YGP.
Login

Privacy policy

This Privacy Policy explains how Your Ghost Production collects, uses, stores, and protects personal data when you use the website, marketplace, customer account, producer/vendor tools, checkout, downloads, The Lab services, and related features.

Use of the platform is also governed by the Terms of Service, Customer Agreement, Refund Policy, Producer Terms, Vendor Terms, and any other agreement that applies to a specific purchase, service, or account.

1. Who is responsible for your data

Your Ghost Production is responsible for the personal data processed through this platform.

For privacy questions, data requests, account questions, or complaints, contact us through the official support or privacy contact shown on the website.

2. What this policy covers

This policy applies to personal data processed through:

  • public browsing
  • account registration and login
  • customer purchases and downloads
  • guest checkout
  • payment and billing flows
  • producer/vendor accounts
  • producer applications
  • seller onboarding and payout setup
  • file uploads
  • preview playback
  • playlists, likes, follows, and marketplace activity
  • support messages
  • security logs
  • analytics, where accepted
3. Account data

When you create or use an account, we may collect and process:

  • email address
  • name or display name, where provided
  • password authentication data, handled securely
  • email verification status
  • account role and permissions
  • login history and security status
  • password reset or claim-account token status
  • account settings
  • account suspension, deletion, or restriction status

If you purchase as a guest, the platform may create or link a customer account after successful payment so you can access your purchases, invoices, downloads, and account tools.

4. Buyer and billing data

When you place an order, we may collect and process:

  • customer email
  • billing name
  • billing address
  • country
  • optional company name
  • optional VAT number or business tax information
  • order number
  • order status
  • payment status
  • purchased items
  • download status
  • invoice and receipt information
  • refund request information
  • support messages related to the order

This data is used to process purchases, provide digital delivery, create invoices, handle support, meet accounting obligations, and protect the platform from fraud or abuse.

5. Payment data

Payments are processed through Stripe or another configured payment provider.

We may store payment-related identifiers such as:

  • Stripe customer ID
  • Stripe checkout session ID
  • Stripe payment intent ID
  • payment status
  • payment method status
  • refund status
  • tax or VAT calculation references where applicable

We do not store full card numbers on our servers. Card and payment processing is handled by the payment provider.

6. Digital delivery and downloads

When you buy a track or digital product, we may process:

  • purchased track or service information
  • file delivery status
  • download start and completion events
  • download request metadata
  • generated ZIP package status
  • invoice access
  • customer account access linked to the order

This is necessary to provide the files you purchased, prevent unauthorized access, and keep records of delivery.

7. Producer, vendor, and applicant data

If you apply as a producer, sell through the platform, submit music, or use vendor tools, we may collect and process:

  • artist or producer name
  • email address
  • country
  • address details where required
  • payout method information
  • payout beneficiary name
  • agreement acceptance status
  • typed signature
  • agreement acceptance timestamp
  • IP address and user agent at acceptance
  • profile biography
  • producer logo or artwork
  • upload history
  • payout split settings
  • account status and review status

Producer and vendor data is used to manage submissions, rights, payouts, agreements, platform quality control, and marketplace administration.

8. Identity verification data for vendors

Where identity verification is required, we may collect and process:

  • legal full name
  • date of birth
  • country
  • payout beneficiary name
  • government ID images
  • selfie or identity-check images
  • verification status
  • verification timestamps
  • review notes or verification metadata

This data is used for fraud prevention, payout safety, legal compliance, seller verification, and marketplace trust.

Verification documents may be stored in private storage and access is restricted.

9. Uploaded files and storage

Users, producers, vendors, or administrators may upload files such as:

  • audio files
  • watermarked previews
  • mastered or unmastered files
  • stems
  • MIDI files
  • artwork
  • ZIP archives
  • proof documents
  • identity verification files
  • agreement-related files
  • support documents

Files may be stored on local server storage, private object storage, or S3-compatible storage providers.

Private files are not intended for public access unless the platform specifically makes them available through an authorized preview, purchase, download, or admin function.

10. Security data and internal logs

For security, fraud prevention, debugging, and platform reliability, we may collect:

  • IP address
  • user agent
  • request ID
  • session identifiers
  • anonymous visitor identifiers
  • login attempts
  • rate-limit signals
  • authentication events
  • checkout events
  • download events
  • preview playback events
  • cart events
  • refund request events
  • internal error and audit events

These logs help us detect abuse, protect accounts, investigate delivery issues, troubleshoot bugs, and keep the marketplace stable.

11. MFA and passkey data

If multi-factor authentication, passkeys, or WebAuthn features are enabled, we may process:

  • WebAuthn credential metadata
  • authenticator identifiers
  • credential public key data
  • sign-in counter or security metadata
  • TOTP enabled status
  • encrypted TOTP secret
  • recovery code hashes

We do not store recovery codes in plain text. You are responsible for keeping your recovery codes secure.

12. Cookies and local storage

The platform uses cookies and local storage for core functionality, security, cart handling, sessions, and optional analytics.

