certain non-public information, software, specifications, or code (“Confidential Information”), which is confidential and proprietary to Spotify. You may use this Confidential Information only as necessary in exercising such rights as are granted to you in these Developer Terms. You may not disclose any of this Confidential Information to any third party without Spotify’s prior written consent. You further agree that you will protect this Confidential Information from any unauthorized use, access, or disclosure with no less than a reasonable degree of care than your own confidential information.

Section VIII Representations and Warranties, Limitation of Liability, Indemnification, Disclaimers, Release

  1. Representations and warranties. In addition to any other representations, warranties and covenants made by you, you represent, warrant and covenant to Spotify that:
    1. You have the legal capacity to enter into these Developer Terms;
    2. Any and all information you provide to Spotify is and shall be true, accurate, complete and up to date;
    3. You possess all authorizations, approvals, consents, licenses, permits, and other rights and permissions necessary to provide your SDA and perform your obligations hereunder;
    4. You own or have secured all rights necessary to copy, display, distribute, render, and publicly perform all content (other than Spotify Content) on or within your SDA or website;
    5. Your use of the Spotify Platform complies with all applicable laws and regulations, including any right of privacy, publicity, copyright, trademark, patent, trade secret or contractual right; and
    6. Your use of the Spotify Platform shall not infringe any intellectual property or other rights of Spotify or any third party, including any right of copyright, trademark, patent, privacy, publicity, or contractual right.
  2. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SPOTIFY, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SHAREHOLDERS, LICENSORS, LICENSEES, ASSIGNS OR SUCCESSORS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY: (I) INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE EXEMPLARY, OR CONSEQUENTIAL DAMAGES : (2) ANY LOSS OF USE, DATA, BUSINESS OR PROFITS (WHETHER DIRECT OR INDIRECT) ARISING OUT OF THE USE OF, OR INABILITY TO USE, THE SPOTIFY SERVICE, SPOTIFY CONTENT, OR THE SPOTIFY PLATFORM, INCLUDING ANY DAMAGES RESULTING THEREFROM, REGARDLESS OF THE FORM OF THE ACTION OR THE BASIS OF THE CLAIM, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR ONLY RIGHT WITH RESPECT TO ANY PROBLEMS OR DISSATISFACTION WITH THE SPOTIFY PLATFORM IS TO STOP USING THE SPOTIFY PLATFORM. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN TYPES OF DAMAGES REFERRED TO ABOVE (INCLUDING INCIDENTAL OR CONSEQUENTIAL DAMAGES). ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. YOU AGREE THAT SPOTIFY’S AGGREGATE LIABILITY UNDER THESES DEVELOPER TERMS IS LIMITED TO FIVE HUNDRED DOLLARS ($500).
  3. INDEMNIFICATION. YOU SHALL INDEMNIFY AND HOLD SPOTIFY AND ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SHAREHOLDERS, LICENSORS, LICENSEES, ASSIGNS OR SUCCESSORS HARMLESS FROM ANY CLAIM OR DEMAND (INCLUDING REASONABLE ATTORNEY FEES AND COSTS OF INVESTIGATION) MADE BY A THIRD PARTY DUE TO OR ARISING OUT OF OR RELATED TO YOUR USE OF THE SPOTIFY PLATFORM, SPOTIFY SERVICE OR SPOTIFY CONTENT OR YOUR VIOLATION OF THE TERMS OF THESE DEVELOPER TERMS OR YOUR VIOLATION OF ANY LAWS, REGULATIONS, OR THIRD PARTY RIGHTS.
  4. DISCLAIMERS.
    1. ANY USE OF THE SPOTIFY PLATFORM IS AT YOUR OWN RISK. THE SPOTIFY PLATFORM IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. THERE IS NO WARRANTY, EXPRESSED OR IMPLIED, AS TO THE SPOTIFY PLATFORM, SPOTIFY SERVICE OR SPOTIFY CONTENT, INCLUDING ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. NO ADVICE OR INFORMATION, WHETHER ORAL OR IN WRITING, OBTAINED BY YOU FROM SPOTIFY SHALL CREATE ANY WARRANTY ON BEHALF OF SPOTIFY IN THIS REGARD.
    2. SPOTIFY EXPRESSLY DISCLAIMS ANY WARRANTY THAT: (I) THE SPOTIFY PLATFORM, SPOTIFY SERVICE OR SPOTIFY CONTENT WILL MEET ALL OF YOUR REQUIREMENTS; (II) THE OPERATION OF THE SPOTIFY PLATFORM, THE SPOTIFY SERVICE OR THE SPOTIFY CONTENT WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR (III) THE SPOTIFY PLATFORM, SPOTIFY SERVICE OR SPOTIFY CONTENT WILL PROVIDE RESULTS THAT ARE ACCURATE OR RELIABLE OR CONSISTENT WITH YOUR EXPECTATIONS.
    3. Further, Spotify has no obligation to provide you or any users of your SDA with support, software upgrades, enhancements, or modifications to the Spotify Platform or Spotify Service. You are solely responsible for providing user support and any other technical assistance to your users.
