Privacy Policy
Last updated: February 21, 2026
Effective date: February 21, 2026
Album Foundry is a platform operated by Handmation Media LLC, a limited liability company registered in Oregon. When this policy says "Album Foundry," "we," "us," or "our," it means Handmation Media LLC doing business as Album Foundry.
We take privacy seriously. This policy explains what data we collect, why we collect it, how we protect it, and what rights you have over it. We have written it in plain language intentionally — if something is unclear, email us at privacy@albumfoundry.com.
1. Who This Policy Covers
This policy applies to everyone who uses Album Foundry:
- Fans who browse storefronts, preview music, and purchase downloads
- Artists who create accounts, upload music, and sell through the platform
- Visitors who land on any Album Foundry page without an account
2. What We Collect and Why
2.1 Information You Give Us
When you make a purchase:
- Email address
- Payment information (processed by Stripe — we never see or store your full card number)
- Country (used for tax and EU/UK consumer rights compliance)
When you create an artist account:
- Name and email address
- Payout information (processed by Stripe Connect)
- Music files, album artwork, and catalog metadata you upload
- Storefront customisation choices
When you contact us:
- The contents of your message and your email address
2.2 Information We Collect Automatically
Session data: When you visit a storefront we record how you arrived — for example, whether you came from a link, a social post, or a direct visit. This is stored in your browser's session storage only. It is not a cookie, it does not persist after you close the tab, and it is never sent to our servers.
Analytics events: We record interactions on the platform — such as which tracks were previewed and how long storefronts were viewed — in aggregate. This data is used to help artists understand their audience. It does not identify you personally.
Security data: To protect the platform against bots and fraud, we collect hashed device signals, request patterns, and behavioural indicators. This data is processed for security purposes only and is not used for advertising or profiling.
Audit logs: Administrative and security-sensitive actions on the platform are logged with timestamps. These logs are retained for 3 years for security and compliance purposes.
2.3 Information from Third Parties
Stripe: When you make a payment, Stripe processes your payment information and shares limited transaction data with us (amount, currency, order reference, country). We do not receive your full card details. Stripe's privacy policy is available at stripe.com/privacy.
Meta Pixel (artist-enabled only): Some artists choose to enable Meta Pixel on their storefront to measure the effectiveness of their advertising. This is entirely at the artist's discretion. When enabled, Meta's tracking code runs on that artist's storefront — but only after you have given explicit consent via our cookie banner. If you decline marketing cookies, Meta Pixel does not load. Album Foundry is not responsible for Meta's data practices. See Meta's privacy policy at facebook.com/privacy/policy.
3. How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Processing your purchase and delivering your download | Contract performance |
| Sending your order confirmation and download link | Contract performance |
| Paying artists their share of revenue | Contract performance |
| Preventing fraud and protecting platform security | Legitimate interests |
| Aggregate analytics to improve the platform | Legitimate interests (DUAA 2025 statistical exception) |
| Complying with tax and financial record-keeping obligations | Legal obligation |
| Responding to your support requests | Legitimate interests |
| Loading third-party tracking (Meta Pixel) on artist storefronts | Your consent |
We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except as described in Section 4.
4. Who We Share Data With
Stripe — payment processing and artist payouts. Required for the platform to function.
Supabase — our database infrastructure provider. Data is stored on servers in the United States.
Vercel — our hosting provider. Handles web traffic and edge functions.
Artists — when you purchase from an artist's storefront, the artist receives your order information (items purchased, amount paid, date). They do not receive your payment details or email address unless you contact them directly.
Law enforcement — we will disclose data when required by law, court order, or to protect the rights and safety of our users.
We do not sell, rent, or trade your personal data with any other party.
5. International Data Transfers
Album Foundry is based in the United States. If you are located in the UK or European Union, your data is transferred to and processed in the US.
We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for these transfers, where required. You may request a copy of our SCC documentation by emailing privacy@albumfoundry.com.
6. Data Retention
| Data type | Retention period |
|---|---|
| Purchase records and order history | 7 years (tax and legal obligation) |
| Artist account data | Duration of account plus 2 years |
| Analytics events | 26 months |
| Security and audit logs | 3 years |
| Bot detection signals | 90 days |
| Session referrer data (sessionStorage) | Cleared when you close the tab |
| Cookie consent preferences | 180 days (af_consent_v2 cookie) |
When retention periods expire, data is deleted or anonymised.
7. Cookies
We use a small number of cookies. You can review the full cookie declaration at Cookie Policy.
Essential cookies are required for the platform to function — they handle your session and protect against security attacks. These do not require your consent.
Marketing cookies (Meta Pixel) are only set on storefronts where the artist has enabled ad tracking, and only after you have explicitly accepted marketing cookies via our consent banner.
You can change your cookie preferences at any time using the Cookie Preferences link in the footer of any storefront page.
8. Security
We take reasonable technical and organisational measures to protect your data:
- All data is transmitted over encrypted connections (HTTPS/TLS)
- Payment data is handled entirely by Stripe and never stored on our servers
- Database access is restricted by row-level security policies
- Security events are logged and monitored
- Bot detection runs on all storefront and API traffic
In the event of a data breach affecting your rights and freedoms, we will notify affected users and, where required by law, the relevant supervisory authority within 72 hours of becoming aware of the breach.
9. Your Rights
For everyone
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — ask us to delete your data, subject to legal retention obligations
- Portability — receive your data in a structured, machine-readable format
Additional rights for UK and EU residents (UK GDPR / EU GDPR)
- Right to object — object to processing based on legitimate interests (Article 21)
- Right to restrict processing — ask us to pause processing while a dispute is resolved (Article 18)
- Supervisory authority — you have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your national supervisory authority.
We will respond to all data rights requests within 30 days.
For California residents (CCPA)
You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email privacy@albumfoundry.com.
To exercise any of these rights, contact us at privacy@albumfoundry.com or write to us at the address in Section 11.
10. Children
Album Foundry is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us at privacy@albumfoundry.com and we will delete it promptly.
11. AI Training Prohibition
We will never use music, artwork, or any other content uploaded to Album Foundry to train artificial intelligence models of any kind. This includes but is not limited to: audio generation models, image generation models, style transfer systems, voice synthesis systems, and music recommendation systems trained on raw audio.
This prohibition applies to Album Foundry and to any third party we work with. It is a core commitment of the platform and will not change without explicit opt-in consent from the relevant artist.
12. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page. For significant changes affecting your rights, we will notify artists by email.
Continued use of Album Foundry after a policy update constitutes acceptance of the revised policy.
13. Contact
Privacy requests and data rights: privacy@albumfoundry.com
Legal notices: legal@albumfoundry.com
General enquiries: hello@albumfoundry.com
Post: Album Foundry 7325 NE Imbrie Dr Hillsboro, Oregon 97124 United States