echoes@lab:~$_

// privacy_policy

Effective date: February 10, 2026

Echoes Lab ("we," "us," or "our") operates echoeslabmusic.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

> information_we_collect

We collect information that you provide directly to us:

  • Email address: when you subscribe to our newsletter, submit a contact form, submit a guest pitch, or make a purchase.
  • Name: when you submit a contact form, guest pitch, or make a purchase.
  • Message content: when you submit a contact form or guest pitch.
  • Payment information: when you make a purchase. Payment details (card number, billing address) are collected and processed directly by Stripe. We never receive, store, or have access to your full card number.

We also collect limited information automatically:

  • IP address: temporarily used for rate limiting to prevent abuse. This data is held in memory only and is not persisted to any database.
  • Server logs: our hosting provider (Digital Ocean) may collect standard server logs including IP addresses, request timestamps, and user agent strings.

> how_we_use_your_information

  • Newsletter subscriptions: to send you updates about music releases, shows, audio plugins, and other Echoes Lab content. You can unsubscribe at any time using the link in every email.
  • Contact form submissions: to respond to your inquiries about booking, press, collaboration, or other topics.
  • Guest pitch submissions: to review your proposed contribution to our /log publication.
  • Purchases: to process your order, deliver digital products (including license keys), send order confirmations, and handle refunds if necessary.
  • Rate limiting: to prevent abuse of our forms and API endpoints.

> legal_basis_for_processing

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

  • Consent: when you subscribe to our newsletter. You may withdraw consent at any time by unsubscribing.
  • Contractual necessity: when you make a purchase and we need to fulfill your order.
  • Legitimate interest: when you submit a contact or contribute form (you initiated the communication), and for rate limiting (site security).

> third_party_services

We share your information with the following third-party services, solely to operate our site and fulfill your requests:

  • Kit (ConvertKit)– Email marketing platform. Receives your email address (and name, if provided) when you subscribe to our newsletter. Kit stores subscriber data and sends marketing emails on our behalf. Kit Privacy Policy
  • Resend– Transactional email service. Delivers contact form confirmations, order confirmations, and license key emails. Resend processes the recipient email address and email content on our behalf. Resend Privacy Policy
  • Stripe– Payment processor. Handles all payment transactions. Stripe collects and stores your payment details, billing address, and email. We receive only your name, email, and transaction details (not your card number). Stripe Privacy Policy
  • Digital Ocean– Hosting provider. Our application runs on Digital Ocean infrastructure. Standard server logs may include IP addresses and request metadata. Digital Ocean Privacy Policy
  • Cloudflare– DNS and CDN provider. Cloudflare routes traffic to our site and may set a strictly necessary cookie (__cf_bm) for bot management. This cookie does not track you for advertising purposes. Cloudflare Privacy Policy

We do not sell, rent, or share your personal information with any other third parties for their marketing purposes.

> cookies_and_tracking

Our website does not set any first-party cookies or use analytics tracking scripts. We do not use Google Analytics, tracking pixels, or behavioral advertising tools. Cloudflare may set a strictly necessary cookie for bot protection, which does not require consent under applicable privacy laws.

> data_retention

  • Newsletter subscribers: your email is retained in Kit until you unsubscribe. Upon unsubscribing, Kit marks your record as inactive per their retention policy.
  • Contact and pitch submissions: retained in our email inbox only. We do not store form submissions in a database.
  • Purchase records: retained by Stripe as required for transaction records, tax compliance, and refund processing. We retain order information as required by applicable tax law (typically 7 years).
  • Rate limit data: held in application memory only. Cleared automatically on server restart and not persisted.

> your_rights

Depending on your location, you may have the following rights regarding your personal information:

EEA residents (GDPR):

  • Right of access: request a copy of the data we hold about you.
  • Right to rectification: request correction of inaccurate data.
  • Right to erasure: request deletion of your data.
  • Right to data portability: request your data in a portable format.
  • Right to restrict or object to processing.
  • Right to withdraw consent at any time for consent-based processing.

California residents (CCPA):

  • Right to know what personal information is collected and how it is used.
  • Right to request deletion of your personal information.
  • Right to opt out of the sale of personal information. We do not sell your personal information.
  • Right to non-discrimination for exercising your privacy rights.

Nevada residents (SB 220):

You may submit a request to opt out of the sale of your personal information. We do not sell your personal information, but you may contact us to make this request.

To exercise any of these rights, contact us at [email protected]

We will respond to your request within 30 days.

> email_communications

  • Marketing emails (newsletter): you can unsubscribe at any time using the unsubscribe link included in every newsletter email. You may also contact us directly to be removed.
  • Transactional emails (order confirmations, license keys, contact form replies): these are sent in response to actions you take and are not marketing communications. They do not require separate opt-in and cannot be unsubscribed from, as they are necessary to complete your request.

> childrens_privacy

Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at [email protected] and we will promptly delete it.

> international_data_transfers

We are based in the United States. If you access our website from outside the US, your information will be transferred to and processed in the United States. Our third-party service providers (Kit, Resend, Stripe, Digital Ocean, Cloudflare) are US-based companies that may process data in the US and other countries. By using our website and providing your information, you consent to this transfer.

> security

We take reasonable measures to protect your information, including HTTPS encryption for all data in transit, rate limiting on form submissions, honeypot spam protection, and secure API key management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

> changes_to_this_policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective date" at the top of this page. If we make material changes that affect how we handle your data, we will notify newsletter subscribers via email. We encourage you to review this page periodically.

> contact

If you have any questions about this Privacy Policy or our data practices, contact us at:

[email protected]

Echoes Lab

Las Vegas, Nevada, United States

// last updated: 2026-02-10

> back to home