  5. Limitations Period and Release. You agree that any claim arising out of or related to the Spotify Platform, Spotify Service or Spotify Content or otherwise arising out of these Developer Terms must be brought within one year after the claim accrues. Otherwise such claim is permanently barred. In addition, if you have a dispute with one or more third parties (for example, Spotify users or account holders) in connection with the Spotify Platform, Spotify Service, Spotify Content, or these Developer Terms, you release Spotify and its corporate affiliates and any of their officers, directors, employees, agents, shareholders, licensors, licensees, assigns or successors, for any and all damages, liabilities, causes of action, judgments and claims arising out of or in any way connected with such disputes. To the extent that California Civil Code 1542 is applicable to you, you waive California Civil Code 1542 with respect to the foregoing claims described in this paragraph: “A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which if known by him must have materially affected his settlement with debtor.”
  1. Entire Agreement. The Developer Agreement constitutes the entire agreement between you and Spotify with respect to your use of the Spotify Platform and supersede any prior agreements, whether oral or written, concerning the subject matter of these Developer Terms, except and then only to the extent that you have entered into a Separate Agreement or the Spotify Widgets Terms of Use. A “Separate Agreement” is a written agreement between and executed by Spotify and you governing your use of the Spotify Platform.
  2. Changes to the Agreement. We may revise these Developer Terms from time to time and the most current version will always be posted on our website, so please check it regularly. If a revision is material we will notify you (for example via our developer blog or by email). By continuing to access or use the Spotify Platform after revisions become effective, you agree to be bound by the revised Developer Terms. If you do not agree to the new terms, you must terminate these Developer Terms, stop using the Spotify Platform, delete all Spotify Content and cease all operation, promotion, distribution and support of all your products and services that rely on the Spotify Platform.
  3. Non-exclusive Agreement and Competition.
    1. These Developer Terms are a non-exclusive agreement. Please understand that Spotify and/or other third parties (including other developers) may be developing and may develop products and services that may be similar to or competitive with your SDA, website or other products or services provided by you. Nothing in these Developer Terms shall in any way restrict or preclude Spotify and/or such third parties from creating and fully exploiting such products, services or other business activities without any obligation to you.
    2. If you provide Spotify with any feedback (including suggestions, comments, improvements, ideas, etc.), you assign all right, title and interest in and to such feedback to Spotify and acknowledge that we will be entitled to use, implement and exploit any such feedback in any manner without restriction, and without any obligation of confidentiality, attribution, accounting or compensation.
  4. Export. You agree to comply with all applicable export and re-export control laws and regulations, including, without limitation, the EAR, and trade and economic sanctions maintained by OFAC. Specifically, you not to – directly or indirectly – use, sell, export, reexport, transfer, divert, release, or otherwise dispose of any products, software, or technology (including products derived from or based on such technology) received from Spotify under the Developer Agreement to any destination, entity, or person, or for any end-use prohibited by the EAR, trade and economic sanctions maintained by OFAC, or any applicable laws or regulations of the United States or any other jurisdiction without obtaining prior any required authorization from the competent government authorities as required by those laws and regulations.
  5. Assignment. You may not assign any of your rights or delegate any of your duties under these Developer Terms, in whole or in part, to any person or entity. Spotify may assign, delegate or novate these Developer Terms or any part thereof to any third party without restrictions.
  6. Third Parties. Each corporate affiliate of Spotify shall be a third party beneficiary to these Developer Terms, and such corporate affiliates shall be entitled to directly enforce, and rely upon, any provision of these Developer Terms which confers a benefit on them (including the right to enforce your end user license agreement). Other than the preceding sentence and Section V.12, nothing in these Developer Terms shall create any third party beneficiaries, or confer any rights in any third parties.
  7. Publicity. You may not suggest a partnership with, sponsorship by, or endorsement by Spotify without Spotify’s prior written approval. You permit Spotify to make public statements about your use of the Spotify Platform at any time.
  8. Term, Suspension, Termination and Survival.
    1. These Developer Terms begin on either (i) the date you demonstrate your acceptance of the Developer Terms or (ii) when you first use the Spotify Platform, and shall continue until terminated (the “Term”) as permitted under these Developer Terms.
