Pealz
Legal

Privacy Policy

Last updated: April 18, 2026

1. Introduction

Pealz ("we", "our", or "us") operates pealz.music. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform.

Pealz is the data controller responsible for your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

Information You Provide

  • Account Information: Email address, name (optional), password
  • Purchase Information: Billing details processed securely through Stripe
  • Communication: Messages sent through our contact form
  • Challenge Submissions: Artist name, entry URL, optional message

Automatically Collected Information

  • Usage Data: Pages visited, beats listened to, download activity
  • Technical Data: IP address, browser type, device information
  • Cookies: Session data and user preferences

3. How We Use Your Information

We use your information to:

  • Process purchases and deliver beat files
  • Create and manage your account
  • Send purchase confirmations and download links
  • Respond to your inquiries and support requests
  • Manage challenge entries and feature winners
  • Send marketing communications (only if you opt in)
  • Improve our platform and user experience
  • Prevent fraud and ensure platform security

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases as defined by the GDPR:

  • Contract performance: Processing necessary to fulfill your purchase and deliver your files
  • Legitimate interests: Improving the platform, preventing fraud, and ensuring security
  • Consent: Marketing communications, where you have explicitly opted in
  • Legal obligation: Where we are required to process data to comply with applicable law

5. Account Creation

Accounts are created automatically when you:

  • Purchase a beat
  • Download a free beat
  • Submit a challenge entry

If an account already exists with your email, we link the activity to your existing account instead of creating a new one.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Payment Processors: Stripe processes payments securely (we never store full card details)
  • Storage Providers: Cloudflare R2 for file hosting
  • Email Services: For sending transactional and marketing emails
  • Legal Requirements: When required by law or to protect our rights

All third-party processors are required to handle your data in accordance with applicable data protection laws.

7. Data Security

We implement security measures to protect your information:

  • Encrypted connections (HTTPS)
  • Secure password hashing
  • Private file storage with signed URLs
  • Regular security reviews

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Opt out of marketing communications
  • Export your data in a portable format (data portability)
  • Lodge a complaint with a supervisory authority — in Austria, this is the Datenschutzbehörde (DSB)

To exercise these rights, contact us. We will respond within 30 days.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Purchase records may be retained for up to 7 years to comply with Austrian tax and accounting obligations. When data is no longer required, we securely delete or anonymize it.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze platform usage

You can control cookies through your browser settings. Where required by law, we will request your consent before placing non-essential cookies.

11. International Data Transfers

Your data may be processed by third-party services (such as Stripe and Cloudflare) located outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Our platform is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us to have it removed.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us.