EPK Me — Privacy Policy

Last Updated: December 17, 2024

1. Introduction

This Privacy Policy describes how EPK Me ("we," "us," "our") collects, uses, and shares information when you use our website and services at epkme.band (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information

• Email address
• Password (stored in hashed form; we cannot see your actual password)
• Band/artist name

EPK Content

• Biography and artist information
• Photos and images you upload
• Contact information you choose to include (booking email, phone, etc.)
• Social media links and handles
• Show history and venue information
• Press quotes
• Any other content you add to your EPK

Communications

• Messages you send us through our contact form
• Booking requests submitted through your EPK (if enabled)

2.2 Information Collected Automatically

Usage Data

• Pages visited and features used
• Time and date of visits
• Referring website or source

Device Information

• Browser type and version
• Operating system
• Device type (mobile, desktop, tablet)
• Screen resolution

Analytics Data (for EPK page views)

• Visitor's approximate geographic location (city/region level, derived from IP address)
• IP addresses are processed but not stored in full; we use anonymized hashes for unique visitor counting
• Referrer URLs and UTM parameters

Important: We use privacy-friendly analytics that do not rely on cookies for tracking. We do not use persistent cross-site tracking identifiers.

2.3 Information from Third Parties

Spotify

• When you connect your Spotify artist profile, we retrieve publicly available information including: follower count, popularity score, genres, top tracks, albums, and artist images
• This data is fetched via Spotify's public API using your artist URL

YouTube

• If you provide YouTube channel information, we may retrieve publicly available statistics such as subscriber count, view counts, and video counts

Instagram

• Instagram statistics (followers, posts) are entered manually by you; we do not access Instagram's API

Stripe (Payment Processor)

• We use Stripe to process payments
• We do not receive or store your full credit card number
• Stripe provides us with limited information such as the last four digits of your card, card brand, and billing address for transaction records
• Stripe's collection and use of your information is governed by their privacy policy

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Create and host your EPK, process your requests, and deliver features you use
• Process Payments: Complete transactions and send related information (receipts, confirmations)
• Communicate with You: Respond to your inquiries, send service-related notices, and provide customer support
• Provide Analytics: Show you statistics about who is viewing your EPK (for applicable plans)
• Improve the Service: Understand how users interact with our Service to improve functionality and user experience
• Protect the Service: Detect, prevent, and address technical issues, fraud, and abuse
• Comply with Legal Obligations: Respond to legal requests and prevent harm

4. How We Share Your Information

4.1 Public Information

Your EPK content is designed to be shared publicly. When you publish your EPK:

• Your EPK page is accessible to anyone with the link
• Information you include in your EPK (bio, photos, contact info, social links, show history, etc.) is publicly visible
• Search engines may index your public EPK page

You control what information appears in your EPK. Do not include information in your EPK that you do not want to be public.

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users or the public
• Protect against legal liability

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.5 What We Do NOT Do

• We do not sell your personal information. We have not sold personal information in the past 12 months and have no plans to do so.
• We do not share your information with third parties for their direct marketing purposes.
• We do not use your content to train AI models.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

We use minimal cookies necessary for the Service to function:

5.2 What We Don't Use

• We do not use third-party advertising cookies
• We do not use cross-site tracking pixels
• We do not participate in ad networks or retargeting

5.3 Analytics Approach

Our analytics system uses privacy-friendly techniques:

• No third-party analytics scripts (like Google Analytics)
• Visitor counting uses anonymized fingerprints, not cookies
• IP addresses are not stored in full
• We cannot identify individual visitors by name or personal details

6. Data Retention

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide you with the Service.

6.2 Account Deletion

When you delete your account:

• Your account information and EPK content will be permanently deleted
• Deletion is typically completed within 30 days
• Some information may be retained in backups for up to 90 days before being permanently removed
• We may retain certain information as required by law or for legitimate business purposes (e.g., transaction records for tax purposes)

6.3 Inactive Accounts

• Free accounts inactive for more than 6 months may be deleted
• We will attempt to notify you via email before deletion

6.4 Canceled Subscriptions

• EPK data is retained for 90 days after subscription cancellation
• After 90 days, data may be permanently deleted

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encrypted database connections
• Secure password hashing
• Access controls limiting who can access user data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

We are not responsible for circumvention of any privacy settings or security measures contained on the Service. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

8. Your Rights and Choices

8.1 Access and Export

You can access most of your information directly through your account dashboard. We provide data export tools that allow you to download your EPK data.

8.2 Correction

You can update or correct your information at any time through your account settings and EPK editor.

8.3 Deletion

You can delete your account at any time through your account settings. This will permanently delete your EPK and associated data, subject to our retention policies described above.

8.4 Email Communications

You can opt out of promotional emails by following the unsubscribe instructions in those emails. Note that you cannot opt out of service-related communications (e.g., account verification, payment receipts, important service notices).

8.5 Booking Requests

If you receive booking requests through your EPK, you are responsible for how you handle the personal information contained in those requests.

9. International Users

9.1 Data Location

The Service is operated from the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

9.2 Consent to Transfer

By using the Service, you consent to the transfer of your information to the United States and acknowledge that your information will be subject to the laws of the United States, which may differ from the laws of your country of residence.

9.3 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

• Our legal basis for processing your information is typically your consent (by using the Service) or the necessity of processing to provide the Service to you
• You may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, port, and erase your data, and the right to object to or restrict processing
• To exercise these rights, please contact us through our website

Note: While we respect privacy principles, we are a small service and may not have the full infrastructure to comply with all GDPR requirements. Users in the EEA should consider this before using the Service.

9.4 California Users (CCPA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• No Sale of Personal Information: We do not sell personal information as defined by the CCPA

To exercise these rights, please contact us through our website.

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Third-Party Links and Services

Your EPK may contain links to third-party websites and services (e.g., Spotify, YouTube, social media profiles). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.

Our integration with third-party services (Spotify, YouTube, Stripe, etc.) is subject to those services' terms and privacy policies. Their collection and use of your information is governed by their respective policies, not this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• For material changes, sending an email to registered users

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us through the contact form on our website at epkme.band.

14. Summary Table

This Privacy Policy is provided for informational purposes. We recommend consulting with a licensed attorney in your jurisdiction before finalizing any legal documents.