    2. Compliance with the provisions of these Developer Terms is very important. Any licenses contained in these Developer Terms will terminate automatically and without notice if you fail to comply with them.
    3. We may take enforcement action against you and your SDA, for example, if we believe in our sole discretion that: (a) you have not responded in a timely manner to our requests related to reviews, monitoring and audit; (b) you or your app has violated the Developer Agreement or any other applicable terms and policies or is negatively impacting the Spotify Platform, Spotify Content or associated creators or rightsholders; (c) in order to comply with applicable legal or regulatory requirements or to protect Spotify and its group companies from legal, reputational or regulatory liability.
    4. We may take enforcement action at any time, including while we investigate your SDA. We may or may not notify you in advance. Enforcement can include revoking your Security Codes, disabling your SDA, restricting your, and your SDA’s, access to the Spotify Platform (including its functionality), requiring you to delete data, terminating the Developer Terms or Developer Agreement with you, or any other action that we deem appropriate.
    5. We may suspend or end your access to the Spotify Platform or individual permissions that your SDA has not used or accessed within a 90-day period with or without notice to you.
    6. Spotify may terminate these Developer Terms by notice to you of termination or by terminating your ability to use the Spotify Platform. You may terminate these Developer Terms by ceasing all use of the Spotify Platform and notifying Spotify.
    7. Upon any termination or notice of any discontinuance, you must immediately cease and desist from using the Spotify Platform and delete all Spotify Content (including Spotify Personal Data) obtained through use of the Spotify Platform (including from your servers).
    8. Spotify has no obligation to maintain, support, upgrade, or update the Spotify Platform or Spotify Service, or to provide all or any specific content. We use reasonable efforts to keep the Spotify Service and Spotify Platform operational, however, certain issues, such as technical maintenance, may from time to time result in temporary interruptions and Spotify and/or the owners of Spotify Content may remove any Spotify Content, all without notice. Except where prohibited by law, Spotify has no liability for any interruption, modification, or discontinuation of the Spotify Service, Spotify Platform, Spotify Content any function or feature thereof.
    9. Sections III.2, III.4, III.5, IV, V, VI, VII, VIII.3, VIII.5, VIII.6, IX.8, IX.10, and X of these Developer Terms (or any section necessary to interpret such sections) shall survive any termination or expiration of these Developer Terms and will continue to bind you.
  9. Severability. Should for any reason, or to any extent, any provision of these Developer Terms be held invalid or unenforceable, such invalidity or enforceability shall not affect or render invalid or unenforceable the remaining provisions of these Developer Terms and the application of that provision shall be enforced to the extent permitted by law.
  10. Governing Law and Venue.
    1. These Developer Terms are governed by and construed in accordance with the laws of the State of California without regard to conflicts of law principles, except to the extent California law is preempted by United States Federal Law, including the Federal Arbitration Act.
    2. To the extent Section IX.10.a is not enforceable, these Developer Terms shall be governed by and construed in accordance with the laws of Sweden without regard to conflicts of law principles.
    3. Any dispute, claim or controversy arising out or in connection with these Developer Terms that is not subject to mandatory arbitration under Section X shall be subject to the exclusive jurisdiction of the state and federal courts of San Francisco Country, California.
    4. To the extent Section IX.10.c is not enforceable, any dispute, claim or controversy arising out of or in connection with these Developer Terms shall be subject to the exclusive jurisdiction of the courts of Sweden.
    5. If you are an Australian consumer or small business (as defined by Australian Consumer Law) Sections IX 10.a to IX.10.d inclusive shall not apply, and these Developer Terms shall be governed by and construed in accordance with the laws of New South Wales, Australia and the courts of New South Wales, Australia will have exclusive jurisdiction over any dispute, claim or controversy arising out of or in connection with these Developer Terms.
  11. No Waiver. The failure or delay by Spotify to exercise or enforce any right or provision of these Developer Terms or rights under applicable law shall not constitute a waiver of any such provisions or rights.