Essential cookies

The platform may use cookies such as:

  • ygp_vid, an anonymous visitor identifier, stored for about 30 days
  • ygp_sid, an anonymous session or event-trail identifier, stored for about 7 days
  • ygp_cart_id, a cart identifier, stored for about 14 days
  • authentication/session cookies used by the login system

These cookies help the platform remember carts, link anonymous browsing events, maintain account sessions, and protect against abuse.

Analytics consent

Analytics consent may be stored in local storage under:

ygp.analytics.consent.v1

Analytics should only load after consent where the platform is configured that way.

Authentication cookies

Logged-in users may receive session cookies from the authentication system. These are necessary to keep you signed in and protect account access.

13. Analytics

The platform may use Google Analytics 4 or another configured analytics provider.

Analytics is optional and controlled by environment settings and consent where required.

Before consent, analytics should not run except where strictly necessary for site operation or legally allowed. After consent, analytics may track page views, events, and general usage behavior.

Analytics data helps us understand how the site is used, improve the marketplace, and troubleshoot user experience issues.

14. Internal event tracking

In addition to optional external analytics, the platform may store internal events such as:

  • page views
  • preview played
  • cart viewed
  • checkout started
  • checkout completed
  • download started
  • download completed
  • refund requested
  • account activity
  • producer page visits
  • playlist or follow activity
  • security events

These events may include IP address, user agent, request ID, anonymous visitor/session identifiers, account ID where logged in, and related track/order IDs.

This internal logging is used for security, fraud prevention, customer support, marketplace analytics, and platform reliability.

15. Emails and notifications

We may send transactional emails such as:

  • email verification
  • password reset
  • account claim or password setup
  • order received
  • payment confirmed
  • purchase access instructions
  • invoice or receipt information
  • download or delivery updates
  • refund or support messages
  • producer/vendor account notices
  • security notices

Transactional emails are necessary for account, order, delivery, and security functions.

Marketing emails, if used, should be handled separately and may require consent or an unsubscribe option.

16. Support and contact forms

If you contact support or submit a form, we may collect:

  • name
  • email address
  • message content
  • order number
  • account information
  • attachments
  • technical metadata such as IP address and user agent

We use this data to answer requests, investigate problems, resolve disputes, and keep records of support communication.

17. Why we process your data

We process personal data for the following reasons:

Contract

To create accounts, process orders, provide downloads, manage purchases, deliver custom services, handle producer submissions, and provide platform features.

Legal obligation

To keep tax, invoice, accounting, business, and compliance records.

Legitimate interests

To secure the platform, prevent fraud, detect abuse, maintain logs, debug issues, improve services, manage marketplace quality, and enforce platform rules.

Consent

To use optional analytics or non-essential tracking where consent is required.

Legal claims

To handle disputes, rights issues, chargebacks, refunds, fraud investigations, or legal requests.

18. Third-party processors and services

We may use third-party services to operate the platform, including:

  • Stripe or another payment processor
  • Google Analytics, if enabled and accepted
  • Cloudflare Turnstile or another captcha/security provider
  • email delivery providers
  • hosting providers
  • object storage providers
  • database and infrastructure providers
  • security, logging, or monitoring tools

These providers process data only as needed to provide their services to the platform.

We do not sell your personal data.

19. International transfers

Some service providers may process or store data outside your country or outside the European Economic Area.

Where required, transfers are handled using appropriate safeguards, such as contractual protections, adequacy decisions, or other lawful transfer mechanisms.

20. Data retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law or needed for disputes, accounting, fraud prevention, security, or legal claims.

Typical retention may include:

  • account data while the account is active
  • order, invoice, and tax records for the legally required accounting period
  • payment identifiers as long as needed for payment support, refunds, disputes, and accounting
  • internal logs for a limited period needed for security, analytics, debugging, and fraud prevention
  • verification documents only as long as needed for verification, legal compliance, payout safety, or fraud prevention
  • uploaded music and marketplace files while needed for product delivery, seller account management, or legal/contract reasons
  • support records while needed to resolve the request and maintain business records

Where possible, data may be deleted, anonymized, or restricted when it is no longer needed.

21. Your rights

Depending on your location and applicable law, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • delete data
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent where processing is based on consent
  • complain to a data protection authority

Some data cannot be deleted immediately if it must be kept for legal, accounting, fraud prevention, dispute, or security reasons.

To make a request, use the official support or privacy contact shown on the website.

22. Belgian Data Protection Authority

If the platform is operated from Belgium, you may have the right to contact the Belgian Data Protection Authority.

Belgian Data Protection Authority

https://www.dataprotectionauthority.be

You should contact us first where possible so we can try to resolve the issue.

23. Children

The platform is not intended for children.

If you believe a child has provided personal data through the platform, contact us so we can review and take appropriate action.

24. Security

We use technical and organizational measures intended to protect accounts, orders, files, and platform data.

No system is perfectly secure. You are responsible for keeping your account credentials safe and contacting support if you believe your account has been compromised.

25. Changes to this policy

We may update this Privacy Policy when the platform changes, legal requirements change, or business practices change.

The updated policy will be posted on the website. Continued use of the platform after an update means you accept the updated policy where legally permitted.

26. Contact

For privacy questions, access requests, deletion requests, correction requests, or complaints, contact us through the official support or privacy contact shown on the website.

Select a track to preview
Idle