Privacy
We collect the minimum needed to sell you a beat, deliver it, and stay compliant. No tracking pixels selling your data, no behavior profiles sold to advertisers. Here's the full breakdown.
01 · Data controller
The data controller for this website is Alain Nombre (HAR2NOK), based in Paris, France. Contact: harnok2@gmail.com.
02 · What we collect
- Order data: email, billing name, billing address, license tier purchased, beat / kit purchased. Collected via Stripe at checkout.
- Payment data: handled entirely by Stripe — we do not store card numbers. Stripe is PCI-DSS Level 1. See stripe.com/privacy.
- Newsletter data: email address only, if you opt in via the footer signup or the "email for pack" flow.
- Inquiry data: anything you send us via email about syncs, custom work, or support.
- Technical data: IP, browser, referrer, pages visited — minimal server logs, 30 days for security and debugging.
- Behavioral signals (anonymous): play / skip / save against an anonymous session ID. No personal identifier attached.
03 · Purposes
- Process your purchase and deliver the file you bought.
- Send you the license certificate and download links by email.
- Resend download links if you ask.
- Send newsletter emails about new drops — only if you opted in. One-click unsubscribe.
- Improve catalog recommendations (anonymous taste signals).
- Detect and prevent fraud (Stripe + minimal server logs).
- Comply with tax, accounting, and legal obligations.
04 · Service providers
We share data with a small set of vendors strictly needed to run the store. All are GDPR-compliant.
- Stripe (USA) — payment processing. stripe.com/privacy
- Supabase (EU / global) — database for orders, products, settings. supabase.com/privacy
- Bunny CDN (Slovenia / EU) — file hosting and delivery. bunny.net/privacy
- Brevo / Sendinblue (France) — transactional + newsletter emails. brevo.com/privacy
- Vercel (USA, EU regions) — hosting + server logs. vercel.com/privacy
We do not sell your data, share it with advertisers, or use it to train third-party AI models.
05 · Cookies
- Strictly necessary: Stripe session cookie at checkout. Cart and pack in localStorage so they persist between visits. No consent required under GDPR.
- Anonymous analytics: we may add a privacy-friendly analytics tool (Plausible / Fathom) — cookieless, no cross-site tracking.
- No advertising cookies. No Google Analytics. No Facebook Pixel. No retargeting.
06 · Retention
- Order records: 10 years (French accounting law).
- Newsletter email: until you unsubscribe.
- Server logs: 30 days.
- Anonymous taste signals: rolling 90 days.
07 · Your rights (GDPR & equivalents)
If you're in the EU, UK, California, or any jurisdiction with similar data laws, you have the right to:
- Access the personal data we hold about you.
- Correct anything that's wrong.
- Delete it (right to be forgotten), subject to legal retention obligations.
- Object to processing for direct marketing.
- Withdraw consent for newsletter at any time.
- Lodge a complaint with your local data protection authority (France: CNIL).
To exercise any of these, email harnok2@gmail.comwith the subject "Data request." We respond within 30 days.
08 · Security
- HTTPS site-wide (TLS 1.3).
- Database access enforced by row-level security policies on Supabase.
- Payment data isolated to Stripe (we never see card numbers).
- Admin access requires authenticated Supabase Auth session.
No system is perfectly secure. If we ever suffer a personal-data breach affecting your data, we'll notify you and the relevant authority within 72 hours, per GDPR.
09 · Changes
We may update this policy as the site evolves. Material changes will be flagged at the top of this page and via newsletter if you're subscribed.
Last updated · June 2026