Section X Arbitration Agreement

This Section X (the “Arbitration Agreement”) which requires mandatory arbitration, applies to you if your performance under these Developer Terms will occur in whole or in part in the United States. It also applies if any part of your performance under these Developer Terms will occur in any other jurisdiction in which this Section X is enforceable:

  1. Dispute Resolution and Arbitration. You and Spotify agree that any dispute, claim, or controversy between you and Spotify arising in connection with or relating in any way to these Developer Terms or to your relationship with Spotify (whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and whether the claims arise during or after the termination of these Developer Terms) will be determined by mandatory binding individual (not class) arbitration. You and Spotify further agree that the arbitrator shall have the exclusive power to rule on his or her own jurisdiction pursuant to these Developer Terms, including any objections with respect to the existence, scope or validity of the arbitration agreement or to the arbitrability of any claim or counterclaim. Arbitration is more informal than a lawsuit in court. THERE IS NO JUDGE OR JURY IN ARBITRATION, AND COURT REVIEW OF AN ARBITRATION AWARD IS LIMITED. There may be more limited discovery than in court. The arbitrator must follow this agreement and can award the same damages and relief as a court (including attorney fees), except that the arbitrator may not award any relief, including declaratory or injunctive relief, benefiting anyone but the parties to the arbitration. This arbitration provision will survive termination of these Developer Terms.
  2. Exceptions. Notwithstanding Section X.1 above, you and Spotify both agree that nothing in this Arbitration Agreement will be deemed to waive, preclude, or otherwise limit either of our rights, at any time, to (1) bring an individual action in a U.S. small claims court; (2) pursue enforcement actions through applicable U.S. federal, state, or local agencies where such actions are available; (3) bring an individual action seeking only temporary or preliminary injunctive relief in a court of law, pending a final ruling from an arbitrator.
  3. No Class or Representative Proceedings: Class Action Waiver. YOU AND SPOTIFY AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION. Unless both you and Spotify agree, no arbitrator or judge may consolidate more than one person’s claims or otherwise preside over any form of a representative or class proceeding.
  4. Arbitration Rules: U.S. Performance. This Section governs arbitration proceedings if your performance under these Developer Terms will occur entirely inside the United States. Either you or we may start arbitration proceedings. Any arbitration between you and Spotify will take place under the rules and procedures of the American Arbitration Association (“AAA”) then in force (the “AAA Rules”), as modified by this Arbitration Agreement. You and Spotify agree that the Federal Arbitration Act applies and governs the interpretation and enforcement of this provision (despite the choice of law provision above). The AAA Rules, as well as instructions on how to file an arbitration proceeding with the AAA, appear at www.adr.org, or you may call the AAA at 1-800-778-7879. Any arbitration hearings will take place in New York, New York, or at a location mutually agreed upon by the parties, provided that if the claim is for $25,000 or less, you may choose whether the arbitration will be conducted (1) solely on the basis of documents submitted to the arbitrator; (2) through a telephonic hearing, which neither the parties nor witnesses need to attend in person; or (3) by an in-person hearing as established by the AAA Rules in the U.S. county (or parish) in which you have your principal place of business. If you choose to file an arbitration proceeding and your claim is for $10,000 or less, Spotify will (a) reimburse you for any AAA filing fee and (b) pay any other arbitration fees, including your share of arbitrator compensation, unless otherwise required by AAA rules or court order. If your claim is between $10,000 and $25,000, you will be responsible for the filing fee but Spotify will pay any other arbitration fees. If your claim exceeds $25,000, you will be responsible for the filing fee and for your share of any other fees, consistent with the AAA rules. Regardless of the manner in which the arbitration is conducted, the arbitrator shall issue a reasoned written decision sufficient to explain the essential findings and conclusions on which the decision and award, if any, are based. The arbitrator may make rulings and resolve disputes as to the payment and reimbursement of fees or expenses at any time during the proceeding and upon request from either party made within 14 days of the arbitrator’s ruling on the merits.
