Privacy Policy

1. Introduction

Greit Music Store (thegreit.com) is operated by Greit Studios, based in Seoul, Republic of Korea. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, and password when you create an account
• Payment information: processed securely by our payment providers (Stripe). We do not store credit card numbers
• Profile information: display name, profile image, and language preference
• Communications: messages you send to our support team

2.2 Information Collected Automatically

• Usage data: pages visited, tracks played/previewed, search queries, and features used
• Device information: browser type, operating system, device type, and screen resolution
• Log data: IP address, access times, and referring URLs
• Cookies and similar technologies: for session management, preferences, and analytics

3. How We Use Your Information

We use collected information for the following purposes:

1. 1.To provide and maintain the Service, including processing purchases and delivering licensed music files
2. 2.To manage your account, verify identity, and provide customer support
3. 3.To process payments securely through our payment providers
4. 4.To send transactional communications: purchase confirmations, license certificates, and account notifications
5. 5.To improve the Service: analyze usage patterns, fix bugs, and develop new features
6. 6.To personalize your experience: music recommendations, curated collections, and relevant content
7. 7.To comply with legal obligations and enforce our Terms of Service

4. Data Sharing & Disclosure

We do not sell your personal information. We may share information with:

1. 1.Payment Processors: Stripe processes payments on our behalf. Their use of your data is governed by their own privacy policy.
2. 2.Infrastructure Providers: We use Supabase (database/auth), Cloudflare (CDN/security), and Vercel (hosting) to operate the Service.
3. 3.Analytics: We may use privacy-respecting analytics tools to understand usage patterns. We do not use invasive tracking or sell data to advertisers.
4. 4.Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.
5. 5.Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed using industry-standard algorithms (bcrypt)
• Database access restricted with row-level security policies
• Regular security reviews and dependency updates
• Payment data handled exclusively by PCI-DSS compliant providers

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

1. 1.Account data is retained for as long as your account is active.
2. 2.After account deletion, personally identifiable data is removed within 30 days. Anonymized usage data may be retained for analytics.
3. 3.Purchase records and license data are retained indefinitely to support license verification and dispute resolution.
4. 4.Server logs are retained for up to 90 days for security and debugging purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

1. 1.Access: Request a copy of the personal information we hold about you.
2. 2.Correction: Request correction of inaccurate or incomplete information.
3. 3.Deletion: Request deletion of your account and personal data, subject to legal retention obligations.
4. 4.Data Portability: Request your data in a machine-readable format.
5. 5.Objection: Object to processing of your data for certain purposes.
6. 6.Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at support@thegreit.com. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies for:

• Essential cookies: authentication, session management, and security (required)
• Preference cookies: language selection and display settings
• Analytics cookies: understanding how the Service is used (can be declined)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the Republic of Korea and the United States (where our infrastructure providers operate). We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly. Contact us if you believe a child has provided us with personal information.

11. Changes to This Policy

1. 1.We may update this Privacy Policy from time to time.
2. 2.Material changes will be communicated via email or prominent notice on the Service at least 14 days before taking effect.
3. 3.The "Last updated" date at the top indicates the most recent revision.
4. 4.Continued use of the Service after changes constitutes acceptance of the updated policy.