git-royal

GDPR & Data Protection

Last updated: July 6, 2026

This page explains how git-royal handles personal data under the EU General Data Protection Regulation (GDPR) and the UK GDPR. It complements our full Privacy Policy.

1. Scope and our roles

This notice applies to people in the European Economic Area (EEA), the United Kingdom, and Switzerland. Under the GDPR, the same data can involve different roles, and git-royal acts in two capacities:

  • As a controller — for the data of our own account holders and prospects: your account details, subscription and billing data, support communications, and the analytics of our own website and subscribe funnel.
  • As a processor — for the fan and visitor data generated on pages an artist publishes with git-royal (page views, preview plays, click-throughs, and the events we send to that artist's own advertising pixels). Here the artist is the controller, and git-royal processes that data on their behalf and under their instructions. See section 8.

2. Legal bases we rely on

Where git-royal is the controller, we process personal data on these bases (GDPR Art. 6):

  • Performance of a contract — to create and operate your account, provide the service, and process your subscription.
  • Legitimate interests — to secure the service, prevent abuse, and understand product usage through privacy-focused analytics, balanced against your rights.
  • Consent — for non-essential advertising and measurement technologies where consent is required (see section 5). You may withdraw consent at any time.
  • Legal obligation — to meet accounting, tax, and other legal requirements.

3. Your rights

Subject to conditions in the law, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data (“right to be forgotten”);
  • Restrict or object to certain processing, including profiling for advertising;
  • Data portability — receive your data in a portable format;
  • Withdraw consent at any time, without affecting prior processing; and
  • Lodge a complaint with a supervisory authority (see section 9).

4. How to exercise your rights

Email support@git-royal.com from the address associated with your request. We will respond within the timeframes required by law (generally one month). We may need to verify your identity. Where your request concerns data collected on an artist's page, git-royal is the processor — we will forward your request to that artist as the controller, or act on their documented instructions.

5. Consent and cookies (EEA/UK)

Essential cookies (for authentication) are always used. Non-essential technologies — including an artist's Meta or TikTok pixel and related ad-measurement — load only after consent where consent is required. Visitors in consent-required regions are shown a banner and can accept or decline; declining leaves first-party, aggregate product analytics running but stops advertising measurement. See the Privacy Policy for detail.

6. International data transfers

git-royal and its service providers may process data in the United States and other countries outside the EEA/UK. Where we transfer personal data internationally, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with supplementary measures where needed.

7. Data retention

We keep personal data for as long as your account is active or as needed to provide the service, and then for a reasonable period to meet legal, accounting, and security obligations, after which it is deleted or anonymized.

8. Data Processing Addendum (for artists & business customers)

If you use git-royal to process the personal data of your own fans and visitors, you are the controller of that data and git-royal is your processor. We make a Data Processing Addendum (DPA) available that sets out our obligations under GDPR Art. 28, including confidentiality, security, sub-processor terms, and assistance with data-subject requests. Request one at support@git-royal.com.

9. Complaints and supervisory authority

If you believe our handling of your data infringes the GDPR, you may lodge a complaint with your local data-protection supervisory authority. We would appreciate the chance to address your concern first — please contact us.

10. Sub-processors

We use vetted service providers to run the platform — including Supabase (database, auth, storage), Stripe (payments), Vercel (hosting and analytics), Resend (email), Anthropic (royalty-statement column mapping), and Meta and TikTok (advertising measurement, at the artist's direction). A current list is available on request.

11. Contact

For any data-protection question or request, email support@git-royal.com. For the full picture of what we collect and why, see our Privacy Policy.