  5. Arbitration Rules: Non-U.S. Performance. This Section governs arbitration proceedings if your performance under these Developer Terms will occur entirely outside the United States. Either you or we may start arbitration proceedings. Any dispute, claim or controversy arising out of or in connection with these Developer Terms shall be finally settled by arbitration in accordance with the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce (“SCC Rules”), as modified by this Arbitration Agreement, and administered by the Arbitration Institute of the Stockholm Chamber of Commerce (“SCC”). The SCC Rules, as well as instructions on how to file an arbitration proceeding with the SCC, appear at https://sccinstitute.com/, or you may call the SCC at +46 8 555 100 00. Spotify can also help put you in touch with the SCC. The arbitral tribunal shall be composed of a sole arbitrator to be appointed by the SCC. The seat of the arbitration shall be Stockholm, Sweden, and the arbitration shall be held, and the award shall be rendered, in the English language. Any arbitration hearings will take place in Stockholm, Sweden, or at a location mutually agreed upon by the parties, provided that if the claim is for $25,000 or less, you may choose whether the arbitration will be conducted (1) solely on the basis of documents submitted to the arbitrator, or (2) through a telephonic hearing, which neither the parties nor witnesses need to attend in person. The award shall be final and binding on the parties and may be entered and enforced in any court having jurisdiction.
  6. Notice; Process. A party who intends to seek arbitration must first send a written notice of the dispute to the other, by certified mail or Federal Express, UPS, or Express Mail (signature required), or in the event that we do not have a physical address on file for you, by electronic mail (“Notice”). Spotify’s address for Notice is: Spotify AB, Attn: Legal Department, 150 Greenwich St 62nd floor, New York, NY 10007, United States. The Notice must (1) describe the nature and basis of the claim or dispute; and (2) set forth the specific relief sought (“Demand”). We agree to use good faith efforts to resolve the claim directly, but if we do not reach an agreement to do so within 30 days after the Notice is received, you or Spotify may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by you or Spotify shall not be disclosed to the arbitrator until after the arbitrator makes a final decision and award, if any. All documents and information disclosed in the course of the arbitration shall be kept strictly confidential by the recipient and shall not be used by the recipient for any purpose other than for purposes of the arbitration or the enforcement of arbitrator’s decision and award and shall not be disclosed except in confidence to persons who have a need to know for such purposes or as required by applicable law.
  7. Enforceability. If any portion of this Arbitration Agreement is found to be unenforceable in court or in arbitration, then the entirety of the Arbitration Agreement shall be null and void and, in such case, the parties agree that the exclusive jurisdiction and venue described in Section IX.10. shall govern any action arising out of or related to these Developer Terms.

Appendix A Data Protection Appendix

This Data Protection Appendix (Appendix) shall apply if you (“you” or “Developer”) access, receive, use, store or otherwise process Spotify Personal Data . The parties agree that this Appendix shall be incorporated into, and form part of, the Developer Terms.

1. Definitions and Interpretation

Terms defined in the Developer Agreement shall have the same meaning when used in this Appendix, unless defined differently in this Appendix.

