RosterRoyalties
RosterRoyaltiesDocs

Security, Data & API

RosterRoyalties is built on modern, secure infrastructure. Financial and artist data is encrypted in transit and at rest, and access controls are enforced throughout the platform.

Data security

  • All data is encrypted in transit using TLS
  • Data at rest is encrypted by the underlying infrastructure provider
  • File uploads (CSVs, PDFs, signed documents) are stored in access-controlled object storage — not publicly accessible
  • User passwords are hashed using a strong one-way algorithm — plain-text passwords are never stored
Specific infrastructure details (provider, region, SLAs, penetration test schedules) are available on request. Contact team@rosterroyalties.com if you have specific security requirements.

Authentication

RosterRoyalties uses secure, session-based authentication. Each user logs in with email and password. Two-factor authentication (2FA) is available for all accounts and is strongly recommended. Single Sign-On (SSO) is available — contact team@rosterroyalties.com to configure it. Artist portal accounts are separately credentialled — artists set their own password when they accept their invitation.

Data export

You can export a complete copy of your account data at any time from Settings → Export Your Data. Exports are generated in real-time and downloaded directly to your device — nothing is stored on RosterRoyalties servers after download. Choose between CSV (one file per category, ideal for spreadsheets) or JSON (nested relationships preserved, ideal for developers). The export includes:

  • Statements and royalty line items
  • Invoices and payment records
  • Contracts and split sheets
  • Artist account records
  • Recoupable costs
  • Track splits
  • Payment card details are always excluded

Artists can also download their own statements (PDF and CSV) and invoices (PDF) directly from the artist portal — no action from you or support required.

No lock-in

You can export your full dataset at any time, including before cancelling your subscription. Your data is always yours to keep.

GDPR & CCPA

RosterRoyalties is compliant with GDPR Article 20 and CCPA data portability requirements. You, as the label or rights holder, are the data controller — RosterRoyalties acts as data processor on your behalf. Personal data is not sold or shared with third parties for marketing. Artists can request their data directly via the Data Export tool. For Data Processing Agreements (DPAs), deletion requests, or detailed privacy queries, contact team@rosterroyalties.com.

API access

RosterRoyalties does not currently offer a public REST API. All data management is done through the web interface. A developer API is on the roadmap — no timeline is published. The recommended approach for bulk data entry in the meantime is the Track Splits CSV import in Host Tools. If you have a specific integration requirement, contact team@rosterroyalties.com to discuss what is possible.

Mobile apps

Native iOS and Android apps are in development, expected to launch in May 2026. They will cover statements, invoices, POs, push notifications, and full multi-role support. In the meantime, the full RosterRoyalties platform is available as a responsive web app at app.rosterroyalties.com and works well on mobile browsers — all features are accessible from any device.

White LabelReferral Program