Privacy Policy

Effective Date: April 11, 2025

This Privacy Policy explains how Broken Duck Media Co., Ltd. ("we," "our," or "us"), based in Chiang Mai, Thailand, collects, uses, discloses, and protects your personal information when you access or use Tchaikovsky (the "Service"), our web-based digital audio workstation and associated services.

1. Information We Collect

We may collect the following types of information:

• Personal Information: Name, email address, account credentials, billing details (if applicable), and communication preferences.
• Usage Information: Browser type, device information, operating system, IP address, access times, pages viewed, links clicked, and user actions within the Service (e.g., track generations, templates used).
• Project Data: MIDI files, generated tracks, saved projects, and associated metadata stored on our servers or cloud storage.
• Cookies and Tracking Data: Cookies, local storage, and other tracking technologies to monitor session activity and improve user experience.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service and related features.
• Create and manage user accounts, process subscriptions, and deliver purchased services.
• Send important updates, administrative messages, and promotional communications (you can opt out at any time).
• Analyze usage trends and platform performance to improve functionality and develop new features.
• Protect against fraud, abuse, and unauthorized access.
• Comply with legal obligations, enforce our terms, and resolve disputes.

3. Sharing Your Information

We do not sell or rent your personal information. We may share your information with:

• Service Providers: Companies providing cloud hosting (Google Cloud Storage), authentication (Firebase Authentication), email delivery, analytics, or payment processing services. These providers are contractually obligated to protect your data.
• Legal Compliance: Law enforcement or government agencies when legally required or to protect our rights and the safety of others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Authenticate users and maintain session state.
• Analyze usage patterns and improve our Service.
• Remember user preferences and settings.

You can control cookie settings through your browser. Disabling cookies may affect your ability to use some features of the Service.

5. Third-Party Services

Our Service integrates with third-party services, including but not limited to Firebase, Google Cloud, and payment processors such as Stripe. Your data may be processed and stored by these providers in accordance with their privacy policies. We encourage you to review their policies for additional information.

6. Data Retention

We retain your personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account and associated data at any time.

7. Your Rights

Depending on your jurisdiction (e.g., under GDPR, CPRA, PDPA), you have the following rights:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data ("right to be forgotten").
• Object to or restrict the processing of your data.
• Withdraw consent where processing is based on consent.
• Receive your data in a portable format (data portability).

To exercise your rights, please contact us using the information provided below. We may require verification of your identity before fulfilling your request.

8. Data Security

We implement industry-standard security measures to protect your personal data, including HTTPS encryption, token-based authentication, and secured cloud storage. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute protection.

9. International Data Transfers

Your information may be processed outside of your country of residence, including in the United States or Thailand, where data protection laws may differ. By using the Service, you consent to such transfers, subject to safeguards required by applicable law.

10. Children's Privacy

Our Service is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us, and we will take appropriate action.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal reasons. We will notify users by posting the updated policy on our website and updating the effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, you may contact us at:

Email: privacy@brokenduckmedia.com

Postal Address: Broken Duck Media Co., Ltd., Chiang Mai, Thailand