For purposes of this Appendix, “Affiliate” shall mean any entity that directly or indirectly controls, is controlled by, or is under common control with a party; “Applicable Laws” shall mean all laws, regulations and regulatory policies, guidelines or industry codes of any competent industry body that are applicable to Spotify, Spotify Personal Data, the Spotify Service, you and the GDPR; “Personal Data” shall mean any data falling within the definition of “personal data” under the General Data Protection Regulation 2016/679 or any replacement legislation, as applicable and including the UK’s Data Protection Act 2018 (“GDPR”); “Spotify” shall mean the Spotify entity which is party to the Developer Terms; and “Spotify Personal Data” shall mean any Personal Data in respect of which Spotify or a Spotify Affiliate is a data controller, which you process in connection with the Developer Terms.

Terms defined in the GDPR, as applicable, shall have the same meaning when used in this Appendix, unless defined differently in this Appendix.

2. Your Role

You acknowledge that you shall be acting as an independent Data Controller in respect of Spotify Personal Data. If circumstances arise where you are acting as a Data Processor on Spotify’s (or a Spotify Affiliate’s) behalf, you shall promptly, on request by Spotify, execute written contractual commitments which meet the requirements of Applicable Laws in relation to Data Processors.

You shall adhere to the obligations, requirements and standards set out in the GDPR in respect of any Spotify Personal Data, including: (a) the level of security and / or protection for Spotify Personal Data; (b) the rights of Spotify; and (c) the rights of the Data Subject(s), irrespective of: (i) the location of the Data Subject(s); (ii) the location of the Spotify Affiliate that is party to this Developer Terms; and (iii) your location.

3. Transfer of Personal Data Outside of the European Economic Area (“EEA”) or UK

Before transferring Personal Data outside the EU/EEA/UK, you shall ensure that such transfer is fully compliant with Applicable Laws. In addition, you shall be solely responsible for procuring that you execute and deliver all such documents and perform all such acts as requested by Spotify for the purpose of giving full effect to this paragraph 3.

To the extent you are receiving personal data from Spotify as a data importer, you represent and warrant that with respect to such data, you: (i) shall ensure that an equivalent level of protection as offered by EU law will be provided to EU/EEA Data Subjects in the country you are processing Personal Data, and (ii) shall implement supplemental measures consistent with regulatory guidance (and remain consistent as further regulatory guidance is issued).

The EU standard contractual clauses adopted by decision of 4 June 2021 document number C/2021/3972 (module 1, controllers to controllers) (“SCCs”) shall apply to any transfers of Spotify Personal Data by Spotify under this DPA from the European Union (“EU”) and the European Economic Area (“EEA”) to you where you are in a third country for the purposes of GDPR.

You represent and warrant that you can comply with the SCCs and accept the transfer of Spotify Personal Data. To the extent you become unable to comply with the SCCs, you shall promptly notify Spotify and Spotify may terminate the Developer Agreement and your access to the Spotify Platform in its sole discretion.

For the purposes of the SCCs, the parties agree that Spotify AB is the “data exporter” and you are the “data importer“ and that:

For the purposes of Annex I of the Appendix to the SCCs, the following will apply:

A: List of Parties. The names and contact details of the parties shall be as set out in the applicable approval form for the services or their account.

B: Description of Transfer.

i. Data Subjects. The Personal Data transferred concern the following categories of Data Subjects: Spotify users

ii. Purpose and nature of the transfer(s). The transfer is made for the following purposes: To provide the ability for you to use the Spotify Platform in accordance with the Developer Agreement

iii. Categories of data. The Personal Data transferred concern the following categories of data: Spotify Personal Data

iv. Recipients. The Personal Data transferred may be disclosed only to the following recipients or categories of recipient: Data Processors appointed by you

v. Sensitive data. The Personal Data transferred concern the following categories of sensitive data: N/A

vi. Frequency. Continuous

vii. Period for which data will be retained. As set out in your privacy policy.

viii. Transfers to (sub) processors. Subject to clause 7(e) of the Developer Terms.

C: Competent Supervisory Authority. The relevant competent supervisory authority shall be the Swedish Authority for Privacy Protection.

For purposes of Annex II of the Appendix to the SCCs, the following will apply:

Data importer shall undertake appropriate technical and organizational security measures to protect personal data against the unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. These measures should take into account available encryption technology and the costs of implementing the specific measures and must ensure a level of security appropriate to the harm that might result from a breach of security and the nature of the data to be protected.

4. Processing of Spotify Personal Data

You must provide reasonable resources to your employees to enable processing of Spotify Personal Data in compliance with the Developer Agreement.

You shall only process Spotify Personal Data as is strictly necessary for the provision of your SDA.

Each of Spotify and you shall be solely responsible for its respective processing of Spotify Personal Data, including allowing Data Subjects to exercise their legal rights under Applicable Laws. You, to the extent that such a request affects Spotify’s processing of Personal Data, shall comply with all such requests in accordance with Applicable Laws.

You shall also be responsible for any acts and omissions of any third parties with which you share Spotify Personal Data.

You shall notify Spotify Party immediately if you become aware of, or suspect: (i) any breach of this Appendix; or (ii) a Personal Data breach which is likely to affect or invoke the other party’s obligations under Applicable Laws. The notifying party shall document all Personal Data breaches in accordance with Applicable Laws and fully cooperate with the other party to ensure compliance with Applicable Laws. Each party shall use reasonable endeavors to mitigate any damage suffered by a Data Subject.

5. Account Linking

If your access to Spotify Personal Data is provided in connection with linking or otherwise integrating the Data Subject’s Spotify-provided account with your SDA, the following shall apply:

a. The account linking and / or integration request to Data Subjects shall include all information required to ensure it is compliant with Applicable Laws, including sufficient notice: (i) of which Spotify Personal Data you will access and the purpose of such processing; and (ii) that you will be responsible for your processing of such data in accordance with your privacy policy.

b. You shall allow Data Subjects to disconnect their Spotify-provided account by providing an easily accessible and usable mechanism to disconnect their Spotify-provided account from your SDA at any time, including clear instructions on how to do so.

c. If a Data Subject disconnects accounts as described in (b) above, or if Spotify or a Data Subject requests such disconnection, you shall discontinue accessing the applicable Spotify Personal Data and delete the applicable Spotify Personal Data in your possession or control within five (5) days.

6. Information Security Practices

You shall implement and maintain all appropriate technical, administrative and organizational measures required to ensure a level of confidentiality and security appropriate to the risks represented by the processing and the nature of Spotify Personal Data, and to prevent unauthorized or unlawful processing of Spotify Personal Data, including measures against unauthorized or unlawful processing of Spotify Personal Data and against accidental loss, corruption, disclosure or destruction of, or damage to, Spotify Personal Data.

7. Obligation to Provide Information

If requested by Spotify, you will keep Spotify informed of the contact details of your data protection representative. You shall provide Spotify with any information that Spotify reasonably requires in order for Spotify to comply with its obligations under Applicable Laws including to inform Data Subjects about your data processing activities and any data transfer solutions utilized by you.

8. Non-Sale

Non-Sale. The exchange of Personal Data hereunder does not constitute a sale, as defined by Applicable Law (including the California Consumer Protection Act). As such, you are prohibited from processing (including retaining, using and disclosing) Personnel Data (i) for any purpose other than performing your obligations under the Developer Agreement; or (ii) outside of the direct business relationship with Spotify (including for a commercial or internal business purposes). You shall ensure that you and any processor or partner you engage to help perform your obligations under the Developer Agreement will not, directly or indirectly, make available Personal Data for any valuable consideration (monetary or otherwise). You hereby certify that you understand the undertakings and restrictions set out in this paragraph 8.

9. Security Incidents and Notices to Third Parties

You agree to notify Spotify by sending an email to security@spotify.com without undue delay (and in any event within twenty-four (24) hours) where you become aware of or reasonably suspects that Spotify Personal Data has been or may have been lost, damaged or subject to unauthorized access (a “Security Incident”) and to take reasonable steps to mitigate the impact of any such Security Incident. To the extent Spotify seeks the assistance of you, you agree to reasonably cooperate with Spotify to enable Spotify to comply with its obligations under Applicable Laws.

10. Governing Law

Notwithstanding any other provision in the Developer Agreement, this Appendix shall be governed by, and interpreted in accordance with, the laws of